Skip to content

Privacy Policy

1. Privacy at a glance

The following information provides a simple overview of what happens to your personal data when you visit this website. Personal data is any data that can be used to personally identify you. Detailed information on the subject of data protection can be found in our privacy policy listed below.

2. Responsible party

The party responsible for data processing on this website is:

JOKKEN GbR c/o Norbert Rosenwinkel Heinrich-Böll-Weg 21 30629 Hannover Germany

Email: info@jokken.ai Phone: +49 157 5829 7969

Authorized partners: Frank Haasper, Norbert Heinz Rosenwinkel

The responsible party is the natural or legal person who alone or jointly with others decides on the purposes and means of processing personal data.

3. Data protection officer

We have not appointed a data protection officer for our company, as the statutory requirements for doing so are not met (Art. 37 GDPR in conjunction with § 38 BDSG). For data protection inquiries, please contact the controller named in section 2.

4. Storage duration

Unless a more specific storage period has been specified within this privacy policy, your personal data will remain with us until the purpose for data processing no longer applies. If you assert a legitimate request for deletion or revoke your consent to data processing, your data will be deleted unless we have other legally permissible reasons for storing your personal data (e.g., tax or commercial law retention periods); in the latter case, the data will be deleted after these reasons no longer apply.

5. General information on legal bases

If you have consented to data processing, we process your personal data on the basis of Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR, if special categories of data are processed. In the case of explicit consent to the transfer of personal data to third countries, data processing is also carried out on the basis of Art. 49 para. 1 lit. a GDPR. If processing is necessary for the performance of a contract or pre-contractual measures, we process your data on the basis of Art. 6 para. 1 lit. b GDPR. Furthermore, we process your data if it is necessary for the fulfillment of a legal obligation on the basis of Art. 6 para. 1 lit. c GDPR. Data processing may also be carried out on the basis of our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR.

6. Recipients of data

In the course of our business activities, we work with various external parties. In some cases, the transmission of personal data to these external parties is necessary. We only pass on personal data to external parties if this is required as part of contract fulfillment, if we are legally obligated to do so, or if we have a legitimate interest in passing on the data. Where we use data processors, we only pass on personal data of our customers on the basis of a valid data processing agreement.

7. Your rights as a data subject

You have the following rights with regard to your personal data:

Right of access (Art. 15 GDPR): You have the right to obtain information about your personal data processed by us.

Right to rectification (Art. 16 GDPR): You have the right to request the correction of inaccurate or completion of your personal data stored by us.

Right to erasure (Art. 17 GDPR): You have the right to request the deletion of your personal data stored by us, unless processing is necessary for exercising the right of freedom of expression, for compliance with a legal obligation, for reasons of public interest, or for the establishment, exercise, or defense of legal claims.

Right to restriction of processing (Art. 18 GDPR): You have the right to request the restriction of processing of your personal data.

Right to data portability (Art. 20 GDPR): You have the right to receive your personal data in a structured, commonly used, and machine-readable format or to request its transfer to another controller.

Right to object (Art. 21 GDPR): You have the right to object at any time to the processing of your personal data on grounds relating to your particular situation, where processing is based on Art. 6 para. 1 lit. e or f GDPR.

Right to withdraw consent (Art. 7 para. 3 GDPR): You have the right to withdraw consent given to us at any time. The lawfulness of processing carried out on the basis of consent before its withdrawal is not affected.

8. Right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority if you believe that the processing of your personal data infringes the GDPR.

The competent supervisory authority for us is:

Die Landesbeauftragte für den Datenschutz Niedersachsen Prinzenstraße 5 30159 Hannover Phone: +49 511 120-4500 Email: poststelle@lfd.niedersachsen.de

9. Provision of data and automated decision-making

Provision of data: The provision of your personal data is neither legally nor contractually required. You are not obliged to provide us with your data. However, failure to provide the required data may mean that we cannot process your request or conclude a contract with you.

Automated decision-making: We do not use automated decision-making within the meaning of Art. 22 GDPR — that is, decisions based solely on automated processing, including profiling, that produce legal effects concerning you or similarly significantly affect you.

10. SSL/TLS encryption

This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as inquiries you send to us as the site operator. You can recognize an encrypted connection by the fact that the address line of the browser changes from 'http://' to 'https://' and by the lock symbol in your browser line.

11. Server log files

The hosting provider of these pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:

- Browser type and browser version - Operating system used - Referrer URL - Hostname of the accessing computer - Time of the server request - IP address

This data is not merged with other data sources. The collection of this data is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the technically error-free presentation and optimization of their website. Server log files are deleted after no more than 7 days.

12. Contact form

If you send us inquiries via the contact form, your details from the inquiry form, including the contact details you provide there, will be stored by us for the purpose of processing your inquiry and in case of follow-up questions. We do not pass on this data without your consent.

Processing of this data is based on Art. 6 para. 1 lit. b GDPR if your inquiry is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of inquiries addressed to us (Art. 6 para. 1 lit. f GDPR).

The data you enter in the contact form will remain with us until you request its deletion, revoke your consent to storage, or the purpose for data storage no longer applies. Mandatory statutory provisions, in particular retention periods, remain unaffected.

13. Inquiries by email or phone

If you contact us by email or phone, your inquiry including all resulting personal data (name, inquiry) will be stored and processed by us for the purpose of processing your request.

Processing of this data is based on Art. 6 para. 1 lit. b GDPR if your inquiry is related to the performance of a contract. In all other cases, the processing is based on our legitimate interest (Art. 6 para. 1 lit. f GDPR). The data will be deleted once your inquiry has been conclusively processed and no statutory retention obligations exist.

14. Newsletter

If you subscribe to our newsletter, we process the email address you provide as well as your IP address and the time of registration. This data is used exclusively to send the newsletter and to document your consent.

The newsletter is delivered via our own infrastructure; no transfer to external newsletter providers takes place.

Procedure: We use the double opt-in procedure. After you enter your email address, you receive a confirmation email containing a link to activate the subscription. Your email address is only released for newsletter dispatch after you click the confirmation link.

Legal basis: Processing is based on your consent pursuant to Art. 6 para. 1 lit. a GDPR. You can withdraw your consent at any time without affecting the lawfulness of processing carried out prior to withdrawal. To do so, please use the unsubscribe link contained in every newsletter email or contact us directly.

Storage period: Your email address is stored for as long as you are subscribed to the newsletter and is deleted after unsubscription. IP address and registration time are stored as proof of consent and are not used for any other purposes.

15. Cookies and consent technology

Our website uses only technically necessary cookies required for the operation of the site (e.g., to maintain sessions or store language preferences). These cookies are stored on the basis of Art. 6 para. 1 lit. f GDPR and § 25 para. 2 TDDDG. We have a legitimate interest in the technically error-free and optimised provision of our services.

For our web analytics tool (see section 17), we obtain your consent via a consent banner that is displayed on your first visit to our website. As long as you have not given consent, no analytics script is loaded and no analytics data is collected. You may withdraw your consent at any time with effect for the future.

16. Hosting

We host the content of our website with the following provider:

Strato AG Otto-Ostrowski-Straße 7 10249 Berlin Germany

The personal data collected on this website is stored on Strato AG servers within the European Union. This may include, in particular, IP addresses, contact requests, meta and communication data, contract data, contact details, names, website accesses, and other data generated via the website.

The use of Strato is in the interest of a secure, fast, and efficient provision of our online offer by a professional provider (Art. 6 para. 1 lit. f GDPR). A data processing agreement pursuant to Art. 28 GDPR is in place with Strato AG.

17. Web analytics with Umami

We use the web analytics tool Umami in the EU region of the hosted cloud service operated by the following provider:

Umami Software, Inc. 5 Salem Street, Apt. 1 Boston, MA 02113 USA

Umami operates without cookies and without classical collection of personal data. Only anonymised and aggregated usage data is collected:

- Pages viewed - Referrer URL - Browser type and operating system - Device type - Country of the request

IP addresses are hashed immediately upon collection and are not stored in a personally identifiable form. Identification of individual visitors is not possible; cross-site tracking does not take place.

Legal basis: Processing takes place exclusively on the basis of your consent pursuant to Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG. You give your consent via our consent banner, which is displayed on your first visit to our website. Without your consent, the analytics script is not loaded and no data is collected. You may withdraw your consent at any time with effect for the future by contacting the controller named in section 2 or by deleting the 'jokken-cookie-consent' entry from your browser's local storage.

A data processing agreement pursuant to Art. 28 GDPR is in place with Umami Software, Inc. Data processing takes place via the EU region of Umami Cloud; no transfer to third countries occurs.

18. Use of the SaaS platform

When using our AI assistant platform (SaaS), we process the following personal data:

- Registration data: Name, email address, company data - Usage data: Interactions with the AI assistant, uploaded documents and knowledge base content - Technical data: IP address, browser type, device information

Processing is carried out for contract fulfillment pursuant to Art. 6 para. 1 lit. b GDPR. Data transmitted by end users to the AI assistant is processed in accordance with the contractual agreements with the customer. Your data is not used for training AI models. Data will be deleted after the end of the contract and expiration of statutory retention periods.

19. Data processing by AI services

Purpose: To operate our AI assistants, we process your inputs (chat content, voice recordings where applicable) as well as technical connection data (e.g., session identifiers) in order to respond to your requests and provide the functionality of the assistant.

Transparency notice: When using our assistants, you interact with an AI system (Art. 50 EU AI Act). Responses are generated automatically and may differ from a human conversation.

Legal basis: Art. 6 para. 1 lit. b GDPR (performance of a contract or pre-contractual measures) and Art. 6 para. 1 lit. f GDPR (legitimate interest in providing capable AI services).

AI providers used: We use AI models from the following providers: OpenAI, Anthropic, Google, Mistral AI and Meta. The model is selected based on the specific use case.

Place of processing: Processing takes place exclusively on servers within the European Union via GDPR-compliant EU regions of the respective cloud platforms. No transfer to third countries takes place.

Data processing agreements: Data processing agreements pursuant to Art. 28 GDPR are in place with all providers used. The providers process your data exclusively on our instructions to deliver the agreed services. No personal data is used for training AI models by the providers.

Storage period: Conversation data is stored for the duration of the contractual relationship and subsequently deleted in accordance with our deletion policy, unless statutory retention obligations apply.

Your rights: With regard to the data processed here, you have all data subject rights under Art. 15–21 GDPR (see the section on your rights above).

20. Currency and changes to this privacy policy

This privacy policy is currently valid and was last updated in May 2026. Due to the further development of our website and offers or due to changed legal or official requirements, it may become necessary to amend this privacy policy.