EU Regulation 2016/679

GDPR Compliance

Kennerkreis is fully compliant with the General Data Protection Regulation. We were built in the EU, for the EU — and data protection is a foundational principle, not an afterthought.

Our GDPR principles

We process personal data in line with the seven core GDPR principles, and we can demonstrate this in writing at any time.

Lawful, fair, transparent

We only process data with a clear legal basis and we tell you exactly what we do.

Purpose limitation

We collect data for specific purposes and do not reuse it for anything unrelated.

Data minimisation

We collect only what is needed to verify advisors and operate the platform.

Accuracy

Profiles are kept current. Advisors can edit their own data at any time.

Storage limitation

Data is retained only as long as required, then securely deleted.

Integrity & confidentiality

All data is encrypted at rest and in transit. Access is logged and audited.

EU data residency

100% of personal data processed by Kennerkreis is stored and processed within the European Union. Our infrastructure is hosted on German servers. No data is transferred to third countries, including the United States.

Your rights

As a data subject, you have the full set of rights granted by Article 12–22 of the GDPR:

Right of access — ask for a copy of all data we hold about you
Right to rectification — correct anything that is inaccurate
Right to erasure — "right to be forgotten", full deletion within 30 days
Right to restriction — pause processing of your data
Right to portability — receive your data in a machine-readable format (JSON or CSV)
Right to object — to processing based on legitimate interests
Right to lodge a complaint — with your local supervisory authority
Right not to be subject to automated decision-making — every profile is reviewed by a human

Data Protection Officer

For a company of our size, a formal Data Protection Officer is not legally mandated. However, Dimitrij Jurčenko serves as the primary contact for all privacy matters and is personally accountable for GDPR compliance at Kennerkreis. All requests are handled personally.

Data breaches

In the unlikely event of a personal data breach that poses risk to you, we commit to:

Notify the relevant supervisory authority within 72 hours
Notify you directly without undue delay if your data is affected
Publish a clear description of what happened, what data was involved, and what we are doing about it
Provide support and mitigation steps

Third parties and subprocessors

We use a minimal set of subprocessors, all contracted under GDPR-compliant Data Processing Agreements:

Stripe (Dublin, Ireland) — payment processing
Hetzner Online GmbH (Germany) — hosting infrastructure
Cloudflare (EU region only) — DNS and content delivery
LinkedIn — only for OAuth authentication, with user consent
Email delivery provider (EU-based) — transactional email only

We do not use advertising networks, tracking platforms, or marketing automation tools.

How to exercise your rights

Email us at dimitrij.jurcenko@deaconltd.com stating which right you wish to exercise. We verify your identity (to protect your data from unauthorised requests) and respond within 30 days at no cost.

Have a specific GDPR question or request?

Email Kennerkreis →