b) Which terms are particularly important?
What is personal data?
"Personal data" means any information relating to an identified or identifiable natural person (hereinafter "data subject" or "user"). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person." (Art. 4 No. 1 GDPR)
What is meant by processing?
"Processing" includes any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organization, filing, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction." (Art. 4 No. 2 DSGVO)
Insofar as only the form of the male gender is mentioned in this statement or on the website, this expressly does not constitute discrimination against any other gender (w/d), but serves solely to improve readability.
2. Which entity is responsible for the processing?
The person responsible for the processing of personal data pursuant to Art. 4 (7) DSGVO is:
Users can contact us by e-mail if they have any concerns about data protection: info(at)leha-web.de Kontakt mit dem Verantwortlichen aufnehmen.
3. What personal data does LeHA process?
When processing personal data, LeHA always works according to the principles according to Art. 5 para. 1 DSGVO. These include the principles of transparency, purpose limitation and data minimization.
Access to personal data is only granted to those persons (employees) who actually need it and who are trained and obligated to handle personal data.
a. personal data collected automatically
Further information on cookies can be found in the article 6 "Cookies".
The transmission of the IP address is necessary for the successful data transmission to the device used by the user. This is stored anonymously in the server log files to protect personal data.
In addition to the IP address, the following information is stored in a log file:
- Date and time of the website call
- Useful life
- Usage path within the website
- Referrer URL (from which page did the user come to this page)
- Operating system used and / or browser
- Amount of data transferred in bytes
- Website usage errors (status codes)
- Screen resolution used
All data collected in a server log file is only used for (anonymous) statistical evaluations, for improvement and to enable error-free and secure use of the website. However, LeHA reserves the right to check the server log files retrospectively as soon as there are concrete indications of illegal use of the website.
By anonymizing the IP addresses, it is not possible to assign the individual log files to a user or an individual device. For this reason, the automatically generated server log files are no longer personal data in the sense of the GDPR from the time of anonymization. Anonymization takes place after 7 days at the latest by the provider (hosting provider). To protect personal data, we can only view the IP addresses anonymously even before anonymization by the provider.
b. Voluntary information via the contact form
By filling out the contact form on this website, the user voluntarily enters personal data. By clicking "Submit", the user consents to the processing of his personal data for the purpose of processing his request. This involves the following information:
- Company name
- Name of the contact person (mandatory)
- E-mail address (mandatory)
- Phone number (mobile if applicable)
- individual message with information about the respective request (mandatory)
For the response to inquiries via the contact form, it is necessary to provide the name and valid e-mail address. If you do not provide us with the necessary personal data in full when you make an inquiry via the contact form, this may result in us not processing your inquiry or processing it incompletely. All data is transmitted SSL/TSL encrypted.
The consent given can be revoked at any time without giving reasons. We process the data only as long as this is necessary for the purpose of your request. If there is a legal obligation to retain data, we restrict the processing.
c) Direct marketing measures
The address voluntarily provided by users on the website may be used by LeHA within the meaning of Art. 6 Para. 1 lit. f DSGVO to advertise current services, promotions and our website by mail. Insofar as this concerns existing customers or interested parties in the narrower sense, LeHA may also do this within the meaning of Art. 6 Para. 1 lit. f and, taking into account § 7 Para. 3 UWG, by e-mail. For telephone advertising, presumed consent (within the meaning of § 7 para 2 UWG) is sufficient for companies (B2B) according to current case law, unless this conflicts with overriding interests pursuant to Art. 6 para 1 lit. f DSGVO. Of course, you have the right at any time to object to the sending of advertising or other contact for advertising purposes without giving reasons with effect for the future.
d) Shop - linking to other websites / online stores
4. customer data protection - personal data of customers and interested parties
In particular, LeHA processes the following personal customer data (processing outside this website):
- Company name
- Name der Ansprechpartner
- Contact details (address, e-mail address, telephone number (mobile if applicable), fax if applicable)
- Details of concerns / requests
- Order related data
- Invoice and, if applicable, financial data
- Data within the scope of commissioned processing (here, a separate agreement on commissioned processing (AVV) is concluded in accordance with Art. 28 DSGVO).
- Consents for advertising purposes (as well as revocations)
- further personal data, which are necessary in the context of pre-contractual measures and / or for the execution of the contract
In the case of interested parties, LeHA processes in particular the name of the company, name of the contact person, contact data and data on concerns / inquiries.
The legal bases mentioned below in Art. 5 also apply, as far as applicable, to the processing of personal data of customers, interested parties and suppliers. The processing is carried out in particular pursuant to Art. 6 para. 1 lit b, f DSGVO.
5. Lawfulness of processing
Any personal data provided through this website will be processed by LeHA for the following purposes:
- to answer inquiries (according to Art. 6 para. 1 lit. b DSGVO)
- for communication with the user (according to Art. 6 para. 1 lit. a, b as well as f DSGVO)
- the purpose of the contractual or pre-contractual provision of services (pursuant to Art. 6 para. 1 lit. b DSGVO)
- for the provision of information and / or services intended for the user (according to Art. 6 para. 1 lit. f DSGVO)
- Examination of complaints or other indications by users (pursuant to Art. 6 para. 1 lit. f DSGVO)
- for the improved operation and the corresponding management of the website (pursuant to Art. 6 para. 1 lit. f DSGVO)
- for the detection and prevention of fraud and criminal offences and/or for ensuring the necessary network and data security, insofar as these interests are in each case consistent with the applicable law and with the rights and freedom of the user (pursuant to Section 24 (1) BDSG and Art. 6 (1) lit. f DSGVO)
- insofar as the controller is obliged to do so for legal reasons (pursuant to Art. 6 Para. 1 lit. c DSGVO)
If the data subject does not provide us with the required personal data in full before, during or after processing the order, this may mean that the order/inquiry cannot be processed or can only be processed incompletely. This also applies in the case of a restriction of data, in which the respective data is blocked for further use. However, this does not affect the visit to the website.
6. cookies / external media
Cookies are small text files that are temporarily stored on the user's hard drive. Each time our website is accessed again, the browser accesses the relevant cookies and sends the data contained to the website server.
A distinction must be made here between technically necessary cookies and those that are not necessary for the operation of the website (cookies for personalization, marketing and analysis purposes). For example, the cookie to store the consent of the cookie notice is technically necessary.
External media are softwares provided by third parties and integrated into the website by the responsible party for optimal display and usability. Examples are social media buttons. In particular, third-party cookies that process personal data are used to display external media. Therefore, the voluntary consent of the user, which can be revoked at any time, is required for the display of external media.
a) Which personalization cookies (third-party cookies) does this website use?
The third-party cookies used on this website are stored on the computer / mobile device after the first storage for the respective validity period. In the event of a subsequent update, the cookie will then be stored for the respective validity period as a maximum. The cookies actually set may vary slightly depending on the browser / end device or due to changes made by the third-party provider. Users can view an up-to-date overview of the cookies and embedded external media actually used depending on the browser at any time via the link to the cookie plugin.
b) How can I manage cookies within the website?
The following options are available to the user:
- Opt-in / opt-out of all cookies / external media
- Opt-in / opt-out of individual cookies / individual external media
The cookie required for this is essential and is set for a maximum of one year. By a premature deletion of cookies by your browser or on your end device, your previous settings will also be deleted. When you visit this website again, cookies (exception: technically necessary / essential cookies) are set only and exclusively if you consent to this.
The third-party cookies used on this website are stored on the computer / mobile device after the first storage for the respective validity period. In the event of a subsequent update (such as a renewed visit to the website), the cookie will then be stored for the respective validity period at the most.
c) How can cookies be managed in the browser settings?
The links below allow users to manage their own cookie preferences in the most commonly used browsers:
Google Chrome: https://support.google.com/chrome/answer/95647?hl=de
7. Other plugins
With the cookie plugin provided by LeHA, users can make individual cookie settings on this website at any time (for more information, see Article 6 b).
b) Wp Stattistics
On our website, we use the WP Statistics software for statistical and analysis purposes. To protect your personal data, we completely anonymize the IP address of the device used immediately upon visiting the website. Thus, an assignment to a specific natural person is no longer possible and it is no longer personal data in the sense of the GDPR.
Via the software, we can, among other things, evaluate the following data statistically, without assignment to an individual person:
- Referrer URL (from which page did the user come to this page)
- Operating system used and / or browser
- Used browser, used search engine, country and approximate location
The software is embedded exclusively on the servers of our website in appropriately secured high-security data centers located in Germany, and there is expressly no transfer of data to third parties or to a third country.
8. data from other sources
If permitted by applicable law, LeHA may merge data provided by the user with other information that LeHA has already collected and stored about you at an earlier point in time for a lawful purpose (Art. 6 para. 1 lit a, b and f DSGVO). This may be the case, for example, if the user provides LeHA with personal data via the contact form and LeHA merges this with data from an order form or offer.
9. will my personal data be passed on to third parties?
Personal data is neither sold nor distributed by LeHA, nor is it made available to third parties for a fee or used commercially in any other way. The only exception to this is if we are required to do so by law or official regulations, or if the person concerned has given their consent.
Personenbezogene Daten werden von LeHA weder verkauft noch vertrieben, noch Dritten gegen Entgelt zur Verfügung gestellt oder in sonstiger Weise kommerziell genutzt. Ausgenommen hiervon sind lediglich Fälle, in denen wir aufgrund gesetzlicher oder behördlicher Vorschriften dazu verpflichtet sind oder die betroffene Person ihr Einverständnis gegeben hat.
Thus, LeHA will only pass on personal data to third parties in the following cases:
- Insofar as the data subject has given his/her consent to this in accordance with Art. 6 Para. 1 lit. a and Art. 7 DSGVO.
- The transfer is necessary for the fulfillment of contractual or pre-contractual measures according to Art. 6 para. 1 lit. b DSGVO.
- There is a legal obligation to do so pursuant to Art. 6 (1) c DSGVO.
- Insofar as this is necessary in accordance with Art. 6 Para. 1 lit. f DSGVO for the assertion, exercise or defense of legal claims and no overriding interest worthy of protection is opposed to this.
10. Social Media
For pure HTML links to social media pages of LeHA (without tracking), consent is generally not required.
Insofar as these buttons, in particular share or like buttons, collect personal data by means of cookies or other tracking technologies, data processing takes place exclusively after consent has been granted. Consent can be given actively, in particular by opt-in at the beginning of the use of the site or by means of the so-called 2-click procedure later.
11. Where will my personal data be processed (processing area)?
All personal data of customers, interested parties as well as applicants are processed by LeHA exclusively within the European Union, unless otherwise stated.
12. Storage period / deletion of personal data
As a matter of principle, LeHA will store your personal data within the meaning of Art. 17 Para. 1 lit. a or process it in any other way only for as long as is necessary for the purposes for which personal data was collected. Subsequently, LeHA will delete the data of the data subjects immediately. However, in certain cases, LeHA may be required by law to store certain data for a longer period of time.
13. how secure is my data? - Data security
LeHA's website is hosted exclusively on servers located in appropriately secured high-security data centers within the EU. In addition, LeHA takes appropriate technical and organizational measures to protect your personal data from any unauthorized access.
SSL encrypted data transmission
During the transmission of data via the server(s) of the website, all data is encrypted using HTTP/2 transmission protocol SSL/TSL. Thus, in particular, all data transmitted via the contact form or application form is SSL/TSL encrypted. In addition, we regularly review our security policies and procedures to ensure the security of our systems and thus of personal data at the highest level.
Despite all security measures taken to protect personal data, no one hundred percent security of the data transmitted via our website can be guaranteed during data transmission over the Internet. If we become aware in any way that personal data via our website may have been lost or stolen, we will immediately inform those concerned in accordance with Art. 34 DSGVO.
14. Rights of data subjects
For LeHA, the rights of data subjects (especially users, interested parties, customers and suppliers) to their personal data are extremely important.
In particular, you have the following rights vis-à-vis LeHA:
- Right of access to processed personal data pursuant to Art. 15 GDPR:
Data subjects have a right to a copy of the data processed (if actually processed) and further information about its use. This is to enable users to determine whether LeHA processes its own personal data and whether this processing is carried out in accordance with applicable data protection law. The controller may refuse to release information in certain cases. This is justified in particular if the rights and freedoms of other persons are thereby impaired or the provision of information would involve a disproportionate effort.
- Right to rectification of personal data stored about the data subject pursuant to Art. 16 DSGVO:
You may request that LeHA take reasonable steps to correct your personal information. Examples are a name change, a new address or a new e-mail address.
- Right to erasure ("right to be forgotten") Art. 17 Abs. 1 DSGVO):
As a data subject, you generally have the right to demand the deletion of your personal data. This right exists in particular if the data is no longer necessary for the purpose for which it was collected by LeHA or if the processing is unlawful. However, the right to erasure of personal data does not exist or exists only to a limited extent for the duration of statutory retention periods and in particular for the defense and enforcement of legal claims.
- Right to restriction of processing Art 18 DSGVO:
Betroffene haben das Recht die weitere Verarbeitung ihrer personenbezogenen Daten einzuschränken. Dies bedeutet, dass die Daten lediglich gespeichert werden dürfen und eine weitere Verarbeitung grundsätzlich ausgeschlossen ist. Sie können die Einschränkung Ihrer Daten verlangen, wenn wir einen Antrag auf Berichtigung Ihrer Daten prüfen oder als abgeschwächte Alternative zur Löschung.
- Right to data portability gemäß Art. 20 DSGVO
Im Rahmen des Art. 20 DSGVO sind Sie berechtigt, Ihre Daten in einem entsprechenden maschinenlesbaren Format von LeHA zu erhalten oder die Übertragung an einen Dritten zu verlangen.
- Right of objection Art. 21 DSGVO
Data subjects have the right to object to the processing of personal data pursuant to Art. 6 para. 1 lit. e or f DSGVO. This objection results from your particular situation and is possible at any time. In this case, LeHA may further process your personal data only if it can demonstrate compelling legitimate interests for the processing and these interests are not overridden by your interests, rights and freedoms, or if it requires the data for the assertion, exercise or defense of legal claims.
- Revocation of consents
Data subjects have the right to revoke any consent they have given (such as sending advertising information) at any time.
For questions and other concerns related to LeHA's privacy practices, please contact us at the e-mail address info(at)leha-web.de .
15. complaint to the supervisory authority
Data subjects have the right to complain to the competent data protection supervisory authority about violations of the law in the processing of personal data by the controller.
Erstellt von Pabst Data