Privacy Policy

1. General

 

a) What does this privacy policy apply to?

This privacy policy informs the user (hereinafter also referred to as "data subject") of this website about the handling of personal data. The operator and responsible party of this website is the company LeHA GmbH (hereinafter also referred to as "LeHA" or "responsible party"). This data protection declaration contains in particular the precise, transparent and easily understandable information pursuant to Art. 13 f. DSGVO. Likewise, the privacy policy informs the user about his rights as a data subject according to articles 15 to 18, 20 and 21 DSGVO.

 

Furthermore, the scope of this privacy policy also extends in principle to the processing of personal data of customers, interested parties, suppliers and other partners outside the website by the company LeHA.

 

The scope of this privacy policy of LeHA expressly does not extend to external links that are indicated on the website. In the case of these, it should be noted that the corresponding data protection provisions of the respective website operator generally apply here. For this reason, we expressly recommend that you read these in full and take note of them before using the respective website.

 

b) Which terms are particularly important?

What is personal data?

"Personal data" means any information relating to an identified or identifiable natural person (hereinafter "data subject" or "user"). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person." (Art. 4 No. 1 GDPR)

 

 What is meant by processing?

"Processing" includes any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organization, filing, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction." (Art. 4 No. 2 DSGVO)

 

c) Notice

Insofar as only the form of the male gender is mentioned in this statement or on the website, this expressly does not constitute discrimination against any other gender (w/d), but serves solely to improve readability.

 

2. Which entity is responsible for the processing?

The person responsible for the processing of personal data pursuant to Art. 4 (7) DSGVO is:

 

LeHA GmbH

Ladestraße 4

06636 Laucha

 

Users can contact us by e-mail if they have any concerns about data protection: info(at)leha-web.de Kontakt mit dem Verantwortlichen aufnehmen.

 

3. What personal data does LeHA process?

When processing personal data, LeHA always works according to the principles according to Art. 5 para. 1 DSGVO. These include the principles of transparency, purpose limitation and data minimization.

 

Access to personal data is only granted to those persons (employees) who actually need it and who are trained and obligated to handle personal data.

 

a. personal data collected automatically

As a matter of principle, the LeHA website does not automatically collect any personal data without the user's consent to the use of cookies or voluntary provision of information via the contact form.

 

Immediately at the start of use, the user is asked for consent to the use of cookies and external media. If the user does not give consent, external media and their content will not be displayed. Beyond that, the selected settings have no further effect on the usability of the website.

Further information on cookies can be found in the article 6 "Cookies".

 

Notice

The transmission of the IP address is necessary for the successful data transmission to the device used by the user. This is stored anonymously in the server log files to protect personal data.

 

In addition to the IP address, the following information is stored in a log file:

  • Date and time of the website call
  • Useful life
  • Usage path within the website
  • Referrer URL (from which page did the user come to this page)
  • Operating system used and / or browser
  • Amount of data transferred in bytes
  • Website usage errors (status codes)
  • Screen resolution used

 

All data collected in a server log file is only used for (anonymous) statistical evaluations, for improvement and to enable error-free and secure use of the website. However, LeHA reserves the right to check the server log files retrospectively as soon as there are concrete indications of illegal use of the website.

By anonymizing the IP addresses, it is not possible to assign the individual log files to a user or an individual device. For this reason, the automatically generated server log files are no longer personal data in the sense of the GDPR from the time of anonymization. Anonymization takes place after 7 days at the latest by the provider (hosting provider). To protect personal data, we can only view the IP addresses anonymously even before anonymization by the provider.

 

b. Voluntary information via the contact form

By filling out the contact form on this website, the user voluntarily enters personal data. By clicking "Submit", the user consents to the processing of his personal data for the purpose of processing his request. This involves the following information:

  • Company name
  • Name of the contact person (mandatory)
  • E-mail address (mandatory)
  • Phone number (mobile if applicable)
  • individual message with information about the respective request (mandatory)
  • Address

 

For the response to inquiries via the contact form, it is necessary to provide the name and valid e-mail address. If you do not provide us with the necessary personal data in full when you make an inquiry via the contact form, this may result in us not processing your inquiry or processing it incompletely. All data is transmitted SSL/TSL encrypted.

 

The consent given can be revoked at any time without giving reasons. We process the data only as long as this is necessary for the purpose of your request. If there is a legal obligation to retain data, we restrict the processing.

 

c) Direct marketing measures

The address voluntarily provided by users on the website may be used by LeHA within the meaning of Art. 6 Para. 1 lit. f DSGVO to advertise current services, promotions and our website by mail. Insofar as this concerns existing customers or interested parties in the narrower sense, LeHA may also do this within the meaning of Art. 6 Para. 1 lit. f and, taking into account § 7 Para. 3 UWG, by e-mail. For telephone advertising, presumed consent (within the meaning of § 7 para 2 UWG) is sufficient for companies (B2B) according to current case law, unless this conflicts with overriding interests pursuant to Art. 6 para 1 lit. f DSGVO.  Of course, you have the right at any time to object to the sending of advertising or other contact for advertising purposes without giving reasons with effect for the future.

 

d) Shop - linking to other websites / online stores

LeHA links on its pages to online stores / websites of other companies to give customers and interested parties the opportunity to buy LeHA products online. Here LeHa points out that the respective operator is responsible for the data protection of linked pages / online stores and their privacy policy applies accordingly.

4. customer data protection - personal data of customers and interested parties

In particular, LeHA processes the following personal customer data (processing outside this website):

  • Company name
  • Name der Ansprechpartner
  • Contact details (address, e-mail address, telephone number (mobile if applicable), fax if applicable)
  • Details of concerns / requests
  • Order related data
  • Invoice and, if applicable, financial data
  • Data within the scope of commissioned processing (here, a separate agreement on commissioned processing (AVV) is concluded in accordance with Art. 28 DSGVO).
  • Consents for advertising purposes (as well as revocations)
  • further personal data, which are necessary in the context of pre-contractual measures and / or for the execution of the contract

 

In the case of interested parties, LeHA processes in particular the name of the company, name of the contact person, contact data and data on concerns / inquiries.

 

The legal bases mentioned below in Art. 5 also apply, as far as applicable, to the processing of personal data of customers, interested parties and suppliers.  The processing is carried out in particular pursuant to Art. 6 para. 1 lit b, f DSGVO.

 

5. Lawfulness of processing

Any personal data provided through this website will be processed by LeHA for the following purposes:

  • to answer inquiries (according to Art. 6 para. 1 lit. b DSGVO)
  • for communication with the user (according to Art. 6 para. 1 lit. a, b as well as f DSGVO)
  • the purpose of the contractual or pre-contractual provision of services (pursuant to Art. 6 para. 1 lit. b DSGVO)
  • for the provision of information and / or services intended for the user (according to Art. 6 para. 1 lit. f DSGVO)
  • Examination of complaints or other indications by users (pursuant to Art. 6 para. 1 lit. f DSGVO)
  • for the improved operation and the corresponding management of the website (pursuant to Art. 6 para. 1 lit. f DSGVO)
  • for the detection and prevention of fraud and criminal offences and/or for ensuring the necessary network and data security, insofar as these interests are in each case consistent with the applicable law and with the rights and freedom of the user (pursuant to Section 24 (1) BDSG and Art. 6 (1) lit. f DSGVO)
  • insofar as the controller is obliged to do so for legal reasons (pursuant to Art. 6 Para. 1 lit. c DSGVO)

 

If the data subject does not provide us with the required personal data in full before, during or after processing the order, this may mean that the order/inquiry cannot be processed or can only be processed incompletely. This also applies in the case of a restriction of data, in which the respective data is blocked for further use. However, this does not affect the visit to the website.

 

6. cookies / external media

On our website we use cookies and external media. All cookies (exception: technically necessary cookies) and possibly other tracking technologies are only set / used and exclusively if the user has agreed to this by opt-in.  The consent is voluntary and can be revoked at any time.

 

Cookies are small text files that are temporarily stored on the user's hard drive. Each time our website is accessed again, the browser accesses the relevant cookies and sends the data contained to the website server.

A distinction must be made here between technically necessary cookies and those that are not necessary for the operation of the website (cookies for personalization, marketing and analysis purposes). For example, the cookie to store the consent of the cookie notice is technically necessary.

 

External media are softwares provided by third parties and integrated into the website by the responsible party for optimal display and usability. Examples are social media buttons. In particular, third-party cookies that process personal data are used to display external media. Therefore, the voluntary consent of the user, which can be revoked at any time, is required for the display of external media.

 

Other Tracking & Analytics Technologies: If other tracking and analysis technologies are used on this website after consent has been given, we will inform you accordingly in this privacy policy. Of course, consent to the use of other tracking and analysis technologies is voluntary and can be revoked at any time with effect for the future.

 

a) Which personalization cookies (third-party cookies) does this website use?

An overview and further information on the cookies and other tracking technologies set on this website can be found under the button " Change cookie settings" at the beginning of the privacy policy.

 

The third-party cookies used on this website are stored on the computer / mobile device after the first storage for the respective validity period. In the event of a subsequent update, the cookie will then be stored for the respective validity period as a maximum. The cookies actually set may vary slightly depending on the browser / end device or due to changes made by the third-party provider. Users can view an up-to-date overview of the cookies and embedded external media actually used depending on the browser at any time via the link to the cookie plugin.

 

b) How can I manage cookies within the website?

A cookie plugin is used for this purpose. With the help of this plugin, users can easily and with a few clicks individually set their preferences for cookies and external media directly when visiting the website. You can adjust the settings individually at any time using the "Change cookie settings" button at the beginning of the privacy policy

 

The following options are available to the user:

- Opt-in / opt-out of all cookies / external media

- Opt-in / opt-out of individual cookies / individual external media

 

The cookie required for this is essential and is set for a maximum of one year. By a premature deletion of cookies by your browser or on your end device, your previous settings will also be deleted. When you visit this website again, cookies (exception: technically necessary / essential cookies) are set only and exclusively if you consent to this.

 

The third-party cookies used on this website are stored on the computer / mobile device after the first storage for the respective validity period. In the event of a subsequent update (such as a renewed visit to the website), the cookie will then be stored for the respective validity period at the most.

 

c) How can cookies be managed in the browser settings?

Basically, Internet browsers offer their users the possibility to change the settings for allowing and informing about the placement of cookies themselves. Thus, users can completely reject the use of cookies. However, this setting may result in some functions of this website only being available to a limited extent or completely unavailable. However, this only applies to content and functions (external media) that can only be displayed by setting cookies (technically unnecessary cookies).

 

The links below allow users to manage their own cookie preferences in the most commonly used browsers:

Google Chrome: https://support.google.com/chrome/answer/95647?hl=de

Internet Explorer: https://support.microsoft.com/de-de/help/17442/windows-internet-explorer-delete-manage-cookies

Safari: https://support.apple.com/de-de/guide/safari/sfri11471/12.0/mac/10.14

Firefox: https://support.mozilla.org/de/kb/cookies-erlauben-und-ablehnen

 

 

7. Other plugins

a)Cookie Plugin

With the cookie plugin provided by LeHA, users can make individual cookie settings on this website at any time (for more information, see Article 6 b).

 

b) Wp Stattistics

On our website, we use the WP Statistics software for statistical and analysis purposes. To protect your personal data, we completely anonymize the IP address of the device used immediately upon visiting the website. Thus, an assignment to a specific natural person is no longer possible and it is no longer personal data in the sense of the GDPR.

Via the software, we can, among other things, evaluate the following data statistically, without assignment to an individual person:

  • Referrer URL (from which page did the user come to this page)
  • Operating system used and / or browser
  • Used browser, used search engine, country and approximate location

The software is embedded exclusively on the servers of our website in appropriately secured high-security data centers located in Germany, and there is expressly no transfer of data to third parties or to a third country.

8. data from other sources

If permitted by applicable law, LeHA may merge data provided by the user with other information that LeHA has already collected and stored about you at an earlier point in time for a lawful purpose (Art. 6 para. 1 lit a, b and f DSGVO). This may be the case, for example, if the user provides LeHA with personal data via the contact form and LeHA merges this with data from an order form or offer.

 

9. will my personal data be passed on to third parties?

Personal data is neither sold nor distributed by LeHA, nor is it made available to third parties for a fee or used commercially in any other way. The only exception to this is if we are required to do so by law or official regulations, or if the person concerned has given their consent.

 

Personenbezogene Daten werden von LeHA weder verkauft noch vertrieben, noch Dritten gegen Entgelt zur Verfügung gestellt oder in sonstiger Weise kommerziell genutzt. Ausgenommen hiervon sind lediglich Fälle, in denen wir aufgrund gesetzlicher oder behördlicher Vorschriften dazu verpflichtet sind oder die betroffene Person ihr Einverständnis gegeben hat.

 

Thus, LeHA will only pass on personal data to third parties in the following cases:

  1. Insofar as the data subject has given his/her consent to this in accordance with Art. 6 Para. 1 lit. a and Art. 7 DSGVO.
  2. The transfer is necessary for the fulfillment of contractual or pre-contractual measures according to Art. 6 para. 1 lit. b DSGVO.
  3. There is a legal obligation to do so pursuant to Art. 6 (1) c DSGVO.
  4. Insofar as this is necessary in accordance with Art. 6 Para. 1 lit. f DSGVO for the assertion, exercise or defense of legal claims and no overriding interest worthy of protection is opposed to this.

 

10. Social Media

This site uses social media plugins (these use cookies and possibly further tracking technologies, see article 6) from the following social media platforms:

  • Facebook
  • Instagram

 

For pure HTML links to social media pages of LeHA (without tracking), consent is generally not required.

Insofar as these buttons, in particular share or like buttons, collect personal data by means of cookies or other tracking technologies, data processing takes place exclusively after consent has been granted. Consent can be given actively, in particular by opt-in at the beginning of the use of the site or by means of the so-called 2-click procedure later.

 

The cookies link the page usage with an existing social media profile. If there is no profile with a platform, the data can be assigned to the IP address of the device used, depending on the network operator. By clicking "Decline" immediately at the beginning of the website visit, no cookies are set and no social media buttons are displayed. These will only be displayed and personal data transferred if the user actively consents to this. Under the button "Change cookie settings" indicated at the beginning of this privacy policy, the previous settings can be viewed and individually adjusted at any time. Alternatively, cookies can also be adjusted in the browser settings.

 

For the social media sites operated by the LeHA company, there is joint responsibility together with the respective network operator. This means that both LeHA and the network operator are responsible for the protection of personal data. As far as this is within the sphere of influence and responsibility, LeHA consistently implements data protection in the sense of this privacy policy. However, the responsible party (according to this data protection declaration) has only limited influence on the concrete design and compliance with data protection by the respective network operator.

 

 

11. Where will my personal data be processed (processing area)?

In principle, all personal data collected and transmitted by LeHA via this website is processed exclusively within the European Union. However, individual cookies, external media or plugins may send personal data to servers outside the European Union (third countries). A transfer will only take place if you have consented to the use or if we explicitly state a different legal basis in this privacy policy in certain cases. The basis for the transfer of data to third countries is either an adequacy decision of the EU Commission pursuant to Art. 45 (3) DSGVO, standard data protection clauses and on the basis of Art. 49 (1) lit. b DSGVO. These bases ensure an adequate protection of your personal data in terms of the DSGVO.

 

You can change the settings for the use of cookies and external media yourself at any time, particularly within the website, using the "Change cookie settings" button at the beginning of this privacy policy. For more information on cookies and external media, please refer to Article 6 of this Privacy Policy.

 

All personal data of customers, interested parties as well as applicants are processed by LeHA exclusively within the European Union, unless otherwise stated.

 

12. Storage period / deletion of personal data

As a matter of principle, LeHA will store your personal data within the meaning of Art. 17 Para. 1 lit. a or process it in any other way only for as long as is necessary for the purposes for which personal data was collected. Subsequently, LeHA will delete the data of the data subjects immediately. However, in certain cases, LeHA may be required by law to store certain data for a longer period of time.

 

The cookies used by the controller will be deleted from the hard drive or their device/storage location no later than the expiration of the validity period specified in Art. 6 lit. a of this privacy policy (cookies) after storage on the device memory or, in the case of an update, no later than the expiration of the specified validity period after an update.

 

13. how secure is my data? - Data security

LeHA's website is hosted exclusively on servers located in appropriately secured high-security data centers within the EU. In addition, LeHA takes appropriate technical and organizational measures to protect your personal data from any unauthorized access.

 

SSL encrypted data transmission

During the transmission of data via the server(s) of the website, all data is encrypted using HTTP/2 transmission protocol SSL/TSL. Thus, in particular, all data transmitted via the contact form or application form is SSL/TSL encrypted. In addition, we regularly review our security policies and procedures to ensure the security of our systems and thus of personal data at the highest level.

Despite all security measures taken to protect personal data, no one hundred percent security of the data transmitted via our website can be guaranteed during data transmission over the Internet. If we become aware in any way that personal data via our website may have been lost or stolen, we will immediately inform those concerned in accordance with Art. 34 DSGVO.

 

14. Rights of data subjects

For LeHA, the rights of data subjects (especially users, interested parties, customers and suppliers) to their personal data are extremely important.

 

In particular, you have the following rights vis-à-vis LeHA:

  1. Right of access to processed personal data pursuant to Art. 15 GDPR:

Data subjects have a right to a copy of the data processed (if actually processed) and further information about its use. This is to enable users to determine whether LeHA processes its own personal data and whether this processing is carried out in accordance with applicable data protection law. The controller may refuse to release information in certain cases. This is justified in particular if the rights and freedoms of other persons are thereby impaired or the provision of information would involve a disproportionate effort.

  1. Right to rectification of personal data stored about the data subject pursuant to Art. 16 DSGVO:

You may request that LeHA take reasonable steps to correct your personal information. Examples are a name change, a new address or a new e-mail address.

  1. Right to erasure ("right to be forgotten") Art. 17 Abs. 1 DSGVO):

As a data subject, you generally have the right to demand the deletion of your personal data. This right exists in particular if the data is no longer necessary for the purpose for which it was collected by LeHA or if the processing is unlawful. However, the right to erasure of personal data does not exist or exists only to a limited extent for the duration of statutory retention periods and in particular for the defense and enforcement of legal claims.

  1. Right to restriction of processing Art 18 DSGVO:

Betroffene haben das Recht die weitere Verarbeitung ihrer personenbezogenen Daten einzuschränken. Dies bedeutet, dass die Daten lediglich gespeichert werden dürfen und eine weitere Verarbeitung grundsätzlich ausgeschlossen ist. Sie können die Einschränkung Ihrer Daten verlangen, wenn wir einen Antrag auf Berichtigung Ihrer Daten prüfen oder als abgeschwächte Alternative zur Löschung.

  1. Right to data portability gemäß Art. 20 DSGVO

Im Rahmen des Art. 20 DSGVO sind Sie berechtigt, Ihre Daten in einem entsprechenden maschinenlesbaren Format von LeHA zu erhalten oder die Übertragung an einen Dritten zu verlangen.

  1. Right of objection Art. 21 DSGVO

Data subjects have the right to object to the processing of personal data pursuant to Art. 6 para. 1 lit. e or f DSGVO. This objection results from your particular situation and is possible at any time. In this case, LeHA may further process your personal data only if it can demonstrate compelling legitimate interests for the processing and these interests are not overridden by your interests, rights and freedoms, or if it requires the data for the assertion, exercise or defense of legal claims.

  1. Revocation of consents

Data subjects have the right to revoke any consent they have given (such as sending advertising information) at any time.

 

For questions and other concerns related to LeHA's privacy practices, please contact us at the e-mail address info(at)leha-web.de  .

 

15. complaint to the supervisory authority

Data subjects have the right to complain to the competent data protection supervisory authority about violations of the law in the processing of personal data by the controller.

 

16. Other

LeHA reserves the right to change this privacy policy as necessary. The updated Privacy Policy will be published on this website in its current version. Subject to applicable law, any changes will become effective as soon as the updated Privacy Policy is posted on LeHA's website.

 

 

Stand: 07.10.2022

 

 

 

Erstellt von Pabst Data