Data Privacy
As at October 2024
1. Name and address of the controller
The controller within the meaning of the General Data Protection Regulation and other national data protection laws of the Member States as well as other data protection regulations is
LEAN BKRY GmbH
Franz-Joseph-Str. 1
D-80801 Munich
Germany
www.leanbakery.com
2. Contact details of the data protection officer
A data protection officer has NOT been appointed by the controller, as this is not required under Art. 37 para. 1 GDPR in conjunction with Art. 38 para. 1 BDSG. § Section 38 (1) BDSG-new is not required. Irrespective of this, the protection of personal data is a top priority for the controller. If you have any questions or suggestions, please contact the controller at any time.
Please contact:
LEAN BKRY GmbH
Franz-Joseph-Str. 1
D-80801 Munich
Germany
office@leanbakery.com
3. General information on data processing
I.) Scope of the processing of personal data
We only process the personal data of our users to the extent necessary to provide a functional web store and our content and services. The processing of our users' personal data only takes place regularly with the user's consent. An exception applies in cases where prior consent cannot be obtained for factual reasons and the processing of the data is required by law.
II.) Legal basis for the processing of personal data
Insofar as we obtain the consent of the data subject for the processing of personal data, Art. 6 para. 1 sentence 1 lit. a GDPR serves as the legal basis.
When processing personal data that is necessary for the performance of a contract to which the data subject is a party, Art. 6 para. 1 sentence 1 lit. b GDPR serves as the legal basis. This also applies to processing operations that are necessary to carry out pre-contractual measures.
Insofar as the processing of personal data is necessary to fulfill a legal obligation to which our company is subject, Art. 6 para. 1 sentence 1 lit. c GDPR serves as the legal basis.
In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 para. 1 sentence 1 lit. d GDPR serves as the legal basis.
If the processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the first-mentioned interest, Art. 6 para. 1 sentence 1 lit. f GDPR serves as the legal basis for the processing.
III.) Data erasure and storage duration
The personal data of the data subject will be erased or blocked as soon as the purpose of storage no longer applies. Data may also be stored if this has been provided for by the European or national legislator in EU regulations, laws or other provisions to which the controller is subject. The data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or fulfillment of a contract.
4. Rights of the data subject
If your personal data is processed, you are a data subject within the meaning of the GDPR and you have the following rights vis-à-vis the controller:
I.) The right to information (Art. 15 GDPR)
You have the right to request confirmation from us as to whether personal data concerning you is being processed.
If this is the case, you have a right to information about this data and to the following information
Processing purposes
Categories of personal data
Recipients or categories of recipients
Planned storage period or the criteria for determining this period
The existence of the rights to rectification, erasure, restriction or objection
Right to lodge a complaint with the competent supervisory authority
Where applicable, the origin of the data (if collected from a third party)
Where applicable, the existence of automated decision-making, including profiling, including profiling based on those provisions. The existence of automated decision-making, including profiling, and meaningful information about the logic involved, as well as the significance and the envisaged consequences
The transfer of personal data to a third country or international organization, if applicable
II.) Right to rectification (Art. 16 GDPR)
If your personal data is incorrect or incomplete, you have the right to request that it be corrected or completed without undue delay.
III.) Right to restriction of processing (Art. 18 GDPR)
If one of the following conditions is met, you have the right to request that the processing of your personal data be restricted:
You contest the accuracy of your personal data, for a period enabling us to verify the accuracy of the personal data.
In the case of unlawful processing, you oppose the erasure of the personal data and request the restriction of their use instead.
We no longer need your personal data for the purposes of the processing, but you require your personal data for the establishment, exercise or defense of legal claims or
after you have objected to processing, for the period necessary to verify whether our legitimate grounds override your grounds.
IV.) Right to erasure ("right to be forgotten") (Art. 17 GDPR)
If one of the following grounds applies, you have the right to request the erasure of your personal data without undue delay:
Your data is no longer necessary for the processing purposes for which it was originally collected.
You withdraw your consent and there is no other legal basis for the processing.
You object to the processing and there are no overriding legitimate grounds for the processing or you object pursuant to Art. 21 (2) GDPR.
Your personal data are being processed unlawfully.
Erasure is necessary for compliance with a legal obligation under Union or Member State law to which we are subject.
The personal data was collected in relation to information society services offered in accordance with Art. 8 para. 1 GDPR.
Please note that the above-mentioned grounds do not apply if processing is necessary:
For exercising the right of freedom of expression and information;
For compliance with a legal obligation or for the performance of a task carried out in the public interest to which we are subject.
For reasons of public interest in the area of public health.
For archiving purposes in the public interest, scientific or historical research purposes or statistical purposes.
For the establishment, exercise or defense of legal claims.
V.) Right to be informed
If you have asserted the right to rectification, erasure or restriction of processing against the controller, the controller is obliged to communicate any rectification or erasure of personal data or restriction of processing to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort. You have the right to be informed of these recipients by the controller.
VI) Right to data portability (Art. 20 GDPR)
You have the right to receive your personal data in a structured, commonly used and machine-readable format or to request transmission to another controller.
VII) Right to object to certain data processing (Art. 21 GDPR)
You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on Art. 6 para. 1 sentence 1 lit. e or f GDPR. This also applies to profiling based on these provisions. If the personal data concerning you are processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing.
VIII.) Right to revoke the declaration of consent under data protection law
You have the right to revoke your declaration of consent under data protection law at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
IX.) Automated individual decision-making, including profiling
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision is necessary for entering into, or performance of, a contract between you and the controller, is authorized by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests, or is based on your explicit consent.
However, these decisions may not be based on special categories of personal data pursuant to Art. 9 para. 1 GDPR, unless Art. 9 para. 2 lit. a or b GDPR applies and appropriate measures have been taken to protect the rights and freedoms as well as your legitimate interests. With regard to the cases referred to in a. and c., the data controller shall implement suitable measures to safeguard your rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express your point of view and to contest the decision.
X.) Right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority if you consider that the processing of personal data relating to you infringes the GDPR. The supervisory authority with which the complaint has been lodged shall inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy pursuant to Art. 78 GDPR. A list of the locally responsible supervisory authorities in Germany can be found on the website of the Federal Commissioner for Data Protection at the following link: https://www.bfdi.bund.de/DE/Service/Anschriften/Laender/Laender-node.html
5. Provision of the website and creation of log files
I.) Description and scope of data processing
Each time our website is accessed, our system automatically collects data and information from the computer system of the accessing computer.
The following data is collected:
Information about the browser type and version used
The user's operating system
The user's internet service provider
The user's IP address
The date and time of access
Websites from which the user's system accesses our website
Websites that are accessed by the user's system via our website
This data is stored in our system's log files. This data is not stored together with other personal data of the user.
II.) Purpose of data processing
The temporary storage of the IP address by the system is necessary to enable the website to be delivered to the user's computer. For this purpose, the user's IP address must remain stored for the duration of the session.
The data is stored in log files to ensure the functionality of the website. We also use the data to optimize the website and to ensure the security of our information technology systems. The data is not analyzed for marketing purposes in this context.
These purposes also constitute our legitimate interest in data processing in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR.
III.) Legal basis for data processing
The legal basis for the temporary storage of data and log files is Art. 6 para. 1 sentence 1 lit. f GDPR.
IV.) Duration of storage
The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended.
If the data is stored in log files, this is the case after seven days at the latest. Storage beyond this period is possible. In this case, the IP addresses of the users are deleted or anonymized so that it is no longer possible to identify the accessing client.
V.) Possibility of objection
The collection of data for the provision of the website and the storage of data in log files is absolutely necessary for the operation of the website. The user can object to this. Whether the objection is successful must be determined in the context of a balancing of interests.
6. Use of cookies
I.) Description and scope of data processing
When you visit our website, we use technical aids for various functions, in particular cookies, which can be stored on your end device. When you access our website and at any time thereafter, you have the choice of whether you generally allow cookies to be set or which individual additional functions you would like to select. You can make changes in your browser settings or via our Consent Manager. Cookies are text files or information in a database that are stored on your hard disk and assigned to the browser you are using so that certain information can flow to the location that sets the cookie. Below we describe the type of cookies we use: We use technically necessary cookies, which are required for the technical structure of the website. Without these cookies, our website cannot be displayed (completely correctly) or the support functions are not possible.
The following data is stored and transmitted by the technically necessary cookies
Session ID
Cookie settings
We also use cookies on our website that enable an analysis of the user's surfing behavior.
The following data can be transmitted in this way:
Use of website functions
The user data collected in this way is pseudonymized by technical precautions. It is therefore no longer possible to assign the data to the accessing user without additional information. The data is not stored together with other personal data of the user.
II.) Purpose of data processing
The purpose of using technically necessary cookies is to ensure the functionality of our website. Some functions of our website cannot be offered without the use of cookies. For these, it is necessary for the browser to be recognized even after a page change.
We require the technically necessary cookies for the following applications:
Functionality of the website
Cookie settings
III.) Legal basis for data processing
The provisions of the Telecommunications and Telemedia Data Protection Act (TTDSG) apply to the storage of information in the end user's terminal equipment and/or access to information already stored in the end user's terminal equipment. If the setting and reading of cookies is technically necessary, this is done to ensure the functionality of our website. In this case, the storage of and access to cookies on your terminal equipment takes place on the basis of Section 25 (2) No. 2 TTDSG. The purpose of storing and accessing the information in your terminal equipment is to make it easier for you to use our website and to be able to offer you our services as you have requested. Some functions of our website do not work without the use of these cookies and could therefore not be offered. The cookies are generally deleted at the end of the session (e.g. logging out or closing the browser) or after a specified period of time. Information on different storage periods for cookies can be found in the following sections of this privacy policy.
IV.) Duration of storage, objection and removal options
The user has the option to revoke their consent to the processing of personal data at any time. Cookies are stored on the user's computer and transmitted by it to our website. As a user, you therefore have full control over the use of cookies. You can deactivate or restrict the transmission of cookies by changing the settings in your Internet browser. Cookies that have already been saved can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to use all functions of the website to their full extent.
The transmission of Flash cookies cannot be prevented via the browser settings, but by changing the Flash Player settings.
If you are using a Safari browser version 12.1 or higher, cookies are automatically deleted after seven days. This also applies to opt-out cookies, which are set to prevent tracking measures.
7. Agency services
We process our customers' data as part of our contractual services, which include conceptual and strategic consulting, campaign planning, software and design development/consulting or maintenance, implementation of campaigns and processes/handling, server administration, data analysis/consulting services and training services.
We process inventory data (e.g., customer master data, such as names or addresses), contact data (e.g., e-mail, telephone numbers), content data (e.g., text entries, photographs, videos), contract data (e.g., subject matter of the contract, term), payment data (e.g., bank details, payment history), usage and metadata (e.g., as part of the evaluation and performance measurement of marketing measures). In principle, we do not process special categories of personal data, unless these are part of commissioned processing. The data subjects include our customers, interested parties and their customers, users, website visitors or employees as well as third parties. The purpose of the processing is the provision of contractual services, billing and our customer service. The legal basis for the processing results from Art. 6 para. 1 lit. b GDPR (contractual services), Art. 6 para. 1 lit. f GDPR (analysis, statistics, optimization, security measures). We process data that is required to justify and fulfill the contractual services and point out the necessity of their disclosure. Disclosure to external parties only takes place if it is necessary in the context of an order. When processing the data provided to us as part of an order, we act in accordance with the instructions of the client and the legal requirements of order processing in accordance with Art. 28 GDPR and do not process the data for any purposes other than those specified in the order.
We delete the data after the expiry of statutory warranty and comparable obligations. The necessity of storing the data is reviewed every three years; in the case of statutory archiving obligations, the deletion takes place after their expiry (6 years, in accordance with Section 257 (1) HGB, 10 years, in accordance with Section 147 (1) AO). In the case of data disclosed to us by the client as part of an order, we delete the data in accordance with the specifications of the order, generally after the end of the order.
8. Contractual services
We process the data of our contractual partners and interested parties as well as other clients, customers, clients, clients or contractual partners (uniformly referred to as "contractual partners") in accordance with Art. 6 para. 1 lit. b. GDPR. GDPR in order to provide them with our contractual or pre-contractual services. The data processed in this context, the type, scope and purpose and the necessity of their processing are determined by the underlying contractual relationship.
The processed data includes the master data of our contractual partners (e.g., names and addresses), contact data (e.g., e-mail addresses and telephone numbers) as well as contract data (e.g., services used, contract content, contractual communication, names of contact persons) and payment data (e.g., bank details, payment history).
In principle, we do not process special categories of personal data unless these are part of commissioned or contractual processing.
We process data that is required to justify and fulfill the contractual services and point out the necessity of its disclosure, unless this is evident to the contractual partners. Disclosure to external persons or companies only takes place if it is necessary within the framework of a contract. When processing the data provided to us as part of an order, we act in accordance with the instructions of the client and the legal requirements.
When using our online services, we may store the IP address and the time of the respective user action. The storage is based on our legitimate interests, as well as the interests of users in protection against misuse and other unauthorized use. This data will not be passed on to third parties unless it is necessary to pursue our claims in accordance with Art. 6 para. 1 lit. f. GDPR. GDPR or there is a legal obligation to do so pursuant to Art. 6 para. 1 lit. c. GDPR.
The data will be deleted when the data is no longer required to fulfill contractual or legal duties of care and to deal with any warranty and comparable obligations, whereby the necessity of storing the data is reviewed every three years; otherwise the statutory retention obligations apply.
9. Administration, financial accounting, office organization, contact management
We process data in the context of administrative tasks and the organization of our business, financial accounting and compliance with legal obligations, such as archiving. In doing so, we process the same data that we process as part of the provision of our contractual services. The processing bases are Art. 6 para. 1 lit. c. GDPR, Art. 6 para. 1 lit. f. GDPR. Customers, interested parties, business partners and website visitors are affected by the processing. The purpose and our interest in the processing lies in the administration, financial accounting, office organization, archiving of data, i.e. tasks that serve to maintain our business activities, perform our tasks and provide our services. The deletion of data with regard to contractual services and contractual communication corresponds to the information specified in these processing activities.
We disclose or transmit data to the tax authorities, consultants such as tax advisors or auditors as well as other fee offices and payment service providers.
We also store information on suppliers, event organizers and other business partners on the basis of our business interests, e.g. for the purpose of contacting them at a later date. We generally store this mainly company-related data permanently.
10. Business analyses and market research
In order to operate our business economically and to be able to identify market trends and the wishes of contractual partners and users, we analyze the data we have on business transactions, contracts, inquiries, etc. We process inventory data, communication data, communication data and other data. In doing so, we process inventory data, communication data, contract data, payment data, usage data, metadata on the basis of Art. 6 para. 1 lit. f. GDPR. GDPR, whereby the data subjects include contractual partners, interested parties, customers, visitors and users of our online offering.
The analyses are carried out for the purpose of business evaluations, marketing and market research. In doing so, we can take into account the profiles of registered users with information, e.g. on the services they have used. The analyses help us to increase user-friendliness, optimize our offer and improve business efficiency. The analyses serve us alone and are not disclosed externally, unless they are anonymous analyses with summarized values.
If these analyses or profiles are personal, they are deleted or anonymized when the user terminates the contract, otherwise after two years from the conclusion of the contract. Otherwise, the overall business analyses and general trend determinations are created anonymously where possible.
11. Data protection information in the application process
We process applicant data only for the purpose and in the context of the application process in accordance with the legal requirements. Applicant data is processed to fulfill our (pre-)contractual obligations in the context of the application process within the meaning of Art. 6 para. 1 lit. b. GDPR Art. 6 para. 1 lit. f. GDPR if the data processing becomes necessary for us, e.g. in the context of legal proceedings (in Germany, Section 26 BDSG also applies).
The application process requires applicants to provide us with applicant data. If we offer an online form, the necessary applicant data is marked, otherwise it is derived from the job descriptions and generally includes personal details, postal and contact addresses and the documents belonging to the application, such as cover letter, CV and certificates. Applicants can also voluntarily provide us with additional information.
By submitting their application to us, applicants consent to the processing of their data for the purposes of the application process in accordance with the type and scope set out in this privacy policy.
Insofar as special categories of personal data within the meaning of Art. 9 para. 1 GDPR are voluntarily communicated as part of the application process, their processing is also carried out in accordance with Art. 9 para. 2 lit. b GDPR (e.g. health data, such as severely disabled status or ethnic origin). Insofar as special categories of personal data within the meaning of Art. 9 para. 1 GDPR are requested from applicants as part of the application process, their processing is also carried out in accordance with Art. 9 para. 2 lit. a GDPR (e.g. health data if this is necessary for the exercise of the profession).
If provided, applicants can send us their applications using an online form on our website. The data is transmitted to us in encrypted form in accordance with the state of the art.
Applicants can also send us their applications by e-mail. Please note, however, that e-mails are generally not sent in encrypted form and applicants must ensure that they are encrypted themselves. We therefore cannot assume any responsibility for the transmission path of the application between the sender and receipt on our server and therefore recommend using an online form or sending it by post. Instead of applying via the online form and e-mail, applicants still have the option of sending us their application by post.
In the event of a successful application, we may process the data provided by applicants for the purposes of the employment relationship. Otherwise, if the application for a job offer is not successful, the applicant's data will be deleted. Applicants' data will also be deleted if an application is withdrawn, which applicants are entitled to do at any time.
Subject to a justified revocation by the applicants, the deletion will take place after a period of six months so that we can answer any follow-up questions regarding the application and meet our obligations to provide evidence under the Equal Treatment Act. Invoices for any reimbursement of travel expenses will be archived in accordance with tax regulations.
12. Email contact
I.) Description and scope of data processing
It is possible to contact us via the email address provided on our website. In this case, the user's personal data transmitted with the email will be stored.
The data is used exclusively for processing the conversation.
II.) Purpose of data processing
If contact is made by email, this also constitutes the necessary legitimate interest in processing the data.
III.) Legal basis for data processing
The legal basis for the processing of data transmitted in the course of sending an email is Art. 6 para. 1 lit. f GDPR. Our legitimate interest is to respond to your request sent by email in the best possible way. If the email contact is aimed at concluding a contract, the additional legal basis for the processing is Art. 6 para. 1 lit. b GDPR.
IV.) Duration of storage
The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected and statutory retention periods no longer require the data to be retained. For personal data sent by email, this is the case when the respective conversation with the user has ended. The conversation is deemed to have ended when it can be inferred from the circumstances that the matter in question has been conclusively clarified.
V.) Possibility of objection
If the user contacts us by email, they can object to the storage of their personal data at any time. In such a case, the conversation cannot be continued.
Currently none, as the contact is voluntary and for a specific purpose and is only aimed at customers or interested parties; deletion in accordance with the GDPR can take place by email
All personal data stored in the course of contacting us will be deleted in this case.
13. Contact form
I.) Description and scope of data processing
There is a contact form on our website that can be used to contact us electronically. If a user makes use of this option, the data entered in the input mask will be transmitted to us and stored.
The following data is stored at the time the message is sent:
Email address
IP address of the accessing computer
Date and time the form was sent
Order number & zip code in the case of an existing order for verification purposes;
Other data transmitted by the user as a message
Alternatively, it is possible to contact us via the email address provided. In this case, the user's personal data transmitted with the email will be stored.
The data is used exclusively for processing the conversation.
In connection with the data processing, the data is passed on to the service provider: Hubspot CRM
II.) Purpose of data processing
The processing of personal data from the input mask serves us solely to process the contact. In the case of contact by email, this also constitutes the necessary legitimate interest in processing the data.
The other personal data processed during the sending process is used to prevent misuse of the contact form and to ensure the security of our information technology systems.
III.) Legal basis for data processing
The legal basis for the processing of data transmitted in the course of sending a contact form is Art. 6 para. 1 sentence 1 lit. f GDPR. Our legitimate interest lies in providing you with the best possible response to the inquiry you send us via the contact form. If the contact via the contact form is aimed at concluding a contract, the additional legal basis for the processing is Art. 6 para. 1 sentence 1 lit. b GDPR.
IV.) Duration of storage
The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected and statutory retention periods no longer require the data to be retained. For the personal data from the input mask of the contact form and those sent by email, this is the case when the respective conversation with the user has ended. The conversation is ended when it can be inferred from the circumstances that the matter in question has been conclusively clarified.
V.) Possibility of objection
The user has the possibility to revoke their consent to the processing of personal data at any time. If the user contacts us by email, they can object to the storage of their personal data at any time. In such a case, the conversation cannot be continued.
All personal data stored in the course of contacting us will be deleted in this case.
14. E-mail dispatch
We use Mandrill from Mailchimp of the provider The Rocket Science Group, LLC, 512 Means Street, Suite 404 Atlanta, GA 30318 United States.
Mandrill is used when the order is completed to send you a confirmation of the order and any payment reminders and other emails. In doing so, we or our hosting provider process inventory data, contact data, content data, contract data, usage data, meta and communication data of customers. The legal basis for data processing is Art. 6 para. 1 sentence 1 lit. b GDPR, as the processing of the data is necessary for the execution of the concluded purchase contract.
Part of the order processing contract with Mandrill are so-called EU standard data protection clauses (Art. 46 para. 2 sentence 1 lit. c GDPR). These are to be classified as a suitable guarantee for the protection of the transfer and processing of personal data outside the EU.
Further information about Mandrill and data protection at Mandrill can be found here:http://mailchimp.com/legal/privacy/
15. Content Delivery Networks
I.) Description and scope of data processing
We use functions of the Content Delivery Network KeyCDN from proinity LLC, Reichenauweg 1, 8272 Ermatingen Switzerland on our website. A content delivery network (CDN) is a network of regionally distributed servers connected via the Internet, which are used to deliver content - in particular large media files such as videos. KeyCDN offers web optimization and security services that we use to improve the loading times of our website and to protect it from misuse. When you visit our website, a connection is established to the servers of proinity LLC, e.g. to retrieve content. As a result, personal data may be stored and analyzed in server log files, in particular the user's activity (in particular which pages have been visited) and device and browser information (in particular the IP address and operating system).
Further information on the collection and storage of data by proinity LLC can be found here: https://www.keycdn.com/privacy
II.) Purpose of data processing
The functions are used to deliver and accelerate online applications and content.
III.) Legal basis for data processing
This data is collected on the basis of Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the technically error-free presentation and optimization of its website - the server log files must be recorded for this purpose.
IV) Duration of storage
Your personal information will be stored for as long as is necessary to fulfill the purposes described in this privacy policy or as required by law.
V.) Objection and removal options
Information on objection and removal options vis-à-vis proinity LLC can be found at: https://www.keycdn.com/privacy
16. Use of Leadfeeder
I.) Scope of the processing of personal data
On our websites we use the Leadfeeder Tracker, a web analysis service of Dealfront Group GmbH, Durlacher Allee 73, D-76131 Karlsruhe. This service enables us to create usage profiles and store cookies on your end device. Among other things, the date and time of the server request, the browser type and version, the operating system used, the host name of the accessing device (IP address) as well as the number of pages visited and user behavior on the website, such as the length of stay and the pages visited, are processed. Further information on how the website tracker works can be found at https://help.dealfront.com/en/articles/3700007-what-is-the-leadfeeder-tracker. The information collected is used to analyze which companies visit our website (B2B). This is done by comparing the IP address of visitors with other information such as company names. Only an anonymized (shortened) IP address is stored. Cookies are only set with your prior consent in order to analyze user behavior.
II.) Purpose of data processing
Leadfeeder is used to analyze and optimize advertising measures.
III.) Legal basis for the processing of personal data
The legal basis for the processing of users' personal data is generally the consent of the user in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR.
IV.) Duration of storage
Your personal information will be stored for as long as necessary to fulfill the purposes described in this privacy policy or as required by law, e.g. for tax and accounting purposes.
17. Use of Google Analytics 4 (GA4)
I.) Scope of the processing of personal data
On our websites we use Google Analytics 4 (GA4), a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). As part of this service, pseudonymized user profiles are created and cookies are used. The information generated by these cookies about your use of the website includes, among other things, a short-term recording of the IP address without permanent storage, location data, browser type and version, the operating system used, the referrer URL (previously visited page) and the time of the server request. This pseudonymized data may be transmitted by Google to servers in the USA and stored there.
II.) Purpose of data processing
The information collected is used to analyze the use of the website, to compile reports on website activity and to provide other services relating to website activity and internet usage for the purposes of market research and the needs-based design of our website. This information may also be passed on to third parties if this is required by law or if third parties process this data on behalf of Google.
III.) Legal basis for the processing of personal data
The processing of personal data by Google Analytics 4 takes place exclusively on the basis of your express consent in accordance with Art. 6 para. 1 lit. a) GDPR.
IV.) Duration of storage
The default data storage period set by Google is 14 months. In addition, personal data is stored for as long as is necessary to fulfill the processing purposes. The data is deleted as soon as it is no longer required for the stated purposes. Google LLC, as the parent company of Google Ireland Limited, is certified under the EU-US Data Privacy Framework. This means that there is an adequacy decision pursuant to Art. 45 GDPR, so that personal data may be transferred to the USA without additional guarantees or measures.
Further information on data protection when using GA4 can be found at: https://support.google.com/analytics/answer/12017362?hl=de.
18. Use of meta pixels
I.) Scope of the processing of personal data
We use the meta pixel of Meta Platforms Inc, 1601 Willow Road, Menlo Park, CA 94025, USA and its representative in the Union Meta Platforms Ireland Ltd, 4 Grand Canal Square, Grand Canal H , D2 Dublin, Ireland (hereinafter: Meta) on our online presence. With its help, we can track the actions of users after they have seen or clicked on a Meta advertisement. This allows personal data to be stored and evaluated, in particular the user's activity (in particular which pages have been visited and which elements have been clicked on), device and browser information (in particular the IP address and operating system), data about the advertisements displayed (in particular which advertisements have been displayed and whether the user has clicked on them) and also data from advertising partners (in particular pseudonymized user IDs). This enables us to record the effectiveness of Meta advertisements for statistical and market research purposes, whereby data may be transmitted to Meta servers in the USA. the data collected in this way is anonymous to us, i.e. we do not see the personal data of individual users. However, this data is stored and processed by Meta. Meta can link this data to your Meta account and also use it for its own advertising purposes, in accordance with Meta's data usage policy.https://de-de.facebook.com/policy.php
II.) Purpose of data processing
The Meta Pixel is used to analyze and optimize advertising measures.
III.) Legal basis for the processing of personal data
The legal basis for the processing of users' personal data is generally the user's consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR.
IV.) Duration of storage
Your personal information will be stored for as long as necessary to fulfill the purposes described in this privacy policy or as required by law, e.g. for tax and accounting purposes.
Exercising your rights
You have the right to withdraw your declaration of consent under data protection law at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal, and you can prevent the collection and processing of your personal data by Meta by preventing the storage of third-party cookies on your computer, using the "Do Not Track" function of a supporting browser, deactivating the execution of script code in your browser or using a script blocker such as NoScript ().B. NoScript(https://noscript.net/) or Ghostery(https://www.ghostery.com) in your browser. Further information on objection and removal options vis-à-vis Meta can be found at:https://de-de.facebook.com/policy.php
19. Use of Hubspot CRM
We use Hubspot CRM on this website. The provider is Hubspot Inc. 25 Street, Cambridge, MA 02141 USA (hereinafter Hubspot CRM).
Hubspot CRM enables us, among other things, to manage existing and potential customers and customer contacts. With the help of Hubspot CRM, we are able to record, sort and analyze customer interactions via email, social media or telephone across various channels. The personal data collected in this way can be evaluated and used for communication with the potential customer or for marketing measures (e.g. newsletter mailings). With Hubspot CRM, we are also able to record and analyze the user behavior of our contacts on our website.
The use of Hubspot CRM is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the most efficient customer management and customer communication possible. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user's end device (e.g. device fingerprinting) within the meaning of the TTDSG. Consent can be revoked at any time.
Details can be found in Hubspot's privacy policy: https://legal.hubspot.com/en/privacy-policy.
Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.hubspot.de/data-privacy/privacy-shield.
20. Plugins used
We use plugins for various purposes. The plugins used are listed below:
Service
Provider
Third country transfer (country)
Purpose of data processing
Legal basis for data processing
Information on data protection and suitable guarantees for third country transfer
LinkedIn Insights
LinkedIn Ireland Unlimited Company
Ireland (USA)
Conversion tracking, marketing / tracking
Art. 6 para. 1 p.1 lit. a GDPR
https://de.linkedin.com/legal/privacy-policy?#choices-oblig
Google Ads
Google Inc.
USA
Conversion Tracking
Art. 6 Para. 1 S.1 lit. a GDPR
https://policies.google.com/privacy?gl=DE&hl=de
Google Ads Remarketing
Google Ireland Ltd.
Ireland (USA)
Marketing / Tracking
Art. 6 Para. 1 S.1 lit. a GDPR
https://policies.google.com/privacy?gl=DE&hl=de https://business.safety.google/gdpr/
Google Tag Manager
Google Ireland Ltd.
Ireland (USA)
Tag configuration and integration of Google services
Art. 6 para. 1 sentence 1 lit. a GDPR
https://policies.google.com/privacy?gl=DE&hl=de https://business.safety.google/gdpr/
*(no third country transfer), (own hosting), *(adequacy decision)
I.) Duration of storage
Your personal information will be stored for as long as necessary to fulfill the purposes described in this privacy policy or as required by law.
II.) Transfer to third countries
When using the plugins marked with third country transfer or USA, personal data may be transferred to servers in third countries outside the EU, such as the USA. The legal basis for this transfer is consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR. The United States of America does not offer an adequate level of data protection on the basis of a decision by the European Union. The main risk of the transfer lies in the obligation of the plug-in providers to make user data accessible to US authorities under certain circumstances. An order processing agreement with standard contractual clauses is currently in place with all providers in order to make the transfer to third countries as data protection-friendly and secure as possible. We are currently striving to make adjustments to the ECJ ruling of 16.07.2020 (Schrems II, ref. C-311/18), including additional security measures. A copy of the standard data protection clauses can be requested by sending us an informal email.
III.) Possibility of revocation
You have the right to revoke your declaration of consent under data protection law at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
You can prevent the collection and processing of your personal data by the respective providers by preventing the storage of third-party cookies on your computer, using the "Do Not Track" function of a supporting browser, deactivating the execution of script code in your browser or installing a script blocker such as NoScript(https://noscript.net/) or Ghostery(https://www.ghostery.com) in your browser.
IV.) Risk warning
Your personal data will also be transferred to the USA. There is no adequacy decision for the USA pursuant to Art. 45 (3) GDPR. We would like to point out that a data transfer without an adequacy decision entails certain risks, which we would like to point out to you below:US intelligence services use certain online identifiers (such as the IP address or unique identification numbers) as a starting point for monitoring individuals. In particular, it cannot be ruled out that these intelligence services have already collected information about you, with the help of which the data transmitted here can be traced back to you.providers of electronic communications services headquartered in the USA are subject to surveillance by US intelligence services pursuant to 50 U.S. Code § 1881a ("FISA 702"). Accordingly, providers of electronic communications services headquartered in the USA are obliged to make personal data available to the US authorities in accordance with 50 U.S. Code § 1881a, without being entitled to any legal remedies. Even encryption of the data in the data centers of the electronic communications service provider may not provide adequate protection because an electronic communications service provider has a direct obligation to grant access to or disclose imported data in its possession, custody or control. This obligation may also expressly extend to the cryptographic keys without which the data cannot be read, and the fact that this is not merely a "theoretical risk" is demonstrated by the ECJ ruling of July 16, 2020 (Case C 311/18, "Schrems-II") We have concluded guarantees with Google in the form of standard data protection clauses in accordance with Art. 46 para. 2 lit. c GDPR. A copy of the standard data protection clauses can be requested from us.