PROTEZIONE DEI DATI
Data protection information of Karlhans Lehmann KG
We take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory provisions of the relevant data protection laws, in particular the European General Data Protection Regulation (GDPR). This data protection information relates to our offers and services, in particular our online shop including our social media profiles. Our digital offerings may contain links to other websites of third-party service providers to which this data protection notice does not apply.
1. controller
The controller responsible for the processing of your personal data is
Karlhans Lehmann KG
Kranichstraße 2a
17235 Neustrelitz
info@lewi.de
If you have any questions about data protection at our company, please write to us at the above postal address with the addition ‘Data protection’ or at the e-mail address provided with the subject ‘Data protection’.
2. Purpose of the processing of personal data
2.1 Data processing for the provision of contractual services
We process personal data in order to handle the contractual relationships and to be able to submit customised contractual offers.
For all forms, we only collect the personal data that is absolutely necessary for processing the contractual relationship or for your request for information. This information is marked with an asterisk. The collection of data that is not absolutely necessary, but in which we have an interest in order to optimise the fulfilment of the purpose, is only optional. In this case, you decide on a voluntary basis whether and which data you wish to provide us with. We may need your correct name, address and payment details to process the contract. We request your e-mail address and telephone number and, if applicable, fax number so that we can communicate with you in the event of questions or problems regarding our services or our contractual relationship.
The basis for data processing is Art. 6 para. 1 sentence 1 lit. b GDPR, which permits the processing of data for the fulfilment of a contract or pre-contractual measures.
2.2 User area of our online shop
On our website, we offer the option of registering as a user by providing personal data. We require the following information for this: First and last name, company name, e-mail address, telephone number, fax number, VAT ID number and password.
The data in the customer area can be viewed, edited and deleted using your e-mail address and password. In the event that you have forgotten your password, you will find a ‘forgotten password’ link on the website. You can assign a new password by entering your e-mail address. The personal data you enter when using our user area will only be processed in order to be able to offer you our services. These are only offered to registered users.
The basis for data processing is Art. 6 para. 1 lit. b GDPR, which permits the processing of data for the fulfilment of a contract or pre-contractual measures.
2.3 Data processing for communication with you
We may also process personal communication data (name, address, telephone number and/or e-mail address) in order to process your enquiry and/or to be able to contact you. Personal data that you provide to us by e-mail, chat or via another communication channel opened by us will only be processed for correspondence with you or only for the purpose for which you have provided us with the data.
If you are interested in our services, the basis for data processing is Art. 6 para. 1 sentence 1 lit. b GDPR, which permits the processing of data for the fulfilment of a contract or pre-contractual measures. In addition, we have an interest in processing and, if necessary, answering your enquiry, whereby the processing of your data for this purpose is based on Art. 6 para. 1 sentence 1 lit. f GDPR, which permits the processing of data to safeguard the legitimate interests of the controller, provided that the interests or fundamental rights and freedoms of the data subject do not prevail.
2.4 Newsletter
With your consent, you can subscribe to our newsletter, which we use to inform you about our current offers and news. If you would like to receive a newsletter offered by us, we require an e-mail address from you as well as information that allows us to verify that you are the owner of the e-mail address provided and that you agree to receive the newsletter. For this purpose, we will send you an e-mail with a confirmation link (double opt-in) to the e-mail address you have provided. If you do not confirm your registration, your information will be blocked and deleted in accordance with our cancellation policy.
When you register, we store the data you provide and your IP address, the time of registration and the time of confirmation. The purpose of this procedure is to be able to prove your registration and, if necessary, to clarify any possible misuse of your personal data. We do not collect any other data in this context. We use this data exclusively for sending the requested newsletter.
The data processing described above is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR. You can revoke this consent at any time by unsubscribing from the newsletter. The legality of the data processing operations that have already taken place remains unaffected by the cancellation. The data you provide us with for the purpose of subscribing to the newsletter will be stored by us until you unsubscribe from the newsletter and deleted after you unsubscribe from the newsletter in accordance with our deletion periods.
2.5 Cookies
We may use so-called cookies in order to be able to offer you website-specific services. Cookies are small text files that are stored on the user's end device and may contain data about the respective user in order to enable access to various functions, among other things. Cookies are stored on the end device used and may be read by us from there. Consequently, users have control over the use of cookies. By changing the settings, the transmission of cookies can be deactivated or restricted and, for example, cookies from third parties or cookies can be generally rejected. However, if the setting of cookies for our services is prevented, the functions or services offered may not be able to be used or may not be used to their full extent.
We use necessary cookies that are required to enable the provision of the services owed by us or to ensure the functionality of our services. The legal basis for setting these cookies is Section 25 (2) No. 2 TDDDG. Any processing of personal data carried out in this context is then based on Art. 6 para. 1 sentence 1 lit. b GDPR, which permits the processing of data for the fulfilment of a contract or pre-contractual measures, or Art. 6 para. 1 sentence 1 lit. f GDPR, which permits data processing to safeguard the legitimate interests of the controller, unless the interests or fundamental rights and freedoms of the data subject outweigh the controller's interest in data processing. Our interest then lies in ensuring the provision of the functions of our services.
We may obtain consent for the use of other, non-essential cookies. The cookies are then set on the basis of the consent given in accordance with Section 25 (1) TDDDG, any processing of personal data carried out in this context in accordance with Art. 6 (1) sentence 1 lit. a GDPR. Consent can be revoked at any time. The lawfulness of data processing already carried out on the basis of consent remains unaffected by the revocation.
2.6 Data processing in the context of our LinkedIn company page
We operate a company page on the social network linkedin.com of LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland (‘LinkedIn’) and receive so-called page analytics from LinkedIn with regard to our services. We are jointly responsible with LinkedIn for this operation of the LinkedIn company page within the meaning of Art. 26 GDPR.
Type and scope of the information provided to/from? LinkedIn, the associated purposes of data processing by LinkedIn, its lawfulness and information on exercising your rights can be found in LinkedIn's privacy policy at https://www.linkedin.com/legal/privacy-policy and the joint responsibility agreement, which can be found at https://legal.linkedin.com/pages-joint-controller-addendum. Page analytics is summarised data that allows us to gain insight into how people interact with our site. The generation and provision of these page analytics is the responsibility of LinkedIn, we have no influence on this. LinkedIn assumes all obligations under the GDPR with regard to the processing of Insights data (including Articles 12 and 13 GDPR, Articles 15 to 22 GDPR and Articles 32 to 34 GDPR).
The purpose of data processing by us of the data provided by LinkedIn is to statistically analyse the use of our company page. This enables us, for example, to determine the preferred visiting and posting times of our users and to use this information to optimise our posts and our company page. In addition, we process personal data that you have made publicly accessible on LinkedIn (e.g. real names in the user profile) as well as data that is directly related to activities on our company page (e.g. contributions, posts, likes, tags), also for the purpose of communicating with you.
The basis for the above data processing is Art. 6 para. 1 sentence 1 lit. a GDPR. If you have given your consent to LinkedIn, you can revoke this consent to LinkedIn at any time with effect for the future. If you have given us your consent in this regard, you can revoke this consent at any time with effect for the future. Otherwise, our data processing is based on Art. 6 para. 1 sentence 1 lit. f GDPR, which permits the processing of data to safeguard the legitimate interests of the controller, provided that the interests or fundamental rights and freedoms of the data subject do not prevail. Our interest lies in the provision of content and communication with LinkedIn users and in improving the reach and effectiveness of our posts.
Please assert your rights to information, correction, deletion, restriction of processing and data portability of your stored Insights data against LinkedIn, as LinkedIn has assumed the corresponding obligations:
LinkedIn Ireland Unlimited Company
Wilton Place
Dublin 2
Ireland
Privacy policy https://www.linkedin.com/legal/privacy-policy
2.7 Data processing in the context of our Instagram pages
We operate a company page or profile on the social network Instagram (‘Instagram’) of Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. For the operation of the aforementioned page and the social network Facebook (‘Facebook’), with which Meta may share the data, we are jointly responsible with Meta Platforms Ireland Limited (‘Meta’) within the meaning of Art. 4 No. 7 GDPR. Linked here you will find the terms of use and guidelines of Facebook as well as the agreement on joint responsibility pursuant to Art. 26 GDPR.
For the type and scope of the information you provide, the associated purposes of the data processing, its legality and information on exercising your rights, please refer to the privacy notices of Instagram or Facebook, as well as further information provided by Meta on the processing of ‘Insights data’ (see above). Meta provides us with so-called Page Insights for our website. Page insights (e.g. https://www.facebook.com/business/a/page/page-insights) are summarised data that allow us to gain insight into how people interact with our site. Facebook is responsible for generating and providing these Page Insights; we have no influence over this. This also applies to data processing that is carried out exclusively for the purposes of Meta Platforms Ireland Limited. Meta also assumes all obligations under the GDPR with regard to the processing of Insights data (including Articles 12 and 13 GDPR, Articles 15 to 22 GDPR and Articles 32 to 34 GDPR).
The purpose of the data processing of the data provided by us is to statistically analyse the use of our company pages. This enables us, for example, to determine the preferred visiting and posting times of our users and to use this information to optimise our posts and our company pages. In addition, we process personal data that you have made publicly accessible there (e.g. real names in the user profile) as well as data that is directly related to activities on our company pages (e.g. contributions, posts, likes, tags), also for the purpose of communicating with you.
The basis for data processing is Art. 6 para. 1 sentence 1 lit. b GDPR, which permits the processing of data for the fulfilment of a contract or pre-contractual measures, insofar as the data is processed in accordance with the Instagram terms of use, otherwise, insofar as we are responsible under data protection law, Art. 6 para. 1 sentence 1 lit. f GDPR, which permits the processing of data to safeguard the legitimate interests of the controller, provided that the interests or fundamental rights and freedoms of the data subject do not prevail. Our interest lies in the provision of content and communication with users of social networks and in improving the reach and effectiveness of our posts.
Please assert your rights to information, correction, deletion, restriction of processing and data portability of your stored Insights data against Meta, as Meta has assumed the corresponding obligations:
Meta Platforms Ireland Limited
4 Grand Canal Square
Dublin 2, Ireland
Data protection information: https://www.facebook.com/about/privacy/ and
https://www.meta.com/de/legal/privacy-policy/
2.8 YouTube
We may use videos or plugins from YouTube on some of our websites. The operator of YouTube is Google Ireland Limited (‘Google’), Gordon House, Barrow Street, Dublin 4, Ireland.
As soon as you start a YouTube video on our website, a connection to the YouTube servers is established. This tells the YouTube server which of our pages you have visited. If you are logged into your YouTube account, you enable YouTube to assign your surfing behaviour directly to your personal profile. Furthermore, YouTube can store various cookies on your end device after starting a video. With the help of these cookies, YouTube can obtain information about visitors to our website. This information is used, among other things, to record video statistics, improve user-friendliness and prevent fraud attempts. The cookies remain on your device until you delete them.
After starting a YouTube video, further data processing operations may be triggered over which we have no influence. Among other things, a connection to the Google DoubleClick network may be established and your personal data may be processed in the USA in this context. You can find more information about data protection at YouTube in their privacy policy at: https://policies.google.com/privacy?hl=de. We may ask for your consent to use or activate the YouTube functionality.
Important in connection with data processing in the USA: According to the European Court of Justice, the data protection standard in the USA is inadequate and there is a risk that your data will be processed by US authorities for control and monitoring purposes and possibly without legal remedies.
If you have consented to the use of YouTube by us and the associated data processing, the data processing and, if applicable, the storage of YouTube cookies will be based on your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR in conjunction with Art. 49 para. 1 sentence 1 lit. a GDPR and § 25 para. 1 TTDSG. Art. 49 para. 1 sentence 1 lit. a GDPR and § 25 para. 1 TTDSG. You can revoke your consent at any time with effect for the future. The legality of the data processing already carried out on the basis of your consent remains unaffected by the revocation.
2.9 Data processing for job applications
You can send us applications for jobs in our company via our websites and the contact details we provide there. If you submit personal data to us in this way or in any other way, we will process your data for the purpose of reviewing, processing and responding to your application and, if necessary, preparing the employment relationship.
The basis for data processing is either Art. 6 para. 1 sentence 1 lit. b, which permits the processing of data for the decision on the establishment, for the establishment and for the execution of employment relationships, or - if you have given your consent - Art. 6 para. 1 sentence 1 lit. a GDPR. You can withdraw your consent at any time with effect for the future. All you need to do is send us an informal email. The legality of the data processing operations that have already taken place remains unaffected by the cancellation.
2.10 Data processing to protect legitimate interests
We may also process your data if it is necessary to protect our legitimate interests or those of third parties. This may be the case in particular to ensure IT security and IT operations, especially in the case of support requests, to be able to trace and prove facts in the event of legal disputes and to statistically analyse the use of our website. The basis for data processing is then Art. 6 para. 1 sentence 1 lit. f GDPR.
2.11 Other data processing based on your consent
We may also ask you for your consent to process personal data. Any granting of consent and the relevant data processing takes place on a voluntary basis and you will not suffer any disadvantages if you do not give your consent.
The data processing then takes place on the basis of your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR. You can revoke your consent at any time with effect for the future. An informal notification to us is sufficient for this. The legality of the data processing operations that have already taken place remains unaffected by the cancellation.
2.12 Log files
Every time our websites are accessed, usage data is transmitted by the respective Internet browser and stored in log files, the so-called server log files. The stored data records contain the following data Browser type and browser version, operating system used, referrer URL, time of the server enquiry and (abbreviated) IP address.
This data cannot be assigned to specific persons. This data is not merged with other data sources. We reserve the right to check this data retrospectively if we become aware of specific indications of unlawful use.
The basis for data processing is Art. 6 para. 1 sentence 1 lit. f GDPR, which authorises the processing of data to safeguard the legitimate interests of the controller, provided that the interests or fundamental rights and freedoms of the data subject do not prevail. We have an interest in prosecuting, preventing and penalising unlawful use of our website.
2.13 Transmission of data on outstanding receivables to debt collection service providers
If an outstanding invoice is not paid despite repeated reminders, we may transfer the data required to carry out debt collection (name, address, e-mail address, company details and, if applicable, contract and receivables data) to a debt collection service provider for the sale of the outstanding receivables and for the purpose of debt collection and debt collection processing. When the outstanding receivables are sold, the service provider then becomes the debtor and asserts the claim in its own name.
The data is processed on the basis of the legal bases in Art. 6 Para. 1 S. 1 Iit. b GDPR and Art. 6 Para. 1 S. 1 Iit. f GDPR. Transfers on the basis of Art. 6 para. 1 sentence 1 lit. f GDPR may only take place insofar as this is necessary to safeguard the legitimate interests of our company and insofar as the interests of the data subject, which require the protection of personal data, do not prevail.
2.14 Data processing for the fulfilment of legal obligations
In addition, we process your data to fulfil legal obligations (e.g. regulatory requirements, commercial and tax law retention and verification obligations).
The basis for data processing is Art. 6 para. 1 sentence 1 lit. c GDPR, which permits processing to fulfil a legal obligation.
3. recipients of the personal data
Your personal data will only be passed on or otherwise transferred to third parties if this is necessary for the purpose of contract processing or billing or if you have given your prior consent or if there is a legal basis for the transfer.
Service providers who support us in the context of the processing of your data described above are hosting providers and, where applicable, sales and marketing partners, software (SaaS) providers, IT service providers, in particular service providers for software and hardware maintenance, and email service providers.
4. Duration of data storage
In principle, we delete personal data as soon as it is no longer required for the above-mentioned purposes, unless temporary storage is still necessary. For example, we store personal data on the basis of legal obligations to provide evidence and retain data, including those arising from the German Commercial Code and the German Fiscal Code. The storage periods are up to ten full years. We also retain personal data for the period during which claims can be asserted against our company (statutory limitation period of three or up to thirty years).
If we process the data to fulfil a contract, we store it for at least as long as the respective contract exists and thereafter until any resulting claims can no longer be asserted. Even after this period has expired, we may continue to process the data stored until then on the basis of the fulfilment of the contract on the basis of a legitimate interest by way of a change of purpose. We store the data collected on the basis of a legitimate interest until the legitimate interest no longer exists, the assessment comes to a different conclusion or an effective objection to the respective data processing has been lodged and we otherwise have no other authorisation or obligation to continue this respective data processing.
5. data security
Your personal data is transmitted securely by us using encryption. We use the SSL (Secure Socket Layer) coding system. You can recognise an encrypted connection by the fact that the address line of the browser changes from ‘http://’ to ‘https://’ and by the lock symbol in your browser line. We also use technical and organisational measures to protect our websites and other systems against loss, destruction, access, modification or dissemination of your data by unauthorised persons.
6. rights of data subjects
Within the framework of the applicable statutory provisions, data subjects have the right to obtain information free of charge at any time about their personal data stored by us, its origin and recipients and the purpose of data processing and, if applicable, a right to rectification or erasure of this data.
You can contact us at any time using the contact details provided in section 1 if you have any further questions on the subject of personal data.
Data subjects may also have the right to restrict the processing of their data and the right to receive the data they have provided in a structured, commonly used and machine-readable format.
If we have been given consent to process personal data for specific purposes, this can be revoked at any time with effect for the future. If we process data to protect legitimate interests, this processing can be objected to on grounds relating to the particular situation of the data subject. If we cannot demonstrate compelling legitimate grounds for further processing that outweigh the interests, rights and freedoms of the data subject or if we process the data in question for the purpose of direct marketing, we will no longer process their data.
Data subjects also have the option of contacting a data protection supervisory authority (right to lodge a complaint).