Privacy policy
1. Introduction
We would like to use the information below to provide you "data subject" with an overview of our processing of your personal data and your rights under data protection law. It is generally possible to use our website without entering personal data. However, if you wish to make use of special services offered by our company through our website, it may be necessary to process personal data. If it is necessary to process personal data and there is no legal basis for such processing, we will generally obtain your consent.
Personal data, such as your name, address or email address, is always processed in accordance with the EU General Data Protection Regulation (GDPR) and in accordance with the country-specific data protection regulations applicable to the "LISSMAC GMBH". The aim of this Privacy Notice is to inform you about the scope and purpose of the personal data we collect, use and process.
As the data controller, we have implemented numerous technical and organisational measures to ensure the most complete possible protection of the personal data processed via this website. Nevertheless, as a rule, internet-based data transmissions may have security gaps, and we are unable to guarantee absolute protection. Because of this, you are free to send us personal data by alternative means, for example by telephone or post.
2. Data controller
The data controller, as defined by the GDPR, is:
LISSMAC GmbH, Lanzstr. 4, 88410 Bad Wurzach, Deutschland
Phone: +49 7564 307-0 | Fax: +49 7564 307-500 | Email: kphq@nkuuoce.eqo
Data controller’s representative: Thomas Hoffmeister
3. Data protection officer
You can reach the data protection officer as follows:
PROLIANCE GmbH
Email: fcvgpuejwv)dgcwhvtcivgt@fcvgpuejwv)gzrgtvg.fg
When contacting the data protection officer, please name the company to which your enquiry relates. Please refrain from enclosing sensitive information such as a copy of your ID with your enquiry.
4. Definitions
This Privacy Notice uses terms based on those used by European lawmakers in adopting the General Data Protection Regulation (GDPR). Our Privacy Notice should be easy for the public as well as our customers and business partners to read and understand. To ensure this is the case, we would like to explain the terms used in advance.
We use the following terms in this Privacy Notice, among others:
1. Personal data
Personal data means any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
2. Data subject
A data subject is any identified or identifiable natural person whose personal data is processed by the data controller (our company).
3. Processing
Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
4. Restriction to processing
Restriction to processing means marking stored personal data with the aim of limiting its processing in future.
5. Profiling
Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.
6. Pseudonymisation
Pseudonymisation is the processing of personal data in such a way that the data can no longer be assigned to a specific data subject without additional information being provided, given that such additional information is kept separate and subject to appropriate technical and organisational measures that ensure that personal data cannot be attributed to an identified or identifiable natural person.
7. Data processor
The processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
8. Recipient
Recipient means a natural or legal person, public authority, agency or another body, to which the personal data is disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients.
9. Third parties
Third party means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.
10. Consent
Consent is any unambiguous voluntary declaration of consent given by the data subject for a specific case in an informed manner in the form of a statement or other action clearly confirming consent (ticking a box) with which the data subject indicates their agreement to their personal data being processed.
5. Legal basis for processing
Article 6 Paragraph 1(a) GDPR serves as our company’s legal basis for processing operations in which we obtain consent for a specific processing purpose.
If the processing of personal data is necessary for the performance of a contract to which you are a party, as is the case, for example, with processing operations that are necessary for the delivery of goods or the provision of other services or consideration, processing is based on Article 6 Paragraph 1(b) GDPR. The same applies to those processing operations required to carry out pre-contractual measures, such as in cases of queries regarding our products or services.
If our company is subject to a legal obligation requiring the processing of personal data, such as for the fulfilment of tax obligations, processing is based on Article 6 Paragraph 1(c) GDPR.
In rare cases, processing of personal data may be necessary to protect the vital interests of the data subject or of another natural person. This would be the case, for example, if someone visiting our business were to be injured and their name, age, health insurance data or other vital information needed to be disclosed to a doctor, hospital or other third party. Processing would then be based on Article 6 Paragraph 1(d) GDPR.
Finally, processing operations could be based on Article 6 Paragraph 1(f) GDPR. Processing operations not based on any of the above-mentioned legal bases may be carried out on the basis of Article 6 Paragraph 1(f) GDPR if processing is necessary to safeguard the legitimate interests of our company or those of a third party, provided the interests and fundamental rights and freedoms of the data subject do not take precedence. We are permitted to engage in such processing operations in particular because they have been specifically mentioned in European law. In this respect, the legislature took the view that a legitimate interest could be assumed if you are a customer of our company (Recital 47 Sentence 2 GDPR).
6. Technology
6.1 SSL/TLS encryption
This site uses SSL or TLS encryption to ensure the security of data processing and to protect the transmission of confidential content, such as orders, login details or contact requests that you send to us as the website operator. You can recognise an encrypted connection by your browser’s address bar reading "https://" instead of "http://" and the lock symbol in the browser bar.
If SSL or TLS encryption is activated, the data you send us cannot be read by third parties.
6.2 Data collection when visiting the website
If you only use our website for informational purposes, i.e. if you do not register or otherwise provide us with information, we only collect the data your browser sends our server (in what is known as "server log files"). Our website collects a range of general data and information each time you access a website or an automated system. This general data and information is stored in the server’s log files.
- The browser
- types and versions used,
- the operating system used by the accessing system,
- the website from which an accessing system accesses our website (called a referrer),
- the sub-pages accessed via an accessing system on our website,
- the date and time the website is accessed,
- a truncated internet protocol address (anonymised IP address) and
- the accessing system's internet service provider may be collected.
No conclusions are drawn about you when using this general data and information. Instead, this information is needed
- to properly deliver our website content,
- to optimise the content of our website as well as to advertise it,
- to ensure the continued functioning of our IT systems and our website’s technology
- as well as to provide the information necessary for law enforcement authorities to prosecute in the event of a cyber attack.
This collected data and information is therefore statistically analysed and further analysed by us with the aim of increasing data protection and data security within our company to ultimately ensure an optimum level of protection for the personal data being processed by us. The anonymous data from the server log files is stored separately from all personal data provided by a data subject.
The legal basis for data processing is Article 6 Paragraph 1 Sentence 1(f) GDPR. Our legitimate interest is based on the purposes listed above for the collection of data.
7. Cookies and similar technologies
General information
On this website, we use services that employ cookies and similar technologies to store data in your device’s browser and to read data that has already been stored. Cookies, your browser’s local storage, pixels and so-called tags may be used for this purpose. Cookies are small text files that are stored on your device and can be read. A distinction is made between session cookies, which are deleted as soon as you close your browser, and persistent cookies, which are stored for a specific period of time beyond the individual session. In addition to cookies, we may use your browser’s session storage or local storage to store and retrieve data. We may also embed pixels on our website. Pixels are small, customised, invisible image files that are loaded when a page is displayed and can be used to track user activity. Finally, we may use tags on our website. Tags are small fragments of HTML or JavaScript code, or markers, which enable website analytics or user tracking services to distinguish or identify users and to track certain user activities. Further details on the cookies and similar technologies we use can be found below in the descriptions of the categories of cookies, as well as on our consent management platform, which is displayed when you visit our website. You can give your consent via the platform and also easily withdraw it. You can access the platform again at any time via the ‘Cookie settings’ link at the bottom of the webpage to change your settings. Please note that without the use of certain cookies and similar technologies, our website may not display correctly and some functions may no longer be technically available.
Category : Necessary
Services in this category may use cookies and similar technologies to store and read information on your device. We use these for the purpose and in the interest of
- enable the website to be displayed and to provide its basic functions, in particular page navigation and access to login areas,
- to enable you to give and withdraw consent,
- to protect our forms from fraudulent entries, and
- to protect our website from cyber-attacks and attempts at fraud.
The use of these services, as well as the corresponding cookies and similar technologies in this category, is based on Section 25(2)(1) and (2) of the TDDDG. Any subsequent data processing is based on Article 6(1), first sentence, point (f) of the GDPR.
Category: Functional
Services or external content and media from third-party providers in this category may use cookies and similar technologies to store and retrieve information on your device. We use these
- to enable the loading of third-party content and media,
- to make our website appealing to you and to operate it efficiently, and
- to provide you with certain settings and additional website features.
The use of the services, as well as the corresponding cookies and similar technologies in this category, is based on your consent in accordance with Section 25(1) of the TDDDG. Any subsequent data processing is based on your consent in accordance with Article 6(1)(a) of the GDPR.
Category: Analytics
Services in this category may use cookies and similar technologies to store and retrieve information on your device. We use these
- to count and distinguish you as an individual website visitor and to carry out statistical analyses of your interactions and your use of our website,
- to design our website to meet your needs and adapt it to users’ interactions,
- to test changes to the website and measure users’ responses to them (A/B testing), and
- to monitor the technical functionality of our website and enable fault rectification.
To this end, we and the service providers regularly store individual pseudonymous identifiers (recognition features) consisting of numbers and letters in cookies on your device when you visit our website, and these are read out again when you visit the site once more. The use of pseudonyms enables users to be individually distinguished and recognised. However, the natural person behind a pseudonym cannot usually be identified directly – and certainly not by name – without further, additional data. Other technologies may also regularly be used to read identification features from your device, such as in the case of so-called browser or device fingerprinting, where data relating to the characteristics of the browser you are using (e.g. type and version of the browser) and its configuration (e.g. preferred language), the characteristics of your device (e.g. manufacturer and model of your mobile phone, operating system) or the hardware you are using (e.g. screen resolution) to recognise you pseudonymously as a distinct user. The use of the services, as well as the corresponding cookies and similar technologies in this category, is based on your consent in accordance with Section 25(1) of the TDDDG. Subsequent data processing is based on your consent in accordance with Article 6(1), first sentence, point (a) of the GDPR.
Category: Advertising
Services in this category may use cookies and similar technologies to store and retrieve information on your device. We use these
- to count and distinguish you as an individual website visitor and to carry out statistical analyses of your interactions and your use of our website,
- to track your interactions with adverts placed by us via third-party providers on other websites across different devices and websites (so-called ‘conversion tracking’),
- to track and evaluate your interactions with our website and subsequently use this information as the basis for targeted advertising campaigns on advertising networks aimed at you or a specific target group to which you belong (known as retargeting and remarketing),
- to improve the effectiveness of our advertising measures and to manage our advertising campaigns.
To this end, individual pseudonymous identifiers (recognition features) consisting of numbers and letters are regularly stored on your device in cookies by us and the services when you visit another website or our website, and are read out again when you revisit that website or visit a new one. Other technologies may also be used on a regular basis to read identification markers from your device, such as in the case of so-called browser or device fingerprinting, whereby data relating to the characteristics of the browser you are using (e.g. type and version of the browser) and its configuration (e.g. preferred language), or to the characteristics of your device (e.g. manufacturer and model of your mobile phone, operating system) or the hardware you are using (e.g. screen resolution) to recognise you pseudonymously as a distinct user. Where applicable, the processed pseudonymous identification features may also be combined with other data by us or by the providers of the services used. In this way, the services we use and their providers may also exchange and compare identification features (IDs) amongst themselves so that, in the event of a match, the features can be merged and assigned to the same pseudonymous user (so-called ID matching/ID syncing). This enables the recognition and targeted advertising of website visitors across devices, platforms and advertising networks. If you identify yourself using your personal data, such as your name or email address, or enter your own user data on our website, or log in via social networks or third-party online services that also provide us with corresponding tracking and advertising services, pseudonymous identifiers may also be linked to your personal data or user data. In this way, we or the service providers can create and analyse comprehensive pseudonymous or non-pseudonymous user profiles, which we then use to target advertising based on your interests. The use of these services, as well as the corresponding cookies and similar technologies in this category, is based on your consent in accordance with Section 25(1) of the TDDDG. Any subsequent data processing is based on your consent in accordance with Article 6(1), first sentence, point (a) of the GDPR.
8. Contents of our website
8.1 Data processing when opening a business partner account and for contract execution
Pursuant to Article 6 Paragraph 1(b) GDPR, personal data is collected and processed if you provide it to us for the execution of a contract or when opening a business partner account. The data collected is shown in each input form. You may erase your business partner account at any time by sending a message to the data controller’s address as stated above. We store and use the data you provide to execute contracts. After complete execution of the contract or erasure of your business partner account, your data will be blocked, taking into account tax and commercial retention periods, and erased once these periods have expired unless you have expressly consented to the further use of your data or we are legally permitted to further use your data, about which we will inform you below.
8.2 Contact/contact form
Personal data is collected when you contact us (e.g. using our contact form or by email). If you use a contact form to get in touch with us, the contact form you use will indicate the data being collected. This data is stored and used exclusively for the purpose of responding to your query or establishing contact and the associated technical administration. The legal basis for data processing is our legitimate interest in responding to your request pursuant to Article 6 Paragraph 1(f)f GDPR. If the aim of you contacting us is to conclude a contract, processing is also legally based on Article 6 Paragraph 1(b) GDPR. Your data will be erased once we have finished processing your query. This is the case when it can be inferred from the circumstances that the relevant facts have been clarified in a conclusive manner and there are no statutory retention obligations in place that prevent its erasure.
9. Newsletters
9.1 Newsletter for regular customers
If you have provided us with your email address when purchasing goods or services, we reserve the right to send you regular emails with offers on products or services from our collection similar to those you have already purchased. We do not require your specific consent for such purposes as per article 7, paragraph 3 of the UWG (Unfair Competition Act). The sole basis for the data processing is our legitimate interest in personalised direct marketing in line with article 6, paragraph 1 lit. f GDPR. We will not send you any emails should you expressly object to the use of your email address for that purpose. You are entitled to object to the use of your email address for the aforementioned purpose at any time with immediate effect by notifying the data controllers listed in the opening of this statement. By taking this action, you will incur submission fees only in line with basic rates. After receipt of your objection, your email address will immediately be removed for marketing purposes.
9.2 Marketing newsletter
You can subscribe to our newsletter via our website. The input screen determines which personal data are shared with us when subscribing to the newsletter.
We use our newsletter to regularly communicate our offers to our customers and business partners. You can, therefore, only receive our company’s newsletter if
- you have a valid email address and
- have registered for the newsletter.
For legal reasons, as part of the double opt-in procedure a confirmation email will be sent to the email address you provided when registering for the newsletter. This confirmation email is sent to check if you are the holder of the email address and have authorised the newsletter.
When you register for the newsletter, we also save the IP address used by your IT system at the time of registration, which is issued by your Internet Service Provider (ISP) as well as the date and time of registration. We must collect this data to investigate any (possible) misuse of your email address at a later stage and it is therefore lawful for the purposes of our security.
The personal data collected during registration are used solely for sending our newsletter. Furthermore, subscribers to the newsletter may receive information via email if this is required in order to administer the newsletter service for registration purposes, which may be the case if our newsletter is amended or technical circumstances change. Personal data collected for our newsletter service are not shared with third parties. You may terminate your subscription to our newsletter at any time. You can at any time withdraw your consent to the storage of the personal data you shared during registration. A link is provided in each newsletter to allow you to withdraw your consent. It is also possible to unsubscribe from our newsletter directly through the website or to contact us in another manner.
The legal basis for data processing for the purposes of sending a newsletter is article 6, paragraph 1 lit. a GDPR.
10. Your rights as a data subject
10.1 Right to confirmation
You have the right to request confirmation from us as to whether personal data relating to you will be processed.
10.2 Right to information (Article 15 GDPR)
You have the right to obtain information about the personal data stored about you at any time, free of charge, as well as the right to access a copy of such data from us.
10.3 Right to rectification (Article 16 GDPR)
You have the right to request the immediate rectification of incorrect personal data relating to yourself. Furthermore, the data subject has the right to request the completion of incomplete personal data, taking into account the purposes of the processing.
10.4 Erasure (Article 17 GDPR)
You have the right to request that we erase your personal data, provided one of the reasons stipulated by law applies and if processing is not necessary.
10.5 Restriction to processing (Article 18 GDPR)
You have the right to request that we restrict the processing of your data if one of the legal requirements is met.
10.6 Data transferability (Article 20 GDPR)
You have the right obtain personal data relating to you that you provided us in a structured, commonly used and machine-readable format. You also have the right to transfer this data to another controller without hindrance by us, to whom the personal data was provided, provided that the processing is based on the consent pursuant to Article 6 Paragraph 1(a) GDPR or Article 9 Paragraph 2(a) GDPR or on a contract pursuant to Article 6 Paragraph 1(b) GDPR, and the data are processed using automated procedures, unless processing is necessary to complete a task, is in the public interest or is carried out in the exercise of an official authority assigned to us.
Furthermore, when exercising your right to data transferability pursuant to Article 20 Paragraph 1 GDPR, you have the right to have personal data transferred directly from one controller to another, provided this is technically feasible and does not impede the rights and freedoms of other persons.
10.7 Objection (Article 21 GDPR)
You have the right to lodge an objection to the processing of personal data relating to you for reasons relating to your particular situation where this is done on the basis of Article 6 Paragraph 1(e) (data processing in the public interest) or (f) (data processing on the basis of the weighing of legitimate interests) GDPR. This also applies to profiling based on these provisions pursuant to Article 4 Number 4 GDPR.
Should you lodge an objection, we will no longer process your personal data unless we can demonstrate compelling and legitimate reasons for such processing that outweigh your interests, rights and freedoms, or where processing serves the assertion, exercise or defence of legal claims.
In individual cases, we process your personal data for direct marketing purposes. You have the right to object at any time to the processing of personal data for the purpose of such advertising. This also applies to profiling where this is connected to this kind of direct marketing. Should you object to the processing of your data for direct marketing purposes, we will no longer process your personal data for this purpose.
In addition, you have the right to object to our processing of your personal data for scientific or historical research purposes or for statistical purposes pursuant to Article 89 Paragraph 1 GDPR for reasons arising from your particular situation, unless such processing is necessary for the performance of a task in the public interest.
You are free to exercise your right to lodge an objection in relation to the use of information society services, Directive 2002/58/EC notwithstanding, by means of automated procedures using technical specifications.
10.8 Revocation of consent regarding data protection
You have the right to revoke any consent to the processing of personal data at any time with future effect.
10.9 Lodging a complaint with a supervisory authority
You have the right to complain to a supervisory authority responsible for data protection about our processing of personal data.
11. Routine storage, erasure and blocking of personal data
We process and store your personal data only for the period of time necessary to meet the storage purpose or as required by the legal provisions to which our company is subject.
If the storage purpose no longer applies or if a required retention period expires, personal data will be routinely blocked or erased in accordance with the statutory provisions.
12. Duration of storage of personal data
The criterion for the duration of the retention of personal data is the respective legal retention period. Once this period expires, the data in question will be routinely erased, provided it is no longer required for the fulfilment or initiation of the contract.
13. Consent Management via the Consent Management Platform CCM19
On our websites, we use the consent management platform CCM19 provided by Papoo Software & Media GmbH, Auguststr. 4, 53229 Bonn, Germany.
Description and Purpose of the Data Processing
We use the service to manage your consent to the use of cookies and similar technologies as well as to the subsequent data processing operations associated with them. If you give consent via our consent banner, the service processes the following data:
- the IP address of the connection you are using,
- the description of the web browser and operating system used,
- the language used by your browser and operating system,
- the address of the website on which you give your consent,
- the date and time of consent,
- the country from which you submit your request,
- a pseudonym used to distinguish between different users,
- your consent status with regard to the cookies and similar technologies we use, or with regard to the services used, which serves as proof of your consent.
This data is logged on the provider's servers. As part of the data processing, cookies are used to store your consent status on your device, and to read it out again and compare it when you access the page again. In this way, we are able to check your consent status on all subsequent and future visits to our websites and, in accordance with your decision regarding the use of cookies and other technologies, to activate or deactivate them when the page is accessed again. The purpose and our legitimate interest lie in being able to use cookies and similar technologies on our websites in a manner compliant with data protection law and to enable you to easily withdraw your declarations of consent.
Legal Basis for the Data Processing
Insofar as we use cookies and similar technologies as part of the integration of the service, or insofar as the service stores data on your device or reads data from it, this is carried out pursuant to Section 25 (2) TDDDG. Any subsequent data processing is carried out on the basis of Article 6 (1) sentence 1 point (f) GDPR.
Recipients
As part of the use of the platform, the data collected via our websites is transmitted to the following recipients:
- Papoo Software & Media GmbH, Auguststr. 4, 53229 Bonn, Germany
Storage Period
Through the integration of the services on our websites, data is transmitted to the recipients named above and processed there for as long as this is necessary to achieve the stated purposes.
14. Cloudflare (Content Delivery Network)
Our website uses CloudFlare features. The provider is CloudFlare, Inc. 665 3rd St. #200, San Francisco, CA 94107, USA. CloudFlare offers a globally distributed content delivery network with DNS. Technically, the information transfer between your browser and our website is routed via the CloudFlare network. CloudFlare is thus able to analyze the data traffic between the user and our websites, for example to detect and ward off attacks on our services. In addition, CloudFlare may store cookies on your computer for optimization and analysis.
You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when the browser is closed. If cookies are deactivated, the functionality of this website may be restricted.
We have concluded a corresponding agreement with Cloudflare on the basis of the GDPR for order processing or according to EU standard contractual clauses. Cloudflare collects statistical data about visits to this website. The access data includes: Name of the accessed website, file, date and time of access, amount of data transferred, notification of successful access, browser type and version, the user's operating system, referrer URL (the previously visited page), IP address and the requesting party providers. Cloudflare uses the log data for statistical evaluations for the purpose of operation, security and optimization of the offer.
If you have consented to the use of Cloudflare, the legal basis for the processing of personal data is Article 6(1)(a) GDPR. In addition, we have a legitimate interest in using Cloudflare to optimize our online offering and make it more secure. The corresponding legal basis for this is Art. 6 Para. 1 lit. f GDPR. The personal data are kept for as long as they are necessary to fulfill the processing purpose. The data will be deleted as soon as they are no longer required to achieve the purpose. The transfer of your personal data to the USA takes place on the basis of the standard contractual clauses. For more information about CloudFlare, visit: https://www.cloudflare.com/privacypolicy/ .
15. Google Maps-Api
We use Google Maps (API) on our website. The operating company of Google Maps is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Ireland Limited is part of the Google group of companies with headquarters at 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Google Maps is a web service for displaying interactive (land) maps in order to visually present geographical information.
By using this service, for example, our location can be displayed to you and a possible approach can be facilitated. Already when calling up those sub-pages in which the map of Google Maps is integrated, information about your use of our website (such as your IP address) is transmitted to Google servers in the USA and stored there, as long as you have given your consent within the meaning of Art. 6 (1) lit. a) GDPR. In addition, Google Maps reloads the Google Web Fonts and Google Photo (as well as google stats). The provider of these services is also Google Ireland Limited. When you call up a page that embeds Google Maps, your browser loads the web fonts and photos required to display Google Maps into your browser cache. Also for this purpose, the browser you are using establishes a connection to Google's servers. Through this, Google obtains knowledge that our website was accessed via your IP address. This occurs regardless of whether Google provides a user account through which you are logged in or whether no user account exists.
If you are logged in to Google, your data will be directly assigned to your account. If you do not want the assignment with your profile at Google, you must log out of your Google user account. Google stores your data (even for users who are not logged in) as usage profiles and evaluates them. You have the right to object to the creation of these user profiles, and to exercise this right you must contact Google as follows.
If you do not agree to the future transmission of your data to Google in the context of the use of Google Maps, you also have the option of completely disabling the Google Maps web service by turning off the JavaScript application in your browser. Google Maps and thus also the map display on this website can then not be used. These processing operations are carried out exclusively when explicit consent is given in accordance with Art. 6 (1) lit. a) GDPR. Additional information on the service can be found at the following links https://www.google.de/intl/de/policies/terms/regional.html https://www.google.com/intl/de_US/help/terms_maps.html
The parent company Google LLC is certified as a US company under the EU-US Data Privacy Framework. There is hereby an adequacy decision pursuant to Art. 45 GDPR, so that a transfer of personal data may also take place without further guarantees or additional measures.
The privacy plicy of Google Maps could be found here: ("Google Privacy Policy"): https://www.google.de/intl/de/policies/privacy/ .
16. HubSpot
On our websites, we integrate the “HubSpot” platform of HubSpot, Inc., 2 Canal Park, Cambridge, MA 02141, USA.
In the European Union (EU) and the European Economic Area (EEA), the service is offered—depending on the customer’s place of establishment—by certain country subsidiaries. In Germany, the service is offered by HubSpot Germany GmbH, Am Postbahnhof 17, 10243 Berlin, Germany.
Description of the processing of data and purpose
The platform enables us to:
- manage prospect and customer data,
- respond to and document inquiries to our customer service,
- respond to your inquiries via our chat function,
- analyze and evaluate interactions with our websites,
- create, analyze and evaluate interactions with our social media presences as well as to make contact and handle communications via social media,
- conduct and analyze email marketing campaigns, and
- create, enrich and evaluate profiles of potential prospects,
with the aim of acquiring new prospects for our products and services, addressing acquired prospects and existing customers with targeted advertising, and being able to optimize our strategy in the marketing area - especially online and email marketing - through evaluations and analyses. Cookies and similar technologies, in particular JavaScript, may be used to store and read data on your end device.
We use “HubSpot” to manage prospect and customer data.
For this purpose, we process personal data that you provide via forms and the chat on our websites (salutation, first name, last name, contact details such as email address and telephone number, and, where applicable, data about your company), information about which of our products you are interested in, and other information that you voluntarily provide to us. In addition, we also use the platform to manage our customer contacts, including the aforementioned data of our contact persons at customers. The purpose of the data processing and our legitimate interest are to effectively organize the management of the contact data of potential prospects and customers and to use it for the further processing activities enabled by the platform.
We use “HubSpot” to respond to and document inquiries to our customer service.
When responding to your inquiry to our customer service by email or telephone, we process personal data you provide (salutation, first name, last name, contact details such as email address and telephone number and, where applicable, data about your company), information about your request, and other information you voluntarily provide to us. The processing is carried out to handle your inquiry and to document the processing, in particular in order to be able to access the previous status of matters in the event of renewed inquiries on the same or similar topics. The purpose of the data processing and our legitimate interest are to process your requests effectively and to be able to document our measures to implement your request in a traceable manner.
We use “HubSpot” to handle communications via the chat function on our website in order to answer your inquiries.
When responding to your inquiry, we process personal data you provide (salutation, first name, last name, contact details such as email address and telephone number and, where applicable, data about your company), information about which of our products you are interested in, and other information you voluntarily provide to us. The purpose of the data processing and our legitimate interest are to be able to answer your inquiry effectively via the chat function.
We use “HubSpot” to analyze and evaluate visits to our websites.
We observe and analyze the behavior of website visitors and their use of our websites. In this way, we are able to recognize returning visitors pseudonymously and count them as such. We process data on how a visitor reached our websites (e.g., via web search, direct page access, social media pages, referrals from other websites and, where applicable, via marketing emails or other advertising campaigns), how many visits took place, how long a visit lasted, and how many individual pages were accessed. In addition, we also process further data on your interactions and behavior on our website (e.g., completing forms, using our chat, downloading documents, playing media, etc.). The purpose of the data processing is to create statistics in order to improve the attractiveness of our website and to optimize the effectiveness of our marketing measures and manage our advertising strategy.
We use “HubSpot” to analyze and evaluate interactions with our social media presences.
We publish posts and, where applicable, newsletters on our social media presences, such as LinkedIn, via HubSpot and analyze visitors’ interactions (e.g., sharing or liking posts, users’ interaction with newsletters, for example the extent to which the content was interacted with, in particular which links were clicked and to what extent the newsletter was read or skimmed). The purpose of the data processing is to create statistics in order to improve the attractiveness of our social media presences and to optimize the effectiveness of our marketing measures and manage our advertising strategy.
We use “HubSpot” to make contact and handle communications via the social media platform.
When responding to your inquiry via social media, we process personal data you provide (salutation, first name, last name, contact details such as email address and telephone number and, where applicable, data about your company), information about which of our products you are interested in, and other information you voluntarily provide to us. The purpose of the data processing and our legitimate interest are to be able to answer your inquiry effectively via the social media channel.
We use “HubSpot” to prepare and conduct email marketing and, where applicable, for email tracking.
If you give us separate consent on our website, we also use your email address to contact you via marketing emails and to be able to inform you by way of direct marketing, based on your interests, about our products and services, current events, promotions and events as well as offers. The purpose of the data processing is to address you or your company with personalized advertising by email or via our email newsletter and to inform you about our own products, goods, services, events and offers or those of cooperation partners. If you also give us separate consent, you allow us to process data on whether you received our marketing emails and opened them, which email client software you use, the extent to which you interacted with the content—especially which links you clicked—and the extent to which you read or skimmed our emails. We use this data to create statistics in order to improve the attractiveness of our marketing emails and to optimize the effectiveness of our marketing measures and manage our advertising strategy. The purpose of the data processing is to create statistics in order to improve the attractiveness of our social media presences and to optimize the effectiveness of our marketing measures and manage our advertising strategy. After your email address has been submitted via a form or via the chat on our website, you will receive an email from us with a link in which we ask you to confirm your email address and thereby sign up to receive advertising emails. The purpose of the data processing is to ensure that only authorized persons sign up to receive our advertising emails.
We use “HubSpot” to create, enrich and evaluate prospect profiles.
We consolidate the data processed via the platform into a personalized profile, enrich it where applicable with data from additional sources, evaluate it in the profile by means of score values, and carry out analyses in order to infer which of our products and services, current events, promotions and events as well as offers you are interested in, which customer segment you can be assigned to, and the likelihood that your interest in our products and services would lead to the conclusion of a contract.
For this purpose, we process the following data:
- about you (salutation, first name, last name, contact details such as email address and telephone number and, where applicable, data about your company),
- about your use, interactions and behavior on our website (e.g., page views, completing forms, using our chat, downloading documents, playing media, etc.),
- about your use of our marketing emails (receipt and opening, email client software used, click data, read rate),
- about your interactions with our social media presences.
The purpose of the data processing is to optimize our marketing measures and manage our advertising strategy in order to be able to address you with advertising as precisely as possible.
Legal bases for data processing
Management of prospect and customer data
The legal basis for using the platform to manage prospect and customer data is Art. 6(1)(f) GDPR.
Responding to and documenting inquiries to our customer service by telephone and email
To the extent that we use HubSpot to respond to and document inquiries by email or telephone to our customer service, the legal bases for data processing for responding to and documenting such inquiries are Art. 6(1) sentence 1 lit. b GDPR and Art. 6(1)(f) GDPR.
Responding to inquiries via the chat function
The legal bases for data processing in the context of responding to general inquiries via our chat function are Art. 6(1)(f) GDPR as well as Art. 6(1)(a) GDPR to the extent that you voluntarily provide us with information in the correspondence. Your consent is voluntary and can be withdrawn at any time with effect for the future. To exercise your withdrawal with regard to the processing of data voluntarily provided in the correspondence, please contact [email address]. If your inquiry is aimed at concluding a contract with you or your company, or if it is an inquiry to our customer service, the legal bases for data processing are Art. 6(1) sentence 1 lit. b GDPR and Art. 6(1)(f) GDPR.
Analysis and evaluation of website visits
The legal basis for integrating and using the platform on our websites to analyze and evaluate interactions with the website is your consent, provided you have given it via our consent management platform. The use of cookies and similar technologies is based on Section 25(1) TDDDG. The subsequent data processing is based on Art. 6(1)(a) GDPR. Your consent is voluntary and can be withdrawn at any time with effect for the future. To withdraw your consent, please use the “Cookie settings” link at the bottom of the website to open the consent management platform again and change your settings.
Analysis and evaluation of interactions with our social media profiles
The legal basis for analyzing and evaluating interactions with our social media presences is your consent pursuant to Art. 6(1)(a) GDPR, insofar as you have given it via the social media provider. Your consent is voluntary and can be withdrawn at any time with effect for the future. You can find out how to exercise your withdrawal in the privacy policy of the respective social media provider. In addition, you may exercise your right to object with regard to the data processed exclusively by us by contacting [email address].
Making contact and handling communications via the social media platform
The legal bases for making contact and handling communications via social media are your consent pursuant to Art. 6(1)(a) GDPR, insofar as you have given it via the social media provider. The legal basis for handling inquiries via our social media presences is Art. 6(1)(f) GDPR as well as Art. 6(1)(a) GDPR to the extent that you voluntarily provide us with information in the correspondence. Your consent is voluntary and can be withdrawn at any time with effect for the future. To exercise your withdrawal with regard to the processing of data voluntarily provided in the correspondence, please contact [email address].
Preparation and implementation of email marketing and, where applicable, email tracking
The legal basis for processing your data in the context of carrying out email marketing and email tracking is also your consent, which is obtained separately, e.g., via forms. The use of cookies and similar technologies is also based on Section 25(1) TDDDG. The subsequent data processing is based on Art. 6(1)(a) GDPR. Your consent is voluntary and can be withdrawn at any time with effect for the future. To withdraw your consent with regard to data processing in the context of email marketing and email tracking, please use the unsubscribe link in our marketing emails or contact [email address].
Creation and evaluation of prospect profiles
The legal basis for processing your data in the context of creating and evaluating prospect profiles is also your consent, which is obtained separately, e.g., via forms. The use of cookies and similar technologies is also based on Section 25(1) TDDDG. The subsequent data processing is based on Art. 6(1)(a) GDPR. Your consent is voluntary and can be withdrawn at any time with effect for the future. To withdraw your consent with regard to data processing in the context of email marketing and email tracking, please use the unsubscribe link in our marketing emails or contact [email address].
Use of Artificial Intelligence
Description of the use of AI and its purpose
Artificial intelligence is used in the context of processing your data. The HubSpot artificial intelligence “Breeze” is used, which is integrated into various functions of the platform and/or made available to us in the form of various AI agents. We use the following “Breeze” functions and agents in the context of the data processing described above in the areas of marketing, sales and customer service:
- Breeze Copilot: AI-powered assistant that generates context-based recommendations, summaries, and suggested actions within the HubSpot platform in order to support and automate workflows.
- Breeze Intelligence: Enrichment of contact and company data through AI-supported analysis and supplementation of profile data from external and internal sources in order to improve data quality in the CRM.
- Breeze Agent for Customer Service: AI-powered agent for the automated handling of customer inquiries, generating reply suggestions, and supporting customer service teams.
- Breeze Content Agent: AI-supported creation and optimization of content (e.g. blog articles, landing pages, emails) based on existing data and specifications.
- Breeze Agent for Social Media: AI-supported creation, planning, and optimization of social media content and posts.
- Breeze Prospecting Agent: AI-supported identification of and outreach to potential new customers (leads) based on CRM data and defined target group profiles.
- Breeze Knowledge Base Agent: AI-supported creation and maintenance of knowledge base articles based on existing support content and customer inquiries.
- The purpose of the data processing is to optimize, automate, and make our marketing, sales, and customer service processes more efficient through the use of AI technologies, as well as to improve the quality of our communications and content.
Legal basis for the use of AI
Where the processing is necessary for the performance of a contract or for taking steps prior to entering into a contract, it is carried out on the basis of Article 6(1), first sentence, point (b) GDPR. Where you have given us your explicit consent, the processing is carried out on the basis of Article 6(1), first sentence, point (a) GDPR. Your consent is voluntary and may be withdrawn at any time with effect for the future. We base the processing of data using AI on our legitimate interest pursuant to Article 6(1), point (f) GDPR in the efficient design of our business processes, the improvement of our communications, and the optimization of our marketing and sales activities.
Recipients
In the context of the data processing, your data is transferred to the following recipients:
- HubSpot Germany GmbH, Am Postbahnhof 17, 10243 Berlin, Germany,
- HubSpot, Inc., 2 Canal Park, Cambridge, MA 02141, USA.
Processing in third countries
Your data is transferred to recipients in third countries. For transfers of data to the USA, there is an adequacy decision of the EU Commission with regard to companies certified under the EU-U.S. Data Privacy Framework. HubSpot Inc. is certified under the EU-U.S. Data Privacy Framework.
Storage period
Management of prospect and customer data
We process the data collected for managing prospect and customer data as long as our company is active in the market for advertising purposes, but no longer than for a period of 3 years.
Responding to and documenting inquiries to our customer service
We process the data collected to respond to and document inquiries to our customer service for as long as there is a business relationship between you or the company for which you work and us, but no longer than for a period of 3 years.
Responding to inquiries via the chat function
We process the data collected to handle communication via the chat function on our website for a period of 2 years.
Analysis and evaluation of website visits
We process the data collected for analyzing and evaluating interactions with our websites for a period of 13 months.
Analysis and evaluation of interactions with our social media profiles
We process the data collected for analyzing and evaluating interactions with our social media presences for a period of 13 months.
Making contact and handling communications via the social media platform
We process the data collected for making contact and handling communications via the social media platform for a period of 3 years.
Preparation and implementation of email marketing and, where applicable, email tracking
We process the data collected for preparing and implementing email marketing and, where applicable, email tracking for a period of 3 years.
Creation and evaluation of prospect profiles
We process the data collected for creating, enriching and evaluating prospect profiles as long as our company is active in the market for advertising purposes, but no longer than for a period of 3 years.
Deletion
We will then delete your data from our operational systems unless processing is still permissible for another purpose stated in this notice and on a corresponding legal basis.
17. General information on data transfers to third countries
The processing of your data may, where applicable, also take place in countries outside the European Union (EU) and the European Economic Area (EEA).
For data transfers to certain third countries, an adequacy decision by the European Commission pursuant to Article 45(1) of the GDPR may apply. Such a decision confirms that an adequate level of data protection exists in the third country. A list of adequacy decisions to date can be viewed via the following link: Data protection adequacy for non-EU countries.
The scope of an adequacy decision may also be restricted to a specific group of recipients or made subject to further conditions.
For example, the adequacy decision for data transfers to the USA applies only to organisations certified under the EU-US Data Privacy Framework. The certification status of a participating organisation can be viewed via the following link: Participant Search (dataprivacyframework.gov).
Where your data is transferred to recipients in third countries for which no adequacy decision exists, there is a risk that the authorities in those countries may access your data for security and surveillance purposes without you being informed of this or being able to seek legal redress.
We therefore ensure that appropriate safeguards within the meaning of Article 46 of the GDPR are in place to guarantee an adequate level of data protection when transferring your data to recipients in such third countries.
As a matter of routine, either we or the service providers we engage therefore enter into the European Commission’s Standard Data Protection Clauses in accordance with Article 46(2)(c) of the GDPR. These clauses oblige the recipient of the data in the third country to process it in accordance with the European standard of protection. The clauses can be viewed via the following link: Publications on the Standard Contractual Clauses (SCCs) – European Commission. Should you require further details regarding the modules of the Standard Data Protection Clauses we have concluded in specific cases or any supplementary measures, we will be happy to provide you with a copy. In this case, please simply contact us using the details provided above under ‘Data Controller’.
In the case of certain recipients, data transfers may also be based on binding corporate rules (BCRs) approved by the supervisory authorities in accordance with Article 46(2)(b) of the GDPR. These can be viewed via the following link: Approved Binding Corporate Rules | European Data Protection Board.
Where the Standard Data Protection Clauses or Binding Corporate Rules are insufficient to ensure the required level of protection, additional technical, contractual or organisational measures are taken to safeguard the data transfer. Furthermore, regular reviews and assessments are carried out to determine whether these additional measures continue to ensure an adequate level of data protection or whether further supplementary measures may need to be taken.
Further details on data transfers to third countries can be found in the relevant sections below, in the explanations regarding data processing or the services used, under ‘Data processing in third countries’.
18. Version and amendments to the Privacy Notice
This Privacy Notice is currently valid and was last updated on October 2019.
It may be necessary for us to amend this Privacy Notice in the process of further developing our website and the services we offer through our website or due to changes in legal or regulatory requirements. You can view and print our current Privacy Notice on the website at any time by visiting " https://www.lissmac.com/privacy-policy/ ".
This privacy statement has been prepared with the assistance of the DDSB GmbH .