In this Privacy Policy, we explain which of your personal data we use for what purposes and within which scope. This Privacy Policy applies to every instance in which we process personal data, including within the scope of the provision of our services as well as on our web pages, in mobile applications, and within the scope of external websites such as social media profiles (hereinafter referred to as “online services”).
LGH Service GmbH
Mommsenstr. 6
D-04329 Leipzig
Authorized representatives: Kai Thalmann, CEO
E-mail address: info@lgh-leipzig.de
Telephone: +49 (0) 341 2597700
Dr. Jürgen Fechner
Walter-Markov-Ring 42
04288 Leipzig
+49 (0) 171 8266933
The following overview summarizes the types of personal data processed and the purposes of processing, and it also lists the data subjects.
Types of Personal Data Processed
Data Subject Categories
Purpose of Data Processing
Legal Basis
The following section explains the legal basis for our processing of personal data. Please note that in addition to the provisions of the General Data Protection Regulation (GDPR), other national data protection regulations may apply for your country of residence/domicile. If a special legal basis is additionally applicable in individual cases, we will inform you of this fact within the scope of the Privacy Policy.
National data privacy regulations in Germany: In addition to the provisions of the General Data Protection Regulation, national data privacy regulations apply in Germany. These include, in particular, the German Federal Data Protection Act (BDSG). The BDSG includes special regulations regarding the data subject’s right of access, right to erasure, and right to object, as well as regarding the processing of special categories of personal data, processing for other purposes, the transfer of data, and automated individual decision-making, including profiling. It also governs data processing for employment-related purposes (BDSG Section 26), particularly as regards hiring decisions, carrying out or terminating the employment contract, and consent from employees. Moreover, state data privacy laws in the individual German states may be applicable.
In accordance with applicable legal regulations, we take appropriate technical and organizational measures to ensure a level of security appropriate to the risk, taking into account the latest technology, the costs of implementation, and the nature, scope, context, and purposes of processing and the extent of the risk to the rights and freedoms of natural persons.
In particular, these measures include safeguarding the confidentiality, integrity, and availability of personal data by controlling physical and electronic access to the personal data as well as safeguarding other forms of access to, input, transmission, availability, and separation of the data. In addition, we have established procedures to ensure that data subjects’ rights are respected, that data is erased, and that we are able to respond to threats to personal data. Moreover, we take the protection of personal data into account at an early stage: during the development or selection of hardware, software, and procedures, in accordance with the principle of privacy by design and privacy by default.
Shortening IP addresses: We will shorten your IP address or have it shortened in cases where doing so is possible and your IP address does not need to be stored. If your IP address is shortened (also known as IP masking), the last byte (the last two digits) of your IP address will be deleted (in this context, an IP address is an individual identifier assigned to an Internet connection by the online access provider). Shortening the IP address is intended to make it impossible or much more difficult to identify a person based on their IP address.
Within the scope of our processing of personal data, the data may be transferred to other bodies, companies, legally independent organizational units, or persons, or it may be disclosed to them. Recipients of this personal data may include payment institutions within the context of payment transactions, service providers commissioned with IT jobs, or providers of services or content embedded in a website. In such cases, we observe the legal requirements and enter into the requisite contracts or agreements with the recipients of your personal data in order to protect your data.
Data transfer within the corporate group: We may transfer personal data to other companies within our corporate group or grant them access to personal data. If the data is transferred for administrative purposes, the data is transferred based on our legitimate business and financial interests, or it is transferred in order to fulfill our contractual obligations, or if the data subject has provided consent or the transfer is permitted by law.
To the extent that we process personal data in a third country (i.e., a country outside of the European Union (EU), the European Economic Area (EEA)), or process personal data in the context of services provided by third parties, or disclose or transfer personal data to other individuals, bodies, or companies, this only occurs in compliance with applicable legal regulations.
Except in cases of express consent or transfer required by contract or law, we process the personal data or have it processed only in third countries that have a recognized level of data protection, that have a contractual obligation through standard protection clauses of the EU Commission, or that present certifications or binding internal data protection regulations (GDPR Article 44 to 49, information page of the EU Commission: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection_en).
Cookies are text files that contain data from visited websites or domains and are stored by a browser on the user’s computer. A cookie is primarily used to store information about a user during or after the user’s visit to an online service. This stored information may include the language settings on a website, the login status, a shopping cart, or the location where a video was viewed, for example. The term “cookies” also includes other technologies that fulfill the same functions as cookies (if user information is stored using pseudonymous online identifiers, also referred to as “user IDs,” for example).
Information on the legal basis: The legal basis on which we use cookies to process your personal data depends on whether we ask you for your consent. If this is the case and you consent to the use of cookies, the legal basis for processing your data is your declared consent. Otherwise, the data processed using cookies will be processed on the basis of our legitimate interests (e.g., our interest in operating or improving our online services in a business-oriented manner), or, in cases where the use of cookies is necessary, on the basis of fulfilling our contractual obligations.
Retention period: Unless we provide you with explicit information regarding the retention period of permanent cookies (e.g., within the scope of a cookie opt-in), please assume that the retention period can be up to two years.
General information on withdrawal of consent and objection (opt out): Depending on whether processing is based on consent or legal permission, you have the option to object to the processing of your data using cookie technologies or to revoke consent (collectively referred to as “opt-out”) at any time. You can initially state your objection via your browser settings, e.g., by deactivating the use of cookies (which may also restrict the functionality of our online services). You can also object to the use of cookies for online marketing purposes, particularly in the case of tracking, for a large number of services via the websites https://optout.aboutads.info and http://www.youronlinechoices.com. In addition, you will find further information on objecting to cookies as part of the information provided about the service providers and cookies used.
Processing cookie data on the basis of consent: Before we process data or have data processed as part of our use of cookies, we ask users for their consent, which can be withdrawn at any time. Before consent has been expressly granted, however, we may use some cookies that are absolutely necessary for the operation of our online services.
In order to provide our online services securely and efficiently, we use the services of one or more web hosting providers. Our online services can be accessed from their servers (or the servers they manage). For these purposes, we may use infrastructure and platform services, computing capacity, storage space, database services, security services, and technical maintenance services.
The personal data processed within the context of the provision of hosting services may include all information relating to the users of our online services that is collected in the course of use and communication. This regularly includes the user’s IP address, which is required for delivering the contents of online services to browsers, and all entries made within our online services or from websites.
Collection of access data and log files: We ourselves (or our web hosting provider) collect personal data each time the server is accessed. These files are known as server log files. Server log files may include the address and name of the web pages and files accessed, the date and time of access, data volumes transferred, notification of successful access, browser type and version, the user’s operating system, the referrer URL (the previously visited page), and, as a general rule, the IP addresses and the requesting provider.
The server log files can be used for security purposes – such as preventing servers from being overloaded, especially in the case of DDoS attacks – and to ensure the stability and optimal load balancing of the servers.
When contacting us (e.g., by contact form, e-mail, telephone, or social media), data about the persons submitting the contact request is processed to the extent necessary to respond to the contact requests and complete any requested actions.
We respond to contact requests within the framework of contractual or pre-contractual relationships in order to fulfill our contractual obligations, to respond to (pre-)contractual requests, and on the basis of legitimate interests in responding to the requests.
Web analytics allows us to evaluate the streams of visitors to our online services and can record users’ behavior, interests, or demographic information (such as age or gender) as pseudonymized values. The process allows us to identify when our online services or their functions are accessed most frequently, for example, or to invite users to use them again. We can also determine which areas require optimization.
In addition to web analysis, we can also use a testing process to allow us to test different versions of our online services or to test and optimize their components, for example.
User profiles can be created for this purpose and stored in a file called a “cookie,” or similar processes can be used for the same purpose. This information may include content viewed, websites visited, elements used on the websites, and technical information such as the browser used, the computer system used, and information on usage times. If users have consented to the collection of their location data, this data may also be processed, depending on the provider.
The users’ IP addresses will also be stored. However, we use an IP masking process (i.e., pseudonymization by shortening the IP address) to protect users. Generally speaking, we do not store any non-pseudonymized user data (such as e-mail addresses or names) in the context of web analysis, A/B testing, or optimization; we only store pseudonymous data. This means that neither we nor the providers of the software used are aware of the users’ actual identity; we only have access to the information stored in their profiles for the purposes of the processes in question.
Information on the legal basis: If we ask users for their consent in the context of third-party providers, the legal basis for processing personal data is this consent. Otherwise, users’ personal data will be processed on the basis of our legitimate interests (i.e., interest in efficient, economical, and user-friendly services). In this context, we would also like to refer you to the information in this Privacy Policy on how cookies are used.
Services and service providers used:
Google Analytics: Web analytics; service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, Parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; Website: https://marketingplatform.google.com/intl/en/about/analytics/; Privacy Policy: https://policies.google.com/privacy.
We process personal data for the purposes of online marketing, which may include, in particular, the marketing of advertising space or the display of advertising and other content (collectively referred to as “content”) based on the potential interests of users and the measurement of its effectiveness.
User profiles are created for this purpose and stored in a file called a “cookie,” or similar processes are used to store the user information relevant for displaying the aforementioned content. This information may include content viewed, websites visited, online networks used, communication partners, and technical information such as the browser used, the computer system used, and information on usage times. If users have consented to the collection of their location data, this data may also be processed.
The users’ IP addresses will also be stored. However, we use available IP masking processes (i.e., pseudonymization by shortening the IP address) to protect users. Generally speaking, we do not store any non-pseudonymized user data (such as e-mail addresses or names) in the context of online marketing; we only store pseudonymous data. This means that neither we nor the providers of the online marketing processes are aware of the users’ actual identity; we only have access to the information stored in their profiles.
The information in these profiles is usually stored in the cookies or using similar processes. These cookies can generally also use the same online marketing process on other websites, and they can be read and analyzed for the purposes of displaying content. Additionally, they can be supplemented with further personal data and stored on the server of the online marketing technology provider.
In exceptional cases, non-pseudonymized data may be allocated to the profiles. This is the case if, for example, the users are members of a social network whose online marketing process we use, and the network links the users’ profiles with the aforementioned data. Please note that users may enter into additional agreements with providers, e.g., by consenting as part of a registration process.
As a general rule, we only have access to aggregated information about the performance of our advertisements. However, as part of the process of conversion tracking, we can determine which of our online marketing processes led to a conversion, i.e., entering into a contract with us, for example. Conversion tracking is used solely for the purpose of analyzing the performance of our marketing activities.
Unless otherwise stated, the standard retention period for cookies is two years.
Information on the legal basis: If we ask users for their consent in the context of third-party providers, the legal basis for processing personal data is this consent. Otherwise, users’ personal data will be processed on the basis of our legitimate interests (i.e., interest in efficient, economical, and user-friendly services). In this context, we would also like to refer you to the information in this Privacy Policy on how cookies are used.
Services and service providers used:
We integrate functional and content elements into our online services that are drawn from the servers of their respective providers (hereinafter referred to as “third-party providers”). These elements may include graphics, videos, social media buttons, or posts (hereinafter referred to collectively as “content”).
The integration of these elements always requires the third-party providers of this content to process users’ IP addresses, as the providers cannot send content to users’ browsers without these IP addresses. Consequently, users’ IP addresses are required to display this content or these functions. We endeavor to only use content for which the respective providers require users’ IP addresses solely in order to deliver the content. Additionally, third-party providers can use pixel tags (invisible graphics also known as web beacons) for statistical or marketing purposes. These pixel tags allow information such as user traffic on the pages of this website to be evaluated. This pseudonymized information can also be stored in cookies on the user’s device and may include technical information about the user’s browser and operating system, linked websites, the time of the user’s visit, and further information about the use of our online services, and it may be liked to this type of information from other sources.
Information on the legal basis: If we ask users for their consent in the context of third-party providers, the legal basis for processing personal data is this consent. Otherwise, users’ personal data will be processed on the basis of our legitimate interests (i.e., interest in efficient, economical, and user-friendly services). In this context, we would also like to refer you to the information in this Privacy Policy on how cookies are used.
Services and service providers used:
The data we process will be erased in accordance with statutory provisions as soon as the consent required for its processing is revoked or other permissions no longer apply (e.g. if the purpose for processing this data no longer applies or if the data is no longer required for that purpose).
If the data is not erased because it is required for other legally permissible purposes, the processing of the data will be limited to those purposes, i.e., the data will be restricted and not processed for other purposes. This applies, for example, to data that must be stored for commercial or tax reasons, or for which storage is necessary to assert, exercise, or defend legal claims or to protect the rights of another natural person or legal entity.
As a data subject, you are entitled to various rights under GDPR, which arise from Articles 15 to 21 of GDPR, in particular:
One potential supervisory authority:
Data Privacy Officer of the State of Saxony
Mr. Andreas Schurig
Devrientstr. 5
01067 Dresden, Germany
Telephone: +49 (0) 351 85471 101
Fax: +49 (0) 351 85471 109
Website: www.datenschutz.sachsen.de
E-mail: saechsdsb@slt.sachsen.de
This section provides you with an overview of the terminology used in the Privacy Policy. Many of the terms are drawn from the law and are primarily defined in GDPR Article 4. The legal definitions are binding. The following explanations are primarily intended to improve comprehensibility and may not be complete. The terms are in alphabetical order.
We would ask you to please review our Privacy Policy on a regular basis. We will update our Privacy Policy as soon as changes to our data processing make it necessary. We will inform you as soon as the changes require action from you (e.g., consent) or another form of individual notification is required.
To the extent that this Privacy Policy includes addresses and contact details of companies and organizations, please note that addresses may change over time; consequently, we would ask you, as a general rule, to verify the information before making contact.
Source: Datenschutz-Generator.de, Dr. Thomas Schwenke
Adapted by: Dr. Jürgen Fechner