Data Protection Declaration of LuArtX IT GmbH and LuArtX GmbH
1. Basic information
This data protection declaration is to inform the users of this website about the type, extent and purpose of the collection and use of person-related data by the website owner LuArtX IT GmbH.
We are pleased that you are visiting our website and that you are interested in what we have to offer. We take your data protection very seriously and treat your personal data confidentially in accordance with the legal regulations. As changes to this data protection declaration can be made due to new technologies and the constant further development of this website, we recommend that you read this through again at regular intervals.
This data protection declaration is based on the EU General Data Protection Regulation (GDPR). You can find definitions of the terms used there (e.g. “personal data” or “processing”) in Art. 4 of GDPR).
Responsible body within the meaning of the GDPR is:
LuArtX IT GmbH
71034 Böblingen/Sindelfingen, Germany
The data protection officer of the responsible company is:
Dipl.-Ing. (FH) Jan Alkemade
Alkemade IT-Security e.K.
Egerländer Str. 9
Tel. 06002 939593
2. Collection and processing of access data
We, the website owner or page provider, collect data on the basis of our legitimate interest (see Art. 6 para. 1 lit. f. GDPR) via access to the website and store these as “server logfiles” on the website server. The following usage and meta/communications data are logged as follows:
- Website visited
· Time of the access
· Quantity of data sent, in bytes
· Source/link to get to a page
· Browser used
· Operating system used
· IP address used
The server log files will be basically stored for twelve months or less and then deleted. The storage of the data takes place for security reasons, e.g. to be able to clarify cases of misuse. If data have to be stored for reasons of proof, these will be excluded from deletion till the incident is finally clarified.
3. Contact data collection
We process and store personal data such as first name, last name, IP address, email address, town, postal code and other contents from our contact form. The details given by the user can be stored in a Customer-Relationship-Management System (CRM System) or comparable query organisation. The processing of the data given in the contact form therefore takes place solely on the basis of your consent (Art. 6 para. 1 lit. a of GDPR) or within the framework of contractual/pre-contractual relationships (Art.6 para. 1 lit. b of GDPR). You can revoke this consent at any time.
We will delete the queries as soon as these are no longer necessary. We check the necessity every two years. The legal archiving obligations also apply.
4. Range measurement & cookies
Most of the cookies used by us are so-called session cookies. These are automatically deleted at the end of your visit. A login status, for example, can be stored in such a cookie. Other cookies remain stored on your end device till you delete them.
If you do not want cookies for range measurement to be stored on your end device, you will be requested to deactivate the corresponding option in the system settings of your browser. Stored cookies can be deleted in the system settings of your browser. Note: It is not guaranteed that you can access all functions of the website without restrictions when you make the appropriate settings.
5. Collection and processing of personal data
The website provider only collects, uses and passes on your personal data when this is allowed within a legal framework or you consent to the data collection. Personal data are taken to be all information which serve to define your person and can be traced back to you – e.g. your name, e-mail address and telephone number.
You can also visit this website without giving details of your person. To improve our online offer, we store however (without reference to person) your access data to this website. These access data include, for example, the file requested by you or the name of your internet provider. Conclusions about your person cannot be drawn due to the anonymisation of the data.
We process data within the framework of administrative tasks, organisation of our company, accountancy and compliance with legal obligations, e.g. archiving. We process the same data here that we process in the context of providing our contractual services. The process basics are (Art. 6 para. 1 lit. c. GDRP) and (Art. 6 para. 1 lit. f. GDRP). Customers, interested parties, business partners and website visitors are affected by the processing. The purpose and our interest in the processing lies in the administration, accountancy, office organisation, data archiving, i.e. tasks that are used to maintain our business activities, perception of our tasks and compliance of our services. The deletion of data with respect to contractual services and the contractual communication corresponds to the named details in these processing activities.
6. Data security
We take suitable technical and organisational measures according to the stipulation of the statutory requirements and taking into account the technical state-of-the-art, the implementation costs and the extent of the conditions and of the purposes of the processing as well as of the occurrence probability and seriousness of the risks and to the rights of natural persons in order to ensure an appropriate risk protection level.
Included in the measures are especially the securing of trust, integrity, and availability of data by checking the physical access to the data as well as those of the relevant access, of the input, of the passing on and securing the availability of their separation.
7. Duration of the storage of personal data
We process and store your personal data so long as is required for the fulfilment of our contractual and legal obligations or is otherwise necessary in the processing of purposes aimed at, e.g. for the duration of the entire business relationship (from the initiation, handling to the end of a contract) and in addition to the statutory storage and documentation obligations. In this, it is possible that personal data are stored for the time in which claims against our company can be enforced and insofar as we are otherwise legally obliged or legitimate business interest demand this (e.g. for proof and documentation purposes). As soon as the personal data for the above-mentioned purposes are no longer required, they are generally and, as far as possible, deleted or anonymised. For company data (e.g. system reports, logs), generally shorter storage periods of twelve months or less are applied.
8. Plugins and tools
We include content or service offers from third party providers within our online offer on the basis of our legitimate interests, i.e. interests in analysis, optimisation and economic operation of our online offer, within the meaning of Art. 6 para. 1 lit. f. GDPR , in order to incorporate their content and services, e.g. videos or typefaces (hereinafter uniformly designated as “content”).
This always assumes that the third party providers of this content recognise the IP address of the users – as it would not be able to send the content to its browser without knowing the IP address. The IP address is therefore necessary for showing the content. We make every effort only to use such content whose particular provider only uses the IP address for the delivery of the content. Third-party providers can also use so-called pixel tags (hidden images that are also called web beacons) for statistical or marketing purposes. Information such as visitor traffic on the pages of this website can be evaluated using pixel tags. The pseudonymised information can also be stored in cookies on the user device and contain other technical information about the browser system, linking websites, visit duration and further details about the use of our online offer and also be connected to such information from other sources.
This page uses the map service Google Maps via an API. Provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Especially IP addresses and location data of the users can be part of the data processed; this information is transferred as a rule to a Google server in the US and stored there. The provider of this page has no influence on this data transfer.
The use of Google Maps is in the interest of an attractive representation and to make it easy to find the locations given on our website. This represents a legitimate interest within the meaning of Art. 6 para. 1 lit. f GPDR.
We integrate the function for the recognition of bots, e.g. in input on online forms (reCAPTCHA) of the provider Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
We integrate the videos from the “YouTube” platform from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. The YouTube videos are only loaded when the visitor approves consent. As long as the visitor does not accept the consent, no YouTube cookies are set.
SSL or TLS encryption
The website owner uses SSL/TLS encryption to provide the best possible protection for your data during the transfer. You can recognise such encrypted connections by the green padlock in front of the address line or by the prefix https:// in the page link in the address line of your browser. Non–encrypted pages have the labelling http:// .
All data that you transfer to this website – queries or logins for example – cannot be read by third parties, thanks to SSL/TLS encryption.
9. Social Media
We have our own pages on many social networking sites. As soon as you visit and interact with our social networking pages, we collect information from you. Be sure to review the privacy policies of any social networking platform you use to learn more about its privacy practices.
10. Newsletter subscription
We provide a newsletter in which we inform you about current events and special offers. If you would like to subscribe to the newsletter, please provide a valid e-mail address. By subscribing to the newsletter, you agree to receive the newsletter and consent to the following procedures.
The newsletter is sent by the mailing service provider Mailchimp, a mailing platform of the provider The Rocket Science Group, LLC, 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308 USA. Information about the data protection regulations of the shipping service provider can be found at: https://mailchimp.com/legal/privacy/.
If you subscribe to the newsletter, we validate your e-mail address by means of a double opt-in procedure. We will then use your e-mail address to send you our newsletter at regular intervals. Your data is stored on the servers of The Rocket Science Group, LLC in the USA. Information on the security regulations of the shipping service provider in the area of the collected data and the infrastructure can be found at: https://mailchimp.com/about/security/.
On the basis of the collected data in Mailchimp we carry out statistical surveys and analyses. Among other things, it is analysed whether you open the newsletter, which links you click on, etc. If you do not want Mailchimp to perform any analysis, you have to unsubscribe the newsletter.
Revocation and termination
You can revoke your consent to receive the newsletter at any time and thus cancel the newsletter subscription. After your cancellation, your personal data will be deleted from the servers of The Rocket Science Group, LLC. This does not affect data that has been stored in our CRM system for other purposes. Your consent to receive the newsletter will expires at the same time. At the end of each newsletter you will find a direct link to the cancellation.
11. Cooperation with Cyon, processor
As with any connection to a web server, the server of our webhosting provider Cyon in Basle, Switzerland logs and stores certain technical data. These data include the IP address, the operating system of your device, the data, the access time, the type of browser as well as the browser query, including the origin of the query (referrer). This is necessary for technical reasons to make our website available to you. Using technical and organisational measures, Cyon protects these data against unauthorised access and does not pass these on to third parties. In as far as we process personal data, we do this on the basis of our interest to provide you with the best possible user experience and to ensure the security and stability of our systems.
12. Rights of the user
As a user, you have the right to apply for and receive information free-of-charge about which personal data have been stored concerning you. You also have the right to have false information corrected and have the processing limited or have your personal data deleted. If relevant, you can also assert your right to data portability. Should you assume that your data have been processed illegally, you can submit a complaint to the competent supervisory authority. A list of data protection officers and their contact details can be obtained via the following link: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.
13. Deletion of data
If your wish does not conflict with a statutory obligation to store data (e.g. telecommunications data retention), you have the right to have your data deleted. Data stored by us will be deleted should they no longer be necessary for their intended purpose and there are no statutory retention periods. If a deletion cannot be performed as the data are necessary for authorised statutory purposes, a limit will be set on the data processing. In this case, the data are locked and not processed for other purposes.