1. Basic information
The data controller within the meaning of the General Data Protection Regulation is:
LuArtX IT GmbH
71034 Böblingen/Sindelfingen, Germany
The data protection officer of the data controller is:
Dipl.-Ing. (FH) Jan Alkemade
Egerländer Str. 9
Phone 06002 939593
2. Collection and processing of access data
We, the website operator or page provider, collect data about accesses to the website based on our legitimate interest (see Art. 6 para. 1 lit. f. GDPR) and retain them as “server log files” on the website server. The following usage and meta/communication data are logged in this way:
· Visited website
· Access time
· Amount of data sent in bytes
· Source/reference from which you reached the page
· Browser used
· Operating system used
· IP address used
The temporary storage of the IP address by the system is necessary to be able to view the website. For this purpose, the IP address of the user (visitor) must be retained for the duration of the session. The storage in log files is used to optimize the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context.
These purposes also constitute a legitimate interest for the data processing according to Art. 6 para. 1 lit. f GDPR.
The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. When data is collected for the provision of the website, the purpose expires when the respective session has ended.
In the event that the data is stored in log files, it will be deleted after seven days at the latest. Storage beyond these time limits is possible (e.g. for security reasons, such as to clarify acts of abuse or fraud, storage for evidence purposes). In this case, the IP addresses of the users are deleted or masked, so that an assignment of the visiting client is no longer possible.
3. Contact data collection
We process and store personal data such as first name, last name, IP address, email address, town, postal code and other contents from our contact form. The details given by the user can be stored in a Customer-Relationship-Management System (CRM System) or comparable query organisation. The processing of the data given in the contact form therefore takes place solely on the basis of your consent (Art. 6 para. 1 lit. a of GDPR) or within the framework of contractual/pre-contractual relationships (Art.6 para. 1 lit. b of GDPR). You can revoke this consent at any time.
We will delete the queries as soon as these are no longer necessary. We check the necessity every two years. The legal archiving obligations also apply.
4. Range measurement & cookies
Most of the cookies used by us are so-called session cookies. These are automatically deleted at the end of your visit. A login status, for example, can be stored in such a cookie. Other cookies remain stored on your end device till you delete them.
If you do not want cookies for range measurement to be stored on your end device, you will be requested to deactivate the corresponding option in the system settings of your browser. Stored cookies can be deleted in the system settings of your browser. Note: It is not guaranteed that you can access all functions of the website without restrictions when you make the appropriate settings.
5. Collection and processing of personal data
The website operator collects, uses and shares your personal data only if this is permitted by law or if you consent to the collection of data. Personal data is any information that can be used to identify you and that can be traced back to you – for example, your name, e-mail address and telephone number.
You can also visit this website without providing any personal information. However, in order to improve our online services, we store (without any personal reference) your access data to this website. This access data includes, for example, the file you requested or the name of your Internet provider. Due to the anonymisation of the data, it is not possible to draw conclusions about your identity.
We process data to perform administrative tasks as well as for organisational purposes in our operations, financial accounting and compliance with legal obligations, such as archiving. To this end, we process the same data that we process in the course of providing our contractual services. The legal processing bases are (Art. 6 para. 1 lit. c. GDPR) and (Art. 6 para. 1 lit. f. GDPR). Customers, interested parties, business partners and website visitors are affected by the processing. The purpose and our interest in the processing relates to the administration, financial accounting, office organization, archiving of data, i.e. tasks that serve the maintenance of our business activities, performance of our tasks and provision of our services. The deletion of the data regarding contractual services and contractual communication corresponds to the information mentioned in these processing activities.
6. Data security
We take appropriate technical and organisational measures to ensure a level of protection appropriate to the risk in accordance with the legal requirements, taking into account the state of the art, the implementation costs and the nature, scope, circumstances and purposes of the processing, as well as the varying likelihood and severity of the risk to the rights and freedoms of natural persons.
The measures include, in particular, ensuring the confidentiality, integrity and availability of data by controlling physical access to the data, as well as access to, entry into, disclosure of, assurance of availability of and separation of the data.
7. Duration of the retention period of personal data
We process and store your personal data as long as it is necessary for the performance of our contractual and legal obligations or otherwise for the purposes pursued with the processing, i.e. for example for the duration of the entire business relationship (from the initiation, processing to the termination of a contract) as well as in accordance with the statutory retention and documentation obligations. In this context, it is possible that personal data will be retained for the time during which claims can be asserted against our company and to the extent that we are otherwise required to do so by law or legitimate business interests so require (e.g. for evidence and documentation purposes). As soon as your personal data is no longer required for the above-mentioned purposes, it will be – as a matter of principle and insofar as possible – deleted or anonymised. For operational data (e.g. system or other logs), shorter retention periods of twelve months or less generally apply.
8. Data transmission and cooperation with third parties
8. 1. Cooperation with data processors and third parties
If, in the course of our processing, we disclose data to other persons and companies (data processors or third parties), transmit it to them or otherwise grant them access to the data, this will only be done on the basis of a legal permission (e.g. if a transfer of the data to third parties, such as to payment service providers, is required in accordance with Art. 6 para. 1 lit. b GDPR is necessary for the performance of the contract), if you have consented, a legal obligation provides for this or based on our legitimate interests (e.g. when using agents, web hosts, etc.).
If we commission processors with the processing of data, this is done on the basis of Art. 28 GDPR.
8. 2. Transfer to third countries
If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or if this is done in the context of using third-party services or disclosing or transferring data to third parties, this will only be done for the purpose of fulfilling our (pre-)contractual obligations, on the basis of your consent, on the basis of a legal obligation or on the basis of our legitimate interests. Subject to legal or contractual permissions, we process or allow the processing of data in a third country only if the special requirements of Art. 44 et seq. GDPR are met. This means, for example, that processing takes place based on special guarantees, such as the officially recognized determination of a level of data protection that corresponds to the EU or compliance with officially recognized special contractual obligations (so-called “standard contractual clauses”).
8.3. Integration of third-party services and content
In our online service offerings – i.e. analysis, optimization and economic operation of our online offer within the meaning of (Art. 6 para. 1 lit. a . GDPR) – we use content or service offers of third-party providers in order to integrate their content and services, such as videos or fonts (hereinafter uniformly referred to as “content”).
This always requires that the third-party providers of this content know the IP address of the user, since without the IP address they would not be able to send the content to their browser. Thus, the IP address is required to display such content. We endeavour to use only such content whose respective providers use the IP address only for the provision of the content. Third-party providers may also use so-called pixel tags (invisible graphics, also known as “web beacons”) for statistical or marketing purposes. The “pixel tags” can be used to evaluate information such as visitor traffic on the pages of this website. The anonymised information may also be stored in cookies on the user’s device and may contain, among other things, technical information about the browser and operating system, referring websites, time of visit and other information about the use of our online offer, and can also be combined with such information from other sources.
8.4. Web hosting
The hosting services we use are used to provide the following services: Infrastructure and platform services, computing capacity, storage space and database services, security services and technical maintenance services that we use for the purpose of operating this online offering.
To provide these services we or our hosting provider process stock data, contact data, content data, contract data, usage data, meta data and communication data of customers, interested parties and visitors of this online offer based on our legitimate interests in an efficient and secure provision of this online offer pursuant to Art. 6 para. 1 lit. f GDPR in conjunction with Art. 28 GDPR (conclusion of a contract for order processing).
8.5. Data protection on third-party websites
This website may contain hyperlinks to third-party websites. If you follow a hyperlink to one of these websites, please note that we cannot accept any responsibility or guarantee for third-party content or data protection conditions. Please carefully read the applicable data protection conditions before you submit personal data to these websites. The relevant external operators have exclusive responsibility for the content of linked pages. When the link was created, there was no indication that the content of the page to be called up did not comply with the statutory provisions or was contrary to public morals. Please notify us immediately if a third-party site to which we refer by hyperlink does not comply or no longer complies with legal provisions or public morals. The license terms and conditions of use of the respective operators of the Internet offer apply.
9. Website analytics and Google services
9.1. Google Analytics
This website uses functions of the web analysis service Google Analytics. The provider is Google Inc. 1600 Amphitheatre Parkway Mountain View, CA 94043, USA. Its use is based on Art. 6 para. 1 p. 1 lit. a. GDPR.
Google Analytics uses so-called “cookies”. These are text files that are stored on your computer and enable an analysis of your use of the website. The information generated by the cookie about your use of this website is usually transferred to a Google server in the USA and stored there. If IP anonymisation is activated on this website, however, your IP address will be truncated beforehand by Google within member states of the European Union or in other contracting states to the Agreement on the European Economic Area. Only in exceptional cases the full IP address will be transmitted to a Google server in the USA and truncated there. On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics is not merged with other data from Google.
As an alternative to the browser add-on or within browsers on mobile devices, please click this link to prevent the future collection by Google Analytics within this website. To this end, an opt-out cookie is placed on your device. If you delete your cookies, you must click this link again.
9.2. Google Search Console
Google Search Console (GSC) is a web-based application from Google. This analysis and service tool can be used to monitor and manage websites in Google search results and find or solve problems. The application serves as a communicative interface between the domain and Google itself. Especially for search engine optimization (SEO) and website optimization, Search Console is an important component to learn more about the performance and organic visibility of your own domain and improve it. For example, the application provides information on which search terms a website ranks for and which pages are accessed particularly frequently or rarely.
Among other functions, the following functions can be used and website performances can be analysed:
– Impressions express how often a website URL for a particular search term was displayed and possibly viewed in Google search results.
– Clicks indicate how many times a searcher clicked on a website URL after it was displayed in search results.
– The CTR (Click Through Rate) is the ratio between impressions and clicks. It is calculated as follows: (Number of clicks / number of impressions) x 100.
– The average position indicates the average position in Google search results and is calculated as follows: Highest position per day / days in a given period.
Cookies are not set and tracking, e.g. of movement data on the website, also does not take place.
More details about the Google Search Console can be found here: https://support.google.com/webmasters/answer/9128668?hl=de.
The Google Search Console property is linked to our Google Analytics property so that data from both products is combined and displayed in Search Console Insights . When linked to Google Analytics your Search Console performance data is shared with the linked Google Analytics property.
Search Console Insights helps us better assess the performance of our content. This way, questions like the following are easier to answer:
1. What is my best performing content?
2. How powerful are new contents?
3. How do users discover my content on the web?
4. Which users use Google search before they access my content?
5. Which article refers users to my website and content?
For more information, please visit: https://search.google.com/search-console/insights/about
9.3. Google Maps
We integrate the maps of the service “Google Maps” of the provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, to visually display geographical information. When using Google Maps, Google also processes data about the use of the Maps functions by visitors of the websites. The processed data may include, in particular, IP addresses and location data of the users. This information is usually transferred to a Google server in the USA and stored there. The provider of this site has no control on this data transmission. Google may transfer the information obtained through Maps to third parties where required to do so by law, or where such third parties process the information on Google’s behalf. Google will not associate your IP address with any other data held by Google. Nevertheless, it would be technically possible for Google to identify at least individual users based on the data received. It would be possible that personal data and personality profiles of users of the website could be processed by Google for other purposes of which we do not have or may gain control. For more information about the data processing by Google please visit https://www.google.com/policies/privacy/, opt-out: https://adssettings.google.com/authenticated. In Google’s “Privacy Centre”, users can change their individual settings so that they can manage and protect their personal data (https://support.google.com/accounts/answer/3024190).
By using this website, you consent to the collection, processing and use of automatically collected data by Google Inc, its agents and third parties. Thus, your data will be processed based on your consent pursuant to Art. 6 Para. 1 lit. a GDPR.
9.4. Google ReCaptcha
We use “Google reCAPTCHA” on our website. The provider of this service is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
The purpose of reCAPTCHA is to verify whether data entry on our websites, e.g. in contact forms, is done by a human or by an automated programme. The reCAPTCHA service can be used to prevent abusive computer-controlled input on websites by querying certain numerical sequences or image elements. For this purpose, reCAPTCHA analyses the behaviour of the website visitor based on various parameters and information, such as the IP address, the time spent on the website by the website visitor or the mouse movements made by the user. The data collected during the analysis is forwarded to Google. The reCAPTCHA analyses run completely in the background.
The storage and analysis of the data is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in protecting its web offers from abusive automated spying and from SPAM. If a corresponding consent was requested (e.g. consent to store cookies), the processing is carried out according to Art. 6 para. 1 lit. a GDPR.
9.5. Google Tag Manager
We use the Google Tag Manager. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
Google Tag Manager is a tool that allows us to embed tracking or statistical tools and other technologies on our website. The Google Tag Manager itself does not create user profiles, does not store cookies and does not perform any independent analyses. It is only used for the administration and execution of integrated tools. However, Google Tag Manager collects your IP address, which may also be transferred to Google’s parent company in the United States.
The use of Google Tag Manager is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in a fast and uncomplicated integration and management of various tools on his website. If a corresponding consent was requested, the processing is generally based on Art. 6 para. 1 lit. a GDPR; such consent can be revoked at any time.
9.6. Google AdWords
This website uses the online advertising programme “Google AdWords” and as part of it the conversion tracking. Google Adwords places a cookie on your computer if you have accessed our website via a Google ad. These cookies expire after 30 days and are not used for personal identification. If the user visits certain pages of our website and the cookie has not yet expired, we and Google can recognize that the user clicked on the ad and was redirected to this page. Each Google AdWords customer receives a different cookie. Cookies can therefore not be tracked through the websites of AdWords customers.
The information obtained with the help of the conversion cookie is used to create conversion statistics for AdWords customers who have opted for conversion tracking. Clients get information about the total number of users who clicked on their ad and were redirected to a page tagged with a conversion tracking tag. However, they do not receive any information with which users can be personally identified.
9.7. Zoho Page Sense
When you visit our website, anonymised usage data is collected via the ZOHO service PageSense (https://zoho.eu/pagesense). PageSense merely records visits to and clicks on our website, completely anonymously. I It does not enable individual visitors to be identified. PageSense merely allows us to assess general use of our website in the form of a heat map and, as a result of this, it allows us to show you key content at the right place on individual web pages. No usage data or personal data is collected or stored.
10. Font Awesome
This site uses so-called web fonts provided by Fonticons, Inc. for the uniform representation of fonts. When you call up a page, your browser loads the required web fonts into its browser cache in order to display texts and fonts correctly.
For this purpose, the browser you use must connect to the servers of Fonticons, Inc. Thus, Fonticons, Inc. obtains knowledge that our website was accessed via your IP address.
The use of web fonts is based on consent pursuant to Art. 6 para. 1 lit. a GDPR; such consent can be revoked at any time.
Our website uses plugins from the YouTube site operated by Google. The operator of the pages is YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, USA. The YouTube videos are not loaded until the visitor gives his consent. As long as the visitor does not accept the consent, YouTube cookies are not set. After your consent has been granted, a connection to the servers of YouTube is established. This tells the YouTube server which of our pages you have visited.
If you are logged on to your YouTube account, you allow YouTube to assign your surfing behaviour directly to your personal profile. You can prevent this by logging out of your YouTube account.
12. SSL or TLS encryption
In order to protect your data in the best possible way during transmission, the website operator uses SSL/TLS encryption. You can identify such encrypted connections by the green padlock in front of the address line or by the prefix https:// in the page link in the address line of your browser. Unencrypted pages are marked by http://.
All data that you transmit to this website – for example when making inquiries or logging in – cannot be read by third parties thanks to SSL/TLS encryption.
13. Social Media
Our website uses functions of the XING network. The provider is XING AG, Dammtorstrasse 29-32, 20354 Hamburg, Germany.
Each time one of our pages containing XING functions is called up, a connection to the XING servers is established. If the users are members of the Xing platform, Xing can assign the call-up of the above-mentioned contents and functions to the relevant user profiles. As far as we are aware, no personal data is stored in the process. In particular, no IP addresses are stored and the usage behaviour is not evaluated.
With each individual call-up of our website that is equipped with a LinkedIn component (LinkedIn plug-in), this component causes the browser used by the data subject to download a corresponding representation of the component from LinkedIn. For further information on the LinkedIn plug-ins please visit https://developer.linkedin.com/plugins. As part of this technical procedure, LinkedIn receives information about which specific subpage of our website is visited by the data subject.
If the data subject is logged in to LinkedIn at the same time, LinkedIn – at each call-up of our website by thy data subject and for the entire duration – identifies which specific subpage of our website the data subject is visiting. This information is collected by the LinkedIn component and assigned by LinkedIn to the respective LinkedIn account of the data subject. If the data subject activates a LinkedIn button integrated on our website, LinkedIn assigns this information to the personal LinkedIn user account of the data subject and stores this personal data.
LinkedIn always receives information via the LinkedIn component that the data subject has visited our website if the data subject is logged into LinkedIn at the same time when calling up our website; this takes place regardless of whether the data subject clicks on the LinkedIn component or not. If the data subject does not want this information to be transmitted to LinkedIn, he or she can prevent the transmission by logging out of his or her LinkedIn account before accessing our website.
LinkedIn offers on https://www.linkedin.com/psettings/guest-controls the option to unsubscribe from email messages, SMS messages, and targeted ads, as well as to manage ad settings. LinkedIn also uses partners such as Quantcast, Google Analytics, BlueKai, DoubleClick, Nielsen, Comscore, Eloqua and Lotame, which may place cookies. Such cookies can be rejected on https://www.linkedin.com/legal/cookie-policy.
14. Newsletter subscription
We provide a newsletter in which we inform you about current events and special offers. If you would like to subscribe to the newsletter, please provide a valid e-mail address. By subscribing to the newsletter, you agree to receive the newsletter and consent to the following procedures.
The newsletter is sent by the mailing service provider Mailchimp, a mailing platform of the provider The Rocket Science Group, LLC, 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308 USA. For information about the data protection regulations of the shipping service provider please visit: https://mailchimp.com/legal/privacy/.
If you subscribe to the newsletter, we validate your e-mail address by means of a double opt-in procedure. We will then use your e-mail address to send you our newsletter at regular intervals. Your data is stored on the servers of The Rocket Science Group, LLC in the USA. For information on the security regulations of the shipping service provider in the area of the collected data and the infrastructure please visit: https://mailchimp.com/about/security/.
Based on the collected data in Mailchimp we carry out statistical surveys and analyses. Among other things, it is analysed whether you open the newsletter, which links you click on, etc. If you do not want Mailchimp to perform any analysis, you must unsubscribe the newsletter.
Revocation and termination
You can revoke your consent to receive the newsletter at any time and thus cancel the newsletter subscription. After your cancellation, your personal data will be deleted from the servers of The Rocket Science Group, LLC. This does not affect data that has been stored in our CRM system for other purposes. Your consent to receive the newsletter will expires at the same time. At the end of each newsletter you will find a direct link to the cancellation.
14.1. Zoho MarketingAutomation
This website uses Zoho MarketingAutomation to send out newsletters. Provider is Zoho Corporation GmbH., c/o Mütze Korsch Rechtsanwaltsgesellschaft mbH, Trinkausstraße 7, 40213 Düsseldor Germany (hereinafter “Zoho MarketingAutomation”).
Zoho MarketingAutomation is a service that can be used, in particular, to organize and analyze the sending of newsletters. The information you enter to subscribe to the newsletter is stored on Zoho MarketingAutomation’s servers. Zoho MarketingAutomation allows us to analyze our newsletter campaigns.
Data analysis by Zoho MarketingAutomation
Zoho MarketingAutomation allows us to analyze our newsletter campaigns. For example, we can see whether a newsletter message has been opened and which links have been clicked on, if any. In this way we can determine which links have been clicked on most often.
We can also see if certain previously defined actions were performed after opening/clicking (conversion rate). For example, we can see whether you have made a purchase after clicking on the newsletter. If you do not want to receive analyses of Zoho MarketingAutomation, you must unsubscribe from the newsletter. We provide a link to this in every newsletter message. Zoho MarketingAutomation also allows us to classify the recipients of the newsletter into different categories (“clustering”). The newsletter recipients can be classified, for example, by age, gender, or place of residence. In this way, the newsletter can be better adapted to the respective target groups. If you do not wish to receive analyses of Zoho MarketingAutomation, you must unsubscribe from the newsletter. You will find a link to this in every newsletter message.
Detailed information about the characteristics of Zoho MarketingAutomation can be found at the following link: https://www.zoho.com/es-xl/marketingautomation/features.html .
The data processing is based on your consent (Art. 6 para. 1 lit. a GDPR). You can revoke this consent at any time with effect for the future.
The data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here:
Duration of storage
The data that you provide us with for the purpose of subscribing to the newsletter will be stored by us or the newsletter service provider until you unsubscribe from the newsletter and will be deleted from the newsletter distribution list or deleted after the newsletter has been cancelled. We reserve the right to delete email addresses within the scope of our legitimate interest under Art. 6 para. 1 lit. f GDPR. Data stored by us for other purposes remain unaffected.
After you have been removed from the newsletter distribution list, your email address may be stored by us or the newsletter service provider in a blacklist to prevent future mailings. The data from the blacklist will only be used for this purpose and will not be merged with other data. This serves both your interest and our interest in complying with the legal requirements when sending newsletters (legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR). The storage in the blacklist is indefinite. You may object to the storage if your interests outweigh our legitimate interest.
Execution of a contract data processing agreement
We have concluded an order processing contract with Zoho Marketing Hub. Se trata de un contrato requerido por las leyes de protección de datos y garantiza que Zoho Campaigns trata los datos personales de las personas que visitan nuestro sitio web según las instrucciones y en cumplimiento con el RGPD.
15. Cooperation with Cyon as processor
16. User rights
The supervisory authority of the controller responsible for data protection is:
You may request information from us about the data we hold about you at any time. This information concerns, among other things, the categories of data we process, the purposes for which we process them, the origin of the data if we have not collected it directly from you, and, if applicable, the recipients to whom we have transmitted your data.
You can request us to correct your data. We will take reasonable steps to keep the data we hold about you and process it on an ongoing basis in an accurate, complete and up to date manner.
You may request us to delete your data, provided that the legal requirements for this are met. According to Art. 17 GDPR, this may be the case if:
• the data is no longer required for the purposes for which it was collected or otherwise processed;
• You revoke your consent, which is the basis for the data processing, and there is no other legal basis for the processing;
• You object to the processing of your data and there are no overriding legitimate grounds for the processing, or you object to the processing of data for direct marketing purposes;
• the data has been processed unlawfully;
• the processing is not necessary to ensure compliance with a legal obligation requiring us to process your data; regarding legal retention periods; to assert, exercise or defend legal claims.
You may request us to restrict the processing of your data if:
• You dispute the accuracy of the data, i.e. for the period we need to verify the accuracy of the data;
• the processing is unlawful and you refuse the deletion of your data and request the restriction of use instead;
• we no longer need your data, but you need it to assert, exercise or defend legal claims;
• You have objected to the processing as long as it has not yet been determined whether our legitimate grounds outweigh yours.
At your request, we will transfer your data – insofar as this is technically possible – to another data controller. However, you only have this right if the data processing is based on your consent or is necessary to perform a contract. Instead of receiving a copy of your data, you can also ask us to transfer the data directly to another data controller, specified by you.
You may object to the processing of your data at any time for reasons arising from your particular situation, provided that the data processing is based on your consent or on our legitimate interests or those of a third party. In this case, we will no longer process your data. The latter does not apply if we can demonstrate compelling legitimate grounds for processing that override your interests or if we need your data to assert, exercise or defend legal claims.
Deletion of Data
Unless your request conflicts with a legal obligation to retain data (e.g. data retention), you have a right to have your data deleted. Data stored by us will be deleted if it is no longer required for its intended purpose and if no legal retention periods apply. If the deletion cannot be carried out because the data is required for permissible legal purposes, data processing will be restricted. In this case, the data will be blocked and not processed for other purposes.