Data Security Statement

I. Name and Address of the Person Responsible

The person responsible in accordance with the DSGVO and other national data safety laws in the member states as well as any other data safety regulations is:

LCTech GmbH
Daimlerstraße 4
84419 Obertaufkirchen
Deutschland
Tel.: +49 8082 2717-0
E-Mail: datenschutz@LCTech.de
Website: www.LCTech.de

II. Name and Address of the Data Security Officer

The responsible person’s data security officer is:

Monika Kefer
Kefer IT-Beratung
Blumenstr. 9A
83569 Vogtareuth
Deutschland
Tel.: +49 8038-1039
E-Mail: info@kefer-it.de
Website: www.kefer-it.de

III. General About Personal Data Handling

1.    Extent of Personal Data Handling

We collect and use our users’ personal data on principle only if this is necessary for providing a functioning website, content and service. Collection and usage of our users’ personal data happens regularly only after our users’ consent. Exceptions occur when asking for consent is not possible beforehand and data collection is permitted by law.

2.    State of the Law Regarding Collection of Personal Data

If we ask for permission to collect personal data for processing, art. 6 para. 1 lit. a EU Data Protection Ordinance (DSGVO) functions as legal basis for collection of personal data.
If personal data is collected because it is necessary to fulfil a contract with the person, whose data is collected, art. 6 para. 1 lit. c SGVO functions as legal basis. This also applies to data usage that is required for pre-contractual measurements.
If an affected person’s data collection is required by law our company has to abide to, art. 6 para. 1 lit. c DSGVO functions as legal basis.
If vitally important interests of the affected person or another individual require collection of personal data, art. 6 para. 1 lit. d DSGVO functions as legal basis.
Is the collection necessary to ensure our company’s or a third party’s justifiable interests and interests, basic rights and liberties of the affected person do not outweigh our interests art. 6 para. 1 lit. f DSGVO functions as legal basis for data collection.

3.    Data Deletion and Duration of Storage

Personal data of affected people will be deleted or blocked as soon as the purpose of saving them is no longer applicable. Furthermore saving can be carried out if it is intended by European or national lawmakers in Union decrees, laws or other prescriptions the responsible person is subject to. Blocking or deleting data is also carried out if a, by aforementioned laws, dictated storage deadline ends, except if it there is necessity to store the data until the expiration of the contract.

IV. Website Provision and Creation of Log Files

1.    Description and Extent of Data Handling

Every time our website is requested our system automatically saves data and information regarding the requesting computer’s system. The following data is being collected:

(1) Information regarding browser type and version
(2) The user’s operating system
(3) The user’s internet service provider 
(4) The user’s IP address
(5) Date and time of request 
(6) Websites from where the user’s system reached our website
(7) Websites, which the user’s system requests via our website

The data is also stored in our system’s log files. Storing this data with other personal data of the user does not happen.

2.    Legal Basis for Data Handling

Legal basis for temporarily storing aforementioned data and log files is art. 6 para. 1 lit. f DSGVO.

3.    Purpose of Data Handling

Temporarily storing IP addresses by the system is necessary to allow the dispatch of our website to the user’s computer. For this purpose, the user’s IP address needs to be stored for the duration of the session.
Storing in log files happens to ensure the website’s functionality. Furthermore, we use the data to optimise the website and to ensure safety of our information systems. Analysis of said data for marketing purposes does not happen in this context.
In said purposes lies our justifiable interest in data handling in accordance with art. 6 para. 1 lit. f DSGVO.

4.   Duration of Storage, Objection and Deletion Possibilities

The data is deleted as soon as they are no longer necessary for obtaining the purpose of their collection. Regarding data collection to provide the website, the data is deleted with the end of the session.
Regarding the storage of data in log files, it is deleted after no longer than seven days. Further storage is possible. In this case, the users’ IP addresses are being deleted or alienated so assigning them to the requesting client is no longer possible.

5.    Objection and Deletion Possibilities

Collecting data to provide the website and storing it in log files is imperative to operate our website. Therefore, users can not object.

V. Cookie Usage

a)    Description and Extent of Data Handling

Our website uses Cookies. Cookies are text files, which are stored in the web browser or on the computer by the browser. If a user requests the website a Cookie can be saved in the user’s operating system. This Cookies contains a specific character string, with which the browser can be clearly identified upon the next visit on our site.
We use Cookies to create a more user friendly website. Some elements on our websites require the identification of the browser even after changing pages.

The following data is stored in the Cookies:

(1) Language settings
(2) Log in information

Furthermore, we use Cookies that enable us to analyse the user’s surf behaviour.

The following data can be collected like this:

(1) Entered search terms
(2) Frequency of site requests
(3) Use of website operations

Data collected in this way will be pseudonymised through technical precautions, which makes it impossible to connect the requesting user to the data. The data will be stored with other personal data of the user.
When reaching our site a banner will inform the users that Cookies are being used for analysing purposes, they are asked for their consent to collect personal data and are referred to this data security statement. In this context users are being informed how to block Cookies in their browser settings.

b)    Legal Basis for Data Collection Using Cookies

Art. 6 para. 1 lit. f DSGVO is legal basis for collecting and handling personal data using Cookies.

c)    Purpose of Data Collection Using Cookies

The purpose of using technically needed Cookies is to make using our website easier. Some functions our website cannot be offered without using Cookies, since it is important that the browser is recognised after changing pages.

The following applications use Cookies:

(1) Adoption of language settings
(2) Remembering search terms

Personal data collected by technically needed Cookies is not used to create user profiles.
Cookies for analysing purposes are used to enhance our websites quality and content. This way we learn how our website is being used and can continually optimise our offer.
Because of this, we have justified interest in collecting personal data according to art. 6 para. 1 lit. f DSGVO.

d)    Duration of Storage, Objection and Deletion Possibilities

Cookies are saved on the user’s computer, which transfers them to our site. This means that the user has full control over the usage of Cookies. You can block or restrict the usage of Cookies through your browser settings and stored Cookies can always be deleted, which can be handled automatically. If Cookies for our website are blocked it is possible that not all applications can be used to their full extent.

Transmission of Flash Cookies cannot be blocked through browser settings but through the settings option in the Adobe Flash Player.

e)    Details on the Individual Providers

(1)   Remarketing

Google

This website uses the remarketing function Google Inc. (“Google”). This application is used to show this website’s users personalised advertisement through Google’s advertising network when they visit one of Google’s sites. The user’s browser saves text files, so called “Cookies” on your computer, which enable Google to recognise the user if they visit a site that is part of Google’s advertising network. Adverts regarding content the user requested on sites that use Google’s remarketing application. According to Google they are not collecting data in this process. If you still do not want the remarketing application you can generally deactivate it in Google’s settings via http://www.google.com/settings/ads. Alternatively, you can deactivate the use of Cookies for personalised advertisement by following the instructions on http://www.networkadvertising.org/managing/opt_out.asp.

(2)    Analysis Tools and Advertising

Google Analytics

Based on our justified interest (i.e. interest in analysis, optimisation and economic operation of our online offer according to – DSGVO) we use Google Analytics, an online service of Google LLC (“Google”). Google uses Cookies. The information regarding users’ online activity generated by the Cookies are usually transferred to and saved on a Google server in the USA.

Google is certified under the Privacy-Shield Agreement and therefore guarantees to abide by European data protection right https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active. Google will use this information on our behalf to analyse the visitor’ usage of our online offer, to generate reports regarding activity within our offer and to provide other services tied to the usage of our online offer and the internet. In this process pseudonymous user profiles can be created.

IP Anonymisation

We activated the option to anonymise IP addresses on our website. This way Google shortens your IP address within EU member states and other members of the agreement on the European economic region before transferring them to the USA. The full IP address is only in exceptions transferred to the USA and shortened there. Google will use this information on behalf of the website host to analyse the use of this website to create reports on website activity and provide other services linked to website and internet usage for the website host. The IP address transferred by Google Analytics is not being connected to other data Google has.

Browser Plug In

You can prevent the storage of Cookies by activate certain settings in your browser software; we have to point out that in this case you might not be able to use all website functions to their full extent. Furthermore, you can prevent the collection of data generated by Cookies and referring to your use of our website (incl. your IP address), the transfer to and handling by Google by downloading the following browser plug in: 
https://tools.google.com/dlpage/gaoptout?hl=de.

Objecting Data Collection

In addition to or as an alternative to the browser add-on (e.g. when using browsers on mobile devices), we allow you to opt-out via a link click to prevent Google Analytics from collecting data from this website in the future (the opt-out works only in the calling browser and only for this website). An opt-out cookie is stored on your device and stores your deactivation of tracking. Once you delete your browser's cookies, you will need to click this link again to disable tracking again: Click this link to disable tracking.

Contract Data Processing

We concluded a contract with Google for contract data processing and implement the strict demands of the German data protection authorities when using Google Analytics.

Demographic Attributes in Google Analytics

This website uses Google Analytics’s feature “demographic attributes”, which can generate reports on information like age, gender and interests of all visitors. This data originate from interest-related advertisement by Google and visitor data of third parties. This data cannot be linked to a specific person. You can disable this feature anytime in the advertisement settings of your Google account or generally prohibit data collecting through Google Analytics by following the instructions in “Objecting Data Collection”.

VII. Information to Products and Applications – „Newsletter“

1.     Description and Extent of Data Collection

Our website offers the possibility to subscribe to a free newsletter. When subscribing the data you entered are transferred to us.
Furthermore, the following data is collected during the subscription:

(1) IP address of the requesting computer
(2) Date and time of registration

During the subscription you are asked to consent to data handling and are referred to this data privacy statement.
If you enter your e-mail address via the contact form (see VIII), we may subsequently use this to send you a newsletter. In this case, this newsletter is only used for direct advertisement for similar products or services.
In relation to the data handling needed to send newsletters no data is given to third parties. The data is exclusively used for sending the newsletter.

2.     Legal basis for Data Collection

Legal basis for collecting data after the user subscribed to the newsletter with consent of the user is art. 6 para. 1 lit. a DSGVO.
Legal basis for sending a newsletter after products were sold is § 7 para. 3 UWG.

3.    Purpose of Data Handling

The user’s e-mail address is collected to send the newsletter.
The user’s other personal data regard the registration is collected to prevent misuse of our services or the used e-mail addresses.

4.    Duration of Storage

The data is being deleted as soon as they are no longer needed to accomplish the purpose they were collected for. Therefore, the user’s e-mail address is being saved as long as the newsletter subscription is active.
Any other personal data collected during the registration are usually deleted after seven days.

5.    Objection and Deletion Possibilities

The newsletter subscription can be revoked by the user at any time with the link at the end of each newsletter.
This way revoking the consent for storage of data collected during the registration is possible.

VIII. Contact Form and E-Mail Contact

1.    Description and Extent of Data Handling

On our website there is a contact form, which can be used for electronic contacting. Does a visitor use the possibility all data entered into the form is transferred to us and stored. At the time the message is sent the following data is being stored:

(1) The user’s IP address
(2) Date and time of registration

Before sending the user is asked for consent to collect this data and referred to this data security statement.
Alternatively, establishing contact is possible by writing to a provided e-mail address. In this case all personal data transferred with the e-mail is being stored but not transferred to third parties. The data is exclusively used for processing the conversation.

2.    Legal basis for Data Handling

Legal basis for data collection with consent of the users is art. 6 para. 1 lit. a DSGVO.
Legal basis for handling data that is transferred during the sending of an e-mail is art. 6 para. 1 lit f DSGVO. If the e-mail contact is aiming at concluding a contract, additional legal basis is art. 6 para. 1 lit b DSGVO.

3.    Purpose of Data Handling

Handling personal data entered into the contact form is exclusively used for processing the established contact. In case of contact via e-mail the necessary justified interest in handling data is existent.
Any other personal data collected during the sending process is needed to prevent misuse of our contact form and ensuring the safety of our information technological systems.

4.    Duration of Storage

The data is being deleted as soon as they are no longer needed to accomplish the purpose they were collected for.
For the personal data entered into the contact form or transferred via e-mail this is the case when the individual conversation with the user is over. The conversation is over if one can conclude from the circumstances that the issue is resolved.
Any other data collected during the sending process is deleted after no later than seven days.

5.    Objection and Deletion Possibilities

The user can revoke the consent for handling their personal data at any time. If the user contacts us via e-mail they can object to the storage of their personal data at any time. In this case a conversation cannot be continued.
In this case all personal data stored during contact initiation is deleted.

IX. Rights of an Affected Person

If your personal data is being handled, you are affected as defined by DSGVO and you are entitled to the following rights towards to person responsible:

1.    Right to be Informed

You can demand affirmation from the person responsible if your personal data is handled by us.
If data is being handled you can demand the following information from the person responsible:

(1) The purposes of the handling of your personal data;
(2) The categories of personal data being handled;
(3) The recipient and categories of recipients to whom your personal data was or will be disclosed.
(4) The scheduled duration of storage of your personal data or, if this information is not available, criteria of defining the duration;
(5) Insistence on a right to correcting or deleting your personal data, a right to limit the handling through the person responsible or to objecting the handling;
(6) The right to complain to a controlling institution;
(7) All available information regarding origin of the data if the personal data is not collected from the affected person;
(8) If there exists an automated decision-making, including profiling, according to art. 22 para. 1 and 4 DSGVO and –at least in those cases- significant information on the logic involved as well as the consequences and the target impact of such a handling for the affected person.

You have the right to demand information if your personal data is transferred to third party countries or an international organisation. In this context you can demand to be informed on the appropriate guarantees according to art. 46 DSGVO linked to the transmission.

2.    Right of Correction

You have a right of correction and/or completion towards the person responsible if sour personal data is wrong or incomplete. The person responsible has to immediately carry out the correction.

3.    Right to Limit Handling

You can demand the limitation of the handling of your personal data under the following circumstances:

(1) If you deny the rightfulness of your personal data for a time period, which allows the person responsible to check the rightfulness of your personal data;
(2) The handling is illegal and you decline the deletion of your personal data and instead prefer limiting the handling of your personal data;
(3) If the person responsible no longer needs your personal data for handling purposes but needs it to enforce, execute or defend legal demands or
(4 If you objected to the handling according to art. 21 para. 1 DSGVO and it is not yet certain if the justified reasons of the person responsible outweigh your reasons.

If the handling of your personal data has been limited this data –except for its storage- is only allowed to be handled with your consent, to enforce, execute or defend legal demands or to protect the rights of an individual or a legal entity or for reasons of important public interest of the Union or a member state.

If the data handling has been limited because of aforementioned reasons, you will be informed by the person responsible before the limitation is annulled.

4.    Right of Deletion

a)    Obligation of Deletion

You can demand from the person responsible that your personal data is deleted immediately and the person responsible is obligated to follow this demand if one of the following reasons applies:

(1) Your personal data is no longer necessary for the purposes it was collected for.
(2) You revoke your consent the handling was based on according to art. 6 para. 1 lit a or art. 9 para. 2 lit. a DSGVO and there is no other legal basis for its handling.
(3) You object the handling according to art. 21 para. 1 DSGVO and there are no preferential justified reasons for its handling or you object to the handling according to art. 21 para. 2 DSGVO.
(4) Your personal data has been handled illegally.
(5) The deletion of your personal data is necessary to carry out legal duty according to union law or of a member state the person responsible has to abide to.
(6) Your personal data has been collected related to offered services of the information society according to art. 8 para. 1 DSGVO.

b)    Information to Third Parties

If the person responsible has disclosed your personal data and is obligated to delete them according to art. 17 para. 1 DSGVO, they will, under consideration of the technology available and costs of implementation, take appropriate action, also of technological sort, to inform the person responsible for data handling, who handles your personal data, that you as affected person demanded the deletion of all links to your personal data or copies or replications of your personal data.

c)    Exceptions

The right of deletion does not apply if the handling is necessary

(1) To execute the right of free speech and information;
(2) To fulfil legal duties, which demand the handling due to union  or member state law, which the person responsible has to abide to, or to fulfil an assignment which is part of public interest or takes place in public authority that was placed upon the person responsible;
(3) Because of public interest or health according to art. 9 para. 3 DSGVO;
(4) For in public interest lying archive, scientific or historic research or statistic purposes according to art. 89 para. 1 DSGVO if the under clause a) mentioned right presumably eliminates or severely hinders the realisation of this handling’s goals or
(5) to enforce, execute or defend legal demands.

5.    Right of Information

If you proved your right of correction, deletion or limitation of handling towards the person responsible, they are obligated to inform any recipients to whom they disclosed the personal data about the correction or deletion of data or limitation of handling, if it is not impossible or tied to unreasonable effort.
You have the right to be informed about aforementioned recipients.

6.    Right of Data Transferability

You have the right to obtain the personal data you provided to the person responsible in a structured, standardised and machine-readable format. Furthermore, you have the right to transfer your personal data to another responsible person without the hindrance of the first responsible person, if

(1) The handling is based on consent according to art. 6 para. 1 lit a DSGVO or art. 9 para 2 lit a DSGVO or on a contract according to art. 6 para 1 lit. b DSGVO and
(2) The handling is carried out through automated methods.

While exercising this right you also have the right to demand that your personal data is directly transferred from one responsible person to another if this is technically manageable. Rights and liberties of other people must not be compromised this way.

7.    Right of Objection

You have the right to object to the handling of your personal data, which takes place according to art. 6 para. 1 lit. e or f DSGVO at any time for reasons that are the result of your individual situation. This also applies to profiling based on these ordinances.
The person responsible does no longer handle your personal data unless they can prove compelling reasons worthy of protection for handling the data that outweigh your interests, rights and liberties or the handling serves to enforce, execute or defend legal demands.
If your personal data is used to conduct direct advertisement, you have the right to object to the handling of your personal data for this purpose. This also applies to profiling if it is directly connected to direct advertisement.
If you object the data handling for advertisement purposes your personal data is no longer handled for this purpose.
You have the possibility in relation to the use of services provided by the information society –regardless of guideline 2002/58/EG- to execute your right of objection via automated methods, which use technical specifications.

8.    Right to Repeal the Declaration of Consent According to Data Protection Law

You have the right to repeal your declaration of consent according to data protection law at any time. The rightfulness of the data handling until the repeal of consent is not touched by the repeal of consent.

9.    Automated Decision in Individual Cases, Including Profiling

You have the right not to be subjected to a completely automated handling –including profiling–, which has legal effect on you or significantly affects you in a similar way. This does not apply if the decision

(1) Is necessary for the conclusion or completion of a contract between you and the person responsible,
(2) Admissible based on union or member state law, which the person responsible has to abide to, and those laws contain appropriate measures to protect your rights, liberties and justified interests.
(3) Is carried out with your explicit consent.

However, the decisions must not be based on certain categories of personal data according to art. 9 para. 1 DSGVO, if art. 9 para. 2 lit. a or g do not apply and appropriate measures to protect your rights, liberties and justified interests have been made.
In Consideration of the case mentioned in (1) and (3) the person responsible has to take appropriate measures to protect your rights, liberties and justified interests, which at least includes your right to demand action from a person on the responsible person’s side, the right of explanation of the own standpoint and the right to challenging the decision.

10.    Right to Complain to a Controlling Institution

Regardless of a different, administrative or legal appeal, you have the right to complain to a controlling institution, especially in the member state of your residence, your workplace or the place of the alleged violation if you hold the view that the handling of your personal data violates the DSGVO.
The controlling institution, which the complaint was submitted to, informs the complainant of the status and result of the complaint including the possibility of a legal appeal according to art. 78 DSGVO.

As of: June 2018