Privacy Notice regarding Visits to our Website pursuant to Articles 13, 14, and 21 of the EU General Data Protection Regulation (GDPR)
In this Privacy Notice we would like to inform you about the ways in which we process any personal data during your visit to our website, in communication with us, as well as during your use of website contents.
1. Joint responsibility
U.I. LAPP GmbH, Schulze-Delitzsch-Straße 25, 70565 Stuttgart,
Telephone call: +49 711783801, E-Mail: firstname.lastname@example.org;
LAPP Austria GmbH, Bremenstraße 8, 4030 Linz,
Telephone call: +43 732781272, E-Mail: email@example.com;
LAPP France Sarl, Technopôle Forbach Sud, 57600 Forbach,
Telephone call: +33 387841929, E-Mail: firstname.lastname@example.org;
LAPP Benelux B.V., Van Dijklaan 16, 5581 WG Waalre,
Telephone call: +31 402285000, E-Mail: email@example.com;
LAPP Czech Republic s.r.o., Bartošova 315, Kvítkovice, 765 02 Otrokovice,
Telephone call: +42 0573501000, E-Mail: info.cz.lcz(at)lapp.com;
Lapp Kabel Sp. z o.o., Profesna 1 Biskupice Podgórne, 55040 Kobierzyce,
Telephone call: +48 713306300, E-Mail: firstname.lastname@example.org
(hereinafter "LAPP", "we", "us") is the data controller for all personal information collected and processed by LAPP on this website.
1.1 What is the reason for joint responsibility?
Our aforementioned companies work closely together in the operation of the website and the online shop as well as in the processing of orders and marketing. This also concerns the processing of your personal data. We have jointly determined the order in which this data is processed in the individual process stages. The LAPP companies are therefore jointly responsible for the protection of your personal data within the process stages described below pursuant to Art. 26 GDPR.
1.2 For which process stages is there joint responsibility?
The joint responsibility exists for all processes of the online shop. As part of our joint responsibility under data protection law, we have agreed which of the companies fulfils which obligations under the GDPR. This concerns in particular the exercise of the rights of the data subjects and the fulfilment of the information obligations pursuant to Articles 13 and 14 GDPR.
This agreement is necessary because personal data is processed at the online shop in different process sections and systems operated by different companies.
|Process stage||Fulfilment of obligations by|
|Operation of the website (see points 2, 3 and 5)||U.I LAPP GmbH|
|Country-specific content, forms and marketing (see point 3)||Relevant national company|
|Order processing||U.I LAPP GmbH|
|Contact point on data protection/expression of data subjects' rights (see point 15)||U.I. LAPP GmbH|
1.3 What does that mean for you?
Even if there is joint responsibility, we fulfil the data protection obligations pursuant to their respective responsibilities for the individual process stages as follows:
Within the scope of joint responsibility
- U.I. LAPP GmbH is responsible for the processing of personal data in connection with the operation of the website and the online shop and
- The respective national company is responsible for the processing of personal data for country-specific content, forms and marketing.
U.I. LAPP GmbH makes the information required under Articles 13 and 14 GDPR available to you free of charge in a precise, transparent, comprehensible and easily accessible form in clear and simple language. In doing so, each party shall provide the other party with all necessary information from its sphere of influence.
We inform each other without delay about legal positions asserted by data subjects. We provide each other with all the information necessary to respond to requests for information.
Data protection rights may be asserted at the contact point U.I. LAPP GmbH. In principle, data subjects receive the information from U.I. LAPP GmbH.
1.4 How do I contact the Data Protection Officer?
Each LAPP company has appointed its own data protection officer where necessary. U.I. LAPP GmbH has appointed the data protection officer TERCENUM AG, Georgenstrasse 22, 10117 Berlin, Telephone: +49 3098321750, E-Mail: email@example.com as website operator.
2. What personal data do we always collect from you?
2.1 When visiting our website
If you do not register or provide us with any other information, we only collect the personal data that your browser transmits to our server (so-called log files). If you wish to view our website, we collect the following data, which is technically necessary for us to display our website, to establish a connection, and to guarantee system stability and security:
- the IP address of the computer/device with which you access the Internet;
- the date and time of the request;
- time zone difference to Greenwich Mean Time (GMT);
- the website/application from which the request comes;
- the access status/HTTP status code;
- respectively transferred data volumes;
- the browser used;
- the operating system used together with its user interface;
- language and version of the browser software;
This is necessary for us to display our website and to guarantee stability and security. This is in our legitimate interest within the meaning of Article 6 (1) lit. f GDPR.
During contract processing, the aforementioned data is stored on the servers of Lapp Service GmbH, Oskar-Lapp-Str. 2, 70565 Stuttgart, Germany. The servers are located in Germany.
Data is stored until the end of the following year and then erased automatically.
Collection of such data for the provision of the website and storage of data in log files is strictly necessary for proper operation of the website. As a result, the user does not have the option to object.
2.2 Phone and video conferencing as well as contact via 'Microsoft Teams'
We use Microsoft Teams as a tool to hold phone and/or video conferences and to accept calls to the phone numbers communicated to you (hereinafter collectively referred to as 'Online Meetings'). The service provider is Microsoft Ireland Operations, Ltd., One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521, Ireland, which processes the data on our behalf within the meaning of Article 28 GDPR.
Please note that this Privacy Notice only informs you about the processing of your personal data by ourselves if you hold Online Meetings with us. If you access the Microsoft Teams website, the Microsoft Teams provider is the controller responsible for data processing. If you wish to receive information about the processing of your personal data by Microsoft, we kindly ask that you access the relevant statement at Microsoft.
Various types of data are processed when using Microsoft Teams. The scope of said data is, among other things, dependent on your data choices before and during your participation in an Online Meeting.
The following personal data is processed:
- the IP address of the computer/device with which you access the Internet;
- information on you as a user: e.g. display name, possibly email address, profile picture (optional), preferred language;
- meeting metadata: e.g. date, time, Meeting ID, phone numbers, location;
- text, audio and video data: you may have the option to use the chat feature in an Online Meeting. To this extent, any text entries you make are processed to display these in the Online Meeting. To make sure that video and audio can be accessed, the data of your device's microphone and any video camera are processed accordingly for the duration of your meeting. You always have the option of disabling your camera or muting your microphone through relevant settings in the Microsoft Teams applications.
The legal basis for data processing when holding Online Meetings is Article 6 (1) lit. b GDPR, to the extent that said Meetings where conducted within the context of a contractual relationship.
If the processing of personal data is a key requisite for the use of Microsoft Teams, the legal basis for processing users' personal data is Article 6 (1) lit. f GDPR. Our legitimate interest is in this case effectively conducting Online Meetings.
If there is no contractual relationship, the legal basis is still Article 6 (1) lit. f GDPR. Here too, our legitimate interest is the effective conduct of Online Meetings.
Personal data processed in connection with participation in Online Meetings will not be disclosed to third parties as a matter of principle, unless it is specifically intended to be disclosed. Please note that the content of both Online Meetings and face-to-face meetings is often used to communicate information with customers, interested parties, and third parties, and is therefore intended to be disclosed.
The Microsoft Teams provider necessarily obtains knowledge of the aforementioned data insofar as this is provided in the context of our data processing agreement with Microsoft Teams.
Data processing outside of the European Union (EU) does not take place as a matter of principle, as we have restricted our storage location to data centers in the European Union. However, we cannot guarantee that data is not routed via Internet servers located outside the EU. One particular instance of such routing is whenever participants participate in Online Meetings in a non-Member State.
However, the data is encrypted during transport over the Internet and thus protected against unauthorised access by third parties.
3. What personal data from you do we collect in the optional individual case?
In addition to phone and video conferences as well as telephony and the use of our website for purely informational purposes, we also offer various services that you can use if you are interested in them. This usually requires you to provide additional personal data that we use to provide the respective service.
In some cases, we use service providers in compliance with the legal requirements by way of commissioned processing pursuant to Article 28 GDPR, i.e. on the basis of a contract on our behalf, in accordance with our instructions and under our control. These are companies in particular in categories of IT service providers, logistics, telecommunications, sales and marketing, legal and tax consulting, about which we will inform you accordingly on a case-by-case basis. In these cases, we remain responsible for processing; the distribution and processing of personal data to and by our processors is based on the legal basis that allows us to process the data in each case. No separate legal basis is required.
We additionally transmit personal data to recipients which fall outside of the immediate jurisdiction the GDPR ('third countries'). To the extent that for these counties the European Commission has not decided that they provide an adequate level of legal protection for your personal data, we must either ensure that we implement adequate safeguards for your personal data or that one of the legal exceptions applies.
We regularly use the standard contractual clauses approved by the European Commission with recipients located in third countries not recognised as safe as safeguards pursuant to Article 46 (2) (c) GDPR. Nevertheless, in some countries there is a risk that your data may be requested by national authorities for control and monitoring purposes, without the conditions being clearly regulated or corresponding legal remedies being available. Where such risks exist that are considered unreasonable by the case law of the European courts (in some situations this is the case in the USA, for example), we will take additional protective measures and make agreements whenever possible.
On this basis, we would like to inform you about the following data processing in our individual optional services:
3.1 Customer account and performance of contract
We process the personal data submitted by you when opening a customer account and/or for the performance of contract. This data includes:
- first name;
- (email) address;
- phone and fax number;
- customer number;
- VAT identification number.
In this respect, our identification system is used for unambiguous personal identification and helps all customers to log in securely. We also record the LAPP ID – consisting of an email address and password – when registering for our Online Shop and also assign your inquiries and your user behaviour to it, particularly when and how often you log into the Online Shop, whether you register for any webinars, when submitting questions via the chat, or when you are configuring cables via the configurator. In addition to managing customer identity and profile data, the standardised login also serves to protect customer information against attacks.
We use the Auth0 Single-Sign-On authentication service to allow log-ins to our website. The service provider is the American company Auth0 Inc., 10800 NE 8th Street, Suite 700, Bellevue, WA 98004, USA. Auth0 processes data in the USA, among other countries. Information on a transfer taking place and its legal legitimacy can be found in Chapter 9.2 Third-country transfer.
After complete processing of the contract or deletion of your customer account, your data will be blocked with regard to tax and commercial law retention periods and deleted after expiry of these periods, unless you have expressly consented to the further use of your data or a legally permitted further use of data has been reserved on our part.
We store and use the data communicated by you for the purpose of processing the contract. The legal basis for the use of the login data is Article 6 (1) lit. b GDPR insofar as the initiation, conclusion, and performance of the contract is concerned, and Article 6 (1) lit. f GDPR to the extent that you are an employee of our customer and we have a legitimate interest through the conclusion of the contract. The legal basis for making optimal adjustments to the website is Article 6 (1) lit. f GDPR; our legitimate interest here is based on the optimisation and personalisation of our (website content / online shop) offers.
3.2 Contact forms and contact via email
Contact forms can be used on our website in a range of ways in which you can contact us electronically regarding the following, among other things:
- initial contact;
- product details (EPLAN, AUCOTEC, special cables, or similar);
- product inquiries (ETHERLINE, Skintop, Train, or similar);
- configuration/configurator inquiries;
- electronic invoicing inquiries;
- registering complaints;
- trade fair registrations;
- Registrations for consultation appointments
- (This list is not exhaustive and will be continuously expanded to make sure we offer you the best way to get in touch with us)
Appropriate contact forms can be used on our website for this purpose. If you use this option, the data you enter in the input mask will be transmitted to us and stored. Depending on the input mask, this data might include:
- first name;
- (email) address;
- phone and fax number;
- customer number;
In addition, the following data is collected at the time you send your message:
- IP address;
- date and time.
Alternatively, you can contact us using one of the email addresses provided or over the phone. In this case, the personal data transmitted by you via email will be stored.
When contacting us, we will process the data provided by you for the purpose of processing your inquiry. In addition, we process in particular the e-mail address provided by you for the purpose of evaluating the performance of the contact form used by you in each case. There will be no transfer of personal data to third parties in connection with this data processing.
The legal basis for processing your data when using our contact forms is your consent pursuant to Article 6 (1) lit. a GDPR. If you contact us by sending an email, the legal basis for processing your personal data is Article 6 (1) lit. f GDPR. If you contact us via email with the intention to conclude a contract, the additional legal basis for the processing is Article 6 (1) lit. b GDPR. We process the personal data from the input mask solely for the purpose of processing the relevant inquiry. In the event of contact by email, this also includes the necessary legitimate interest in the processing of the data. The other personal data processed during the sending of your message is used exclusively to prevent misuse of the contact form and to ensure the security of our information technology (IT) systems.
Once the data is no longer required for the collection purpose(s), it is deleted. This is also the case for the personal data from the input mask/contact form and for data sent by you via email, once the respective conversation has ended. The conversation ends when it can be concluded from the circumstances that the matter in question has definitively been clarified. The additional personal data collected at the time of sending will be deleted after a period of seven days at the latest.
3.3 Direct mailing
If you subscribe to our newsletter, we will regularly contact you with information about our offers. The only mandatory information (marked with an asterisk) for us to send you the newsletter is your email address. The provision of any additional, separately marked data is voluntary and is used to address you personally. This data includes:
- first name;
- email address*;
- customer number;
In addition, the following data is collected at the time you send your message:
- IP address;
- date and time.
We use the SAP Marketing Cloud to send and evaluate emails in the form of newsletters. The data you enter to receive the newsletter will be processed on the servers of the SAP Marketing Cloud in Eemshaven (Netherlands). By sending our newsletter with SAP Marketing Cloud, we can track whether a newsletter was opened, if any links were clicked, and if so which ones. The SAP Marketing Cloud also enables us to classify recipients of newsletters into different categories (also known as 'tagging'). This enables us to subdivide newsletter recipients according to their interest in a specific product or product group. We also use 'web beacons' to measure email opening rates. The click-through rate is measured using the SAP Marketing Cloud URLs associated with the email. Interests are automatically assigned based on clicks on a URL or image. The assignment of these interests does not have any influence on the possibility of acquiring services from LAPP or on the assessment of whether and under what conditions you can enter into a contract with us.
The data collected by us when subscribing to our newsletter is exclusively used to establish contact for marketing purposes in the form of our newsletter and its evaluation. In addition, you as a newsletter subscriber shall be notified by email in all instances in which this is necessary for the operation of the newsletter service, as could be the case in the event of changes to the newsletter offer or changes in technical circumstances.
We use the double opt-in procedure for sending the newsletter. This means that we will not send you an email newsletter until you have expressly confirmed your consent to receiving our newsletter. We do so by means of a confirmation email, prompting you to reconfirm your intent to receive the newsletter in future by clicking a link.
By activating the confirmation link, you give us your consent for the use and evaluation of your personal data pursuant to Article 6 (1) lit. a GDPR. In order to be able to trace a possible misuse of your e-mail address at a later point in time, we also have a legitimate interest pursuant to Article 6 (1) lit. f GDPR in storing the data collected at the time of sending your message.
You can unsubscribe from our newsletter at any time via the link provided for this purpose in the newsletter or by sending a corresponding message to the controller named at the beginning. After unsubscribing, your email address will be deleted from our newsletter distribution list immediately, unless you have expressly consented to further use of your data or we reserve the right to use your data for any other purpose that is permitted by law and about which we inform you in this statement.
3.3.2 Electronic advertising to existing customers
If you have provided us with your email address when purchasing items or services, we reserve the right to periodically email you offers for items or services similar to those you have already purchased from our product line. We do not need to obtain separate consent from you for this. In this respect, data processing is carried out solely on the basis of our legitimate interest in personalised direct advertising pursuant to Article 6 (1) lit. f GDPR. If you have objected to the use of your email address for this purpose, we will not send you any emails.
We use the SAP Marketing Cloud to send emails in the form of electronic advertising to existing customers. Your email address – which we receive from you when you purchase our items or services – will be processed on the servers of the SAP Marketing Cloud in Eemshaven (Netherlands). If we use the SAP Marketing Cloud to send electronic advertising to you as an existing customer, we can anonymously determine whether an email has been opened. We also use 'web beacons' to anonymously measure the opening rate of emails. The click-through rate is measured using the SAP Marketing Cloud URLs associated with the email.
You are entitled to object to the use of your e-mail address for the aforementioned advertising purpose at any time with effect for the future by notifying the controller named at the beginning or by clicking on the unsubscribe link in our emails. The only charges you will incur in this regard are the base rate charges for transmitting the message. After receiving your objection, we will stop using your email address for marketing purposes without undue delay.
3.4 Online surveys
LAPP conducts regular online surveys. For this, LAPP uses the online survey software Netigate of Netigate Deutschland GmbH, LuisenForum, Kirchgasse 2, 65185 Wiesbaden, a web-based service, to create and conduct online surveys.
The Netigate server stores the date and time of your participation. This data is stored anonymously by Netigate by logically separating the data through appropriate software implementation. We automatically retrieve the data collected through participation in the survey from the Netigate server.
We process the information related to the topic of the survey and use the data for analysis, including in the form of statistics, charts and graphs. The data is used and stored exclusively anonymously. We do not evaluate the date and time data collected with the survey.
Insofar as personal data is also requested within the scope of the survey beyond the topic of the survey (e.g. name, address, etc.), we point out separately within the scope of the survey that this is additional information that we process. This requires your consent.
The legal bases for the processing of your data, including the additional personal data, are our legitimate interest pursuant to Art. 6 (1) (f) GDPR and your consent pursuant to Art. 6 (1) (a) GDPR.
The collection of data is used to produce analyses, including in the form of statistics, charts and graphs. These purposes also constitute our legitimate interest in processing users' personal data pursuant to Article 6 (1) (f) GDPR.
The additional personal data provided will be processed in order to contact you regarding the subject of the survey, e.g. to invite you to further activities for the topic.
The personal data is processed internally at LAPP and Netigate Deutschland GmbH. The summarised and anonymised data may also be passed on by LAPP to companies commissioned with this for graphical processing, if necessary. In addition, these aggregated and anonymised data can be shared with the public and published on the internet to report on the enquiries and evaluations and to show trends.
The other personal data provided will only be processed internally at LAPP and Netigate Deutschland GmbH. This data will not be passed on to third parties without your explicit permission.
The data will not be transferred to servers outside the European Union during processing.
Every now and then, we offer you the option of registering for different webinars on various current topics via our website. Webinars are video seminars run with computer support. We use the Conference Manager tool from Conference Manager GmbH, Türkenstr. 7, 80333, Munich, Germany, to offer webinars over the Internet; this provider processes the data on our behalf pursuant to Art. 28 GDPR.
The following mandatory data is requested when registering:
- first name;
- email address;
To register for a webinar, enter this data on the landing page via the link on our website. If you take part in a webinar, we will receive information from the webinar service provider, along with your registration details, about the duration of participation, interest in the webinar, questions asked or answers given to them for the purpose of further customer support or for improving the webinars.
The webinar is carried out via an encrypted connection between you and Conference Manager. The audio or image information transmitted is only recorded by us if expressly communicated before the start of the webinar. If you ask questions in the webinar, these questions will also be recorded and played back when you call up the webinar at a later date. If you want to avoid this recording, please submit your questions via email afterwards. Conference Manager processes anonymised statistical data during and after the webinar. You are not permitted to create any recordings or screenshots of the webinar.
Your personal data that you provide to us as part of your registration will only be used by us on the basis of Art. 6 (1) lit. b GDPR to process your registration provide the webinar and for communication in the period leading up to and the period after your participation in the webinar.
Our website has the following configurators:
- cable finder;
- cable assembly finder;
- cable gland finder;
- cable protection finder;
- cable marking finder
- connector finder;
- housing configurator;
- servo configurator;
- chain configurator;
- fibre optic cable configurator;
These can only be used after creating/registering for a customer account as described in 3.1, with the corresponding LAPP ID, or by using one of the individual contact forms described in 3.2. We exclusively use the data specified here to create, dispatch, and negotiate the requested offer.
We forward the data that you enter in the context of the configurators to the LAPP company of the relevant country specified by you. You can see which country this is by clicking the following link: https://www.lapp.com
The data provided by you in the context of the chain configurator is also passed on to our service provider SOTEHA srl a Socio Unico, with registered office at Via Ticino, 6, 20095 Cusano Milanino (MI, Italy) and the following address: Via Zucchi, 39/C, 20095 Cusano Milanino (MI, Italy). Our service provider’s servers are located in the EU (Data Centre Verizon Business, Pero (MI), Italy). In the context of the LWL Lichtwellenleiteibrer / FO Fiber Optic configurator, our service provider Encoway GmbH, Buschhöhe 2, 28357 Bremen, Germany, may receive your data. Here, too, the server location is in the EU.
The storage is limited to fulfilling the purpose of providing you with an individual offer based on the data provided and to negotiate on this offer. Once the data is no longer required, it is deleted. Furthermore, we only store the data if this is required by commercial and tax law regulations. The legal basis for the processing of the data is Art. 6 (1) lit. b) GDPR, to the extent that the preparation of the possible contract is concerned. Otherwise Art. 6 (1) lit. f) GDPR applies with regard to answering other inquiries.
If you contact us via the chat on the website, you do so using the Userlike software, which is live chat software of the company Userlike UG (limited liability), Probsteigasse 44-46, 50670, Cologne, Germany, which is bound by instructions. Once the chat has started, the following related personal data is processed:
- date and time of the call;
- browser type/version;
- IP address;
- operating system used;
- URL of the previously visited website;
- amount of data sent.
This data is required in order to be able to perform country identification and therefore language selection and to ensure the stability and security of the chat. This is in our legitimate interest within the meaning of Article 6 (1) lit. f GDPR.
In order to be able to use the chat function at all, you also need to provide us with the following personal data:
- email address.
Depending on the course of the conversation, further personal data entered by you may be processed in the chat. The nature of this data depends heavily on your request or the problem you describe to us.
This data processing takes place on the basis of Article 6 (1) lit. b) GDPR. The purposes of the processing include enabling the use of our specific products and services within the scope of our website content.
We would like to point out that the data that you voluntarily provide us with via the chat will be stored for the purposes of processing your inquiry and for statistical purposes. Only the chat log and associated IP address are stored in this regard. The data contained herein is not used to personally identify visitors to this website, nor for other purposes, particularly for marketing purposes. The chat log is deleted after one year.
4. Which of your personal data is still processed?
In some cases, your data will also be transferred to third parties, i.e. partners with whom we cooperate outside of a commissioned processing. Such partners provide their services as their own data controllers; the processing of your data by partners is governed solely by their privacy notices.
4.1. Payment service providers
You can pay on our website using the payment service of EVO Payments International GmbH, Elsa-Brändström-Straße 10, 50668 Cologne, Germany (EVO). EVO processes the transaction. In this context, personal data is also transmitted to EVO, such as bank details or credit card numbers. Said processing is necessary for the verification and processing of the payment order triggered to fulfil the contract you have concluded with us. The legal basis is Art. 6 (1) lit. b GDPR.
EVO also reserves the right to carry out a credit assessment. To this end, your payment details may be transmitted to credit agencies, based on the legitimate interest of EVO in determining your creditworthiness, pursuant to Article 6 (1) lit. f GDPR. EVO uses the result of the credit assessment to determine the statistical probability of default and to then decide whether or not to offer the respective payment method. The credit assessment may contain probability values (so-called scores). If scores are included in the credit assessment results, they are based on scientifically accepted, mathematical-statistical methods. Address data is (not exclusively) used to calculate scores. For more information on privacy, including information on any involved credit agencies, please refer to EVO's Data Protection Declaration under the following link: https://www.evopayments.eu/datenschutz/
You can always object to the processing of your data by sending a message to EVO. Nevertheless, EVO Payments might still be entitled to process your personal data if this is required for the contractual handling of payments.
4.2 Carrying out credit assessments
If we make advance deliveries/payments (such as delivery on invoice), we reserve the right to carry out a credit assessment on the basis of mathematical-statistical methods to safeguard our legitimate interest in verifying the solvency of our customers. Depending on the country of the data collectors mentioned at the beginning of this Privacy Notice, we transmit the personal data required for a credit assessment to the following service providers pursuant to Article 6 (1) (f) GDPR:
- Creditreform Stuttgart Strahler KG, Theodor Heuss Strasse 2, 70174 Stuttgart, Germany
- Bürgel Wirtschaftsinformationen Vertriebsgesellschaft mbH, Am Wallgraben 100, 70565 Stuttgart, Germany
- Bisnode Deutschland GmbH, Robert-Bosch-Str. 11, 64295 Darmstadt, Germany
- Coface Rating GmbH, Isaac-Fulda-Allee1, 55124 Mainz, Germany
- Coface Poland Services Sp. Z o.o, Al. Jerozolimskie 142 A, 02-305 Warsaw, Poland
- KSV1870 Information GmbH, Wagenseilgasse 7, 1120 Vienna, Austria
- Dun & Bradstreet Czech Republic, a.s., Siemensova 2717/4, 15500 Prague, Czech Republic
- Dun & Bradstreet BV, Otto Reuchlinweg 1094, 3072 MD Rotterdam, Netherlands
The credit assessment may contain probability values (so-called scores). If scores are included in the credit assessment, they are based on a scientifically accepted, mathematical-statistical method. Address data is (not exclusively) used to calculate scores. We use the result of the credit assessment to determine the statistical probability of default and to make decisions on the substantiation, performance, or termination of a contractual relationship.
You can always object to this processing of your data by sending a message to the controller or the aforementioned credit agencies. Nevertheless, we might still be entitled to process your personal data if this is required for the contractual handling of payments.
4.3 The use of ratings and test seal graphics (Trusted Shops)
In order to display our Trusted Shops seal together with any reviews, and to offer Trusted Shops products to buyers after placing an order, we have integrated the Trusted Shops Trustbadge on our website.
This processing serves to protect our legitimate interest in optimally marketing our offer, deemed overriding after a balancing of interests, pursuant to Article 6 (1) lit. f GDPR. The Trustbadge and services it advertises are an offer of Trusted Shops AG, Subbelrather Str. 15C, 50823 Cologne, Germany. We are joint controllers within the meaning of Article 26 GDPR. In this Privacy Notice, we shall now inform you of the material contents of the contract pursuant to 26 (2) GDPR.
When calling up the Trustbadge, the website automatically stores a so-called server log file, which, for example, might contain your IP address, the date and time of access, transmitted data quantities, and the requesting provider (access data) and therewith documents the request. This access data is not analysed and is automatically overwritten seven days after you stopped visiting the website at the latest.
After order completion, your email address –hashed by cryptological one-way function – will be transmitted to Trusted Shops GmbH. The legal basis is Article 6 (1) lit. f GDPR. This is done to check whether you have already registered for Trusted Shops GmbH's services and is thus required to satisfy our overriding legitimate interest in providing the buyer protection linked to the specific order and transactional evaluations, pursuant to Article 6 (1) lit. f GDPR. If so, further processing will be carried out in accordance with the contractual agreement between you and Trusted Shops. If you have not yet registered for the services, you will receive the option of setting up an account. Any further processing after registration is governed by the contractual agreement between you and Trusted Shops GmbH. If you do not register for an account, all transmitted data will be automatically deleted by Trusted Shops GmbH and this data can then no longer be linked to a person.
Any additional personal data is only transmitted to Trusted Shops if you have consented thereto, if we are allowed to send you service emails (cf. Chapter 3.3.2), if you opt to use Trusted Shops products after completing an order, or if you have already registered for use. In this case, the contractual agreement concluded between you and Trusted Shops shall apply.
Within the scope of the joint responsibility existing between us and Trusted Shops GmbH, we kindly recommend that you first contact Trusted Shops GmbH if you have any questions concerning data protection or to assert any rights using the contact options specified in the privacy policies linked in this section. Regardless, however, you can always contact the controller of your choice. If necessary, your request will then be forwarded to another controller for processing.
4.4 Use of social media icons
We have added social media icons to our website. With a simple mouse click you can access the following social media platforms: Instagram, Facebook, LinkedIn, Twitter, Xing and YouTube. When you visit our website, no personal data is passed on to the providers. You can recognise the provider of the platforms by the logo. We give you the option of directly accessing articles by LAPP on their website by using the icon. If you are logged in to the respective provider's website or app at the time the icon is activated, the network can assign your visit to our website. If you do not want this to happen, log out before clicking on the icon. We have no influence on the collected data and data processing procedures, nor are we aware of the full extent of the data collection, the purposes of the processing and the storage periods. We also have no information regarding erasure.
By clicking on the icon, we offer you the opportunity to receive information from LAPP on the respective platform. The legal basis for use is Article 6 (1) (f) GDPR.
4.5 Embedding YouTube Videos
We have embedded YouTube videos on our website, which are stored on http://www.YouTube.com and can be played directly from our website. The service provider is YouTube LLC, 901 Cherry Ave., 94066 San Bruno, CA, USA, a subsidiary of Google Inc., Amphitheater Parkway, Mountain View, CA 94043, USA. For users who have their habitual residence in the European Economic Area or Switzerland, Google Ireland Limited ('Google'), Gordon House, Barrow Street, Dublin 4, Ireland is the controller responsible for your data. For other users, we refer to our information in Chapter 9.2 Transfer to third countries.
In order for you to retain control of your data, all videos are initially deactivated by default and are activated after you have agreed to their use via the cookie consent tool or the cookie settings. The legal basis for displaying the videos is Article 6 (1) lit a) GDPR.
After activating the link, your personal data about usage will be automatically processed by the platform, as if you were visiting the platform directly. The platform alone is the controller responsible for this processing.
By visiting the website, YouTube receives the information that you have accessed the corresponding sub-page of our website. This occurs regardless of whether YouTube provides a user account which you are logged in to or whether no user account exists. If you are logged in to Google, your data will be assigned directly to your account. If you do not wish to be associated with your YouTube profile, you must log out before activating the button. YouTube stores your data as usage profiles and uses it for advertising purposes, market research and/or needs-based design of its website. Such an evaluation is carried out in particular (even for users who are not logged in) in order to provide needs-based advertising and to inform other users of the social network about your activities on our website. To the extent that data is processed outside the European Economic Area / the EU, where there is no data protection level corresponding to that of the European standard, Google, according to its own statements, uses standard contractual clauses. You have the right to object to the creation of these user profiles, however, you must contact YouTube to exercise this right.
To design our website in the most user-friendly way possible and to display more relevant advertisements to visitors of our website, we and our partners use so-called cookies. Cookies are small files stored on the device of a user. They allow information to be retained for a certain period of time and identify the visitor's terminal device. This is sometimes also done using tracking pixels, which are not stored on the hard drives of users, but can also help in identifying visitors in a similar way as cookies. In the following, the word cookie covers both cookies in the technical sense as well as tracking pixels and similar technical methods.
5.1 Cookie consent tool of CookiePro by OneTrust
When visiting our website for the first time, you will be shown a banner by CookiePro by OneTrust with a cookie consent text. If you provide consent here or in our cookie settings, said consent will be stored in your browser via a selection cookie. This way, we do not have to display this notice every time you visit any page. If said reference is no longer preserved in your browser (e.g. after deleting the browsing history), this notice will once again be displayed when revisiting our website.
In this context, the collected data will not be passed on to the provider of CookiePro and will only be stored by us up until you erase the selection cookie yourself or until the original purpose for data storage no longer applies. Any mandatory statutory retention periods remain unaffected.
5.2 Configurators cookie list
In addition to the cookies listed in Section 5.1, the following cookies are used for the configurators:
5.2.1 Strictly Necessary Cookies
|Cookie Subgroup||Cookies||Cookies used||Lifespan|
|https://lapp.com/||Nginxp_fe||3rd Party||1 day|
5.2.2 Performance Cookies
|Cookie Subgroup||Cookies||Cookies used||Lifespan|
|lapp.com||emos_jcvid||1st Party||730 days|
6. Website optimisation
To design our website tailored to needs and for the optimisation of this website, solutions and technologies of Econda GmbH, Zimmerstr. 6, 76137 Karlsruhe, Germany, collect and store pseudonymised data and use this data to create usage profiles from pseudonyms created.
Econda anonymises the data when it is recorded by truncating the IP address, meaning that it is not possible to assign it to a specific user when used according to its intended purpose. The anonymised data remains on the Econda servers and can only be accessed there by us. This aggregated data enables us to analyse visitor flows and click paths, for example, without being able to assign them to a specific user. The servers are exclusively located in Germany.
For this purpose, cookies can be used, cf. Chapter 5, which enable the recognition of a browser. However, user profiles are not compiled with data of the person behind the pseudonym without the express permission of the visitor. IP addresses in particular are made unrecognisable immediately after the user has accessed the website, making it impossible to assign user profiles to IP addresses. Visitors to this website can object to the recording and storage of this data for the future at any time, here.
The data is stored for a period of ten (10) years.
6.2 Google Tag Manager
We use Google Tag Manager on our website. Google Tag Manager is a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (Google).
With Google Tag Manager, we can integrate various codes and services on our website in an orderly and simplified manner. Google Tag Manager implements the tags or 'triggers' the integrated tags. When a tag is triggered, Google may collect information (including personal data) and process it. It cannot be ruled out that Google will also transmit the information to a server in a third country.
In particular, the following personal data is processed by Google Tag Manager:
- online identifiers (including cookie identifiers);
- IP address.
The legal basis for using Google Tag Manager is Art. 6 (1) (a) GDPR, provided you have consented to its use via the cookie consent tool or the cookie settings.
You can find more detailed information about Google Tag Manager on the websites https://www.google.de/tagmanager/use-policy.html and under https://www.google.com/intl/de/policies/privacy/index.html the section 'Data that we receive as a result of your use of our services'.
Furthermore, we have concluded an order processing contract with Google for the use of Google Tag Manager pursuant to Art. 28 GDPR. Google processes the data on our behalf in order to trigger the stored tags and to display the services on our website. Google may transmit this information to third parties if this is legally required or if third parties process this data on behalf of Google.
By integrating Google Tag Manager, we are pursuing the purpose of being able to integrate various services in a simplified and clear manner. In addition, the integration of Google Tag Manager optimises the loading times of the various services.
6.3 Google Ads
We have integrated Google Ads on our website. The operator of the Google Ads services is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (Google).
Google Ads is an Internet advertising tool, which allows us to show ads in both Google search engine results as well as within the Google advertising network. Google Ads allows us to predefine keywords that ensure that ads are shown in the Google search engine results if you use a search word that is related to the keyword. Within the Google advertising network, the ads are distributed to topically relevant websites by means of an automatic algorithm, taking into consideration the predefined keywords.
Google uses the collected data and information to create visitor statistics for our website. We, in turn, use these visitor statistics to determine the total number of users mediated to us through Ads advertisements, i.e. to assess the success or failure of the corresponding Ads advertisements and thus optimise our Ads advertisements in future. Neither LAPP nor other Google Ads customers receive information from Google that can help identify data subjects.
If you still wish to object to Google Ads, you can generally disable it by making the necessary settings at www.google.com/settings/ads.
6.4 Google retargeting
Through our cookie consent tool, a so-called conversion cookie can be stored on your IT system. Refer to Chapter 5 of this Privacy Notice for an explanation of what cookies are. The retargeting function of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (Google) can be used with the help of this conversion cookie.
This feature generally aims to present interest-based ads to visitors of a website within the Google advertising network. If you visit our website and then visit a website within Google's advertising network, you may be shown advertisements from LAPP. The purpose behind Google Retargeting is thus to advertise our website by displaying advertising that is tailored to interests on the websites of third-party companies and in the Google search engine results.
The legal basis for data processing when using Google Retargeting is Article 6 (1) lit. a GDPR, if you consented to the use of conversion cookies through the cookie consent tool or in the cookie settings. A conversion cookie lapses after thirty (30) days.
The conversion cookie is used to store personal information, such as websites visited by a data subject. Whenever you visit our website, personal data, including the IP address of the Internet connection used by the data subject, is transmitted to Google in the United States. Google stores this personal data in the US. Google may under some circumstances share the personal data collected through this technical process with third parties.
If you wish to object to the use of Google Retargeting, you can generally disable conversion cookies at any time, by making the necessary configurations in our cookie settings or at www.google.com/settings/ads.
7. Compliance with legal requirements
In addition to the previously mentioned purposes, we also process your data to fulfil legal requirements. We are subject to a variety of legal obligations. These are primarily legal requirements (e.g. from commercial and tax laws), but also, if applicable, regulatory or other official requirements. These include, in particular, the fulfillment of tax control and reporting obligations as well as archiving and documentation obligations.
The legal basis for the processing is Article 17 (3) lit. b) GDPR and Article 6 (1) lit. c) GDPR.
8. Law enforcement and legal defence
We may also process your personal data in order to assert our rights and to be able to enforce our legal claims and/or to be able to defend ourselves against legal claims and/or to the extent necessary to prevent or prosecute criminal offences.
The legal basis for the processing is Article 17 (3) lit. e) GDPR and Article 6 (1) lit. c) GDPR. Our legitimate interest lies in law enforcement and legal defence.
9. Recipients of personal data
We share your data to the extent necessary with service providers we use which support us in providing our services.
9.1 Recipient categories
The categories of recipients of your data are stated below. These are, in particular:
- IT service providers which, inter alia, store data and support the administration and maintenance of IT systems;
- logistics service providers, e.g. to deliver our products;
- payment service providers/banks;
- public bodies and institutions, to the extent that we are legally obligated to do so.
Furthermore, your personal data will also be passed on to our affiliated companies within our global group, to the extent that they work for us as processors and, for example, provide IT services or insofar as such is necessary for the provision of our services. The transfer takes place to the extent that this data is lawful for the fulfillment of our contractual and legal obligations or on the basis of our legitimate interests in accordance with Article 6 (1) (f) GDPR. This can be for economic, administrative or other internal business management purposes; this only applies if such are not overridden by your interests or fundamental rights and freedoms which require the protection of personal data.
9.2 Third-country transfer
As part of the use of certain tools stated, your personal data will also be transmitted to a third country in compliance with the requirements of Article 44 et seqq. GDPR. If third-country service providers are used, they are usually obligated to comply with the data protection level of the European Union through the agreement of the EU standard data protection clauses (if necessary in connection with additional guarantees) adopted by the European Commission. The standard data protection clauses are freely available on the Internet on the website of the European Commission.
Despite these contractual and technical measures, it may arise that the level of data protection in the third country does not correspond to that of the European Union. The legal basis for the international data transfer that then takes place is your consent pursuant to Article 49 (1) sentence 1 lit. a) GDPR, which you provide by granting consent in the cookie banner (or other forms, registrations, etc.). Above all, there is a risk – especially in the case of data transfer to the US – that your personal data may possibly be processed by authorities for control and monitoring purposes, even without sufficient legal remedies being available, without us as the data exporter or you as the data subject being aware of such.
In the context of any data transfers to the USA, we would like to inform you that on 10 July 2023, the European Commission adopted an implementing decision based on Regulation (EU) 2016/679 of the European Parliament and of the Council, in which an adequate level of protection for personal data is determined in the context of data protection between the EU and the USA. This decision governs the lawfulness of transfers of personal data from the EU to US-based organisations that are self-certified under the Data Privacy Framework program and listed by the US Department of Commerce. In this case, the legal basis for the transfer of personal data to an entity with an active DPF certificate is Art. 45 GDPR. If the entity is not in possession of a certificate, the legal basis for the data transfer is still Art. 46 GDPR or Art. 49 GDPR, as described above. The current status of a US-based service provider can be checked at any time on the Internet on the Data Privacy Framework website at https://www.dataprivacyframework.gov/s/participant-search/. The new Data Privacy Framework introduces a number of safeguards related to personal data being accessed by US intelligence agencies and other safeguards in order to ensure a level of data protection equivalent to that of the EU, including the establishment of a dedicated, impartial US court of appeal (Data Protection Review Court), where EU citizens can request the release of their personal data.
Both we and our service providers take the necessary technical and organisational security precautions to protect your personal data under our control against both accidental and intentional manipulation, loss, and destruction, as well as against access by unauthorised parties. Our data processes and security measures are continuously improved to keep up with technological advancements.
Personal data that is exchanged between you and us or other involved companies is generally transmitted via encrypted connections that correspond with the state-of-the-art.
Our employees and any commissioned service providers are – of course – bound to confidentiality.
11. Automated decisions in individual cases / profiling
We process personal data in order to create customer profiles with the purpose of optimising marketing campaigns, offers and services. We do not use procedures for automated decision-making / profiling that have a legal effect on you or significantly affect you in a similar way.
12. Obligation to provide data
You are only required to provide the data that is necessary for the business relationship with us or that we are legally obligated to collect. Without this data, we shall not be able to enter into a business relationship with you or provide you with our services. Personal data that we inevitably need for the purposes mentioned above are marked as such. We process all data provided voluntarily on the basis of your consent in accordance with Article 6 (1) lit. a) GDPR and/or Article 6 (1) sentence 1 lit. f) GDPR. Our legitimate interest is the further development of our products and services.
13. Links to other Internet websites
Our website contains links to other websites. We have no influence over operators of these websites complying with data protection regulations, including the GDPR. Even after carefully reviewing the content, we can not assume any liability for external links to third-party content, either. For more information on the data processing procedures on these pages, we kindly ask you to review the data protection information on the respective websites.
14. Data storage period
Unless you request deletion of the data (cf. point 15), it will be stored by us for as long as it is needed for the purpose for which it was collected. In addition, storage may take place, in particular if a contractual relationship exists or existed, for the purpose of fulfilling retention obligations under commercial and tax law (e.g. two to ten years), ensuring proper disaster recovery (e.g. up to three years), receivables and evidence management (e.g. three years from the end of the year) or for the preservation of evidence within the scope of statutory limitation provisions (e.g. up to thirty years).
15. Your rights
Every natural person whose personal data we process generally (i.e. depending on the respective conditions) has the following rights vis-à-vis us:
- If you have any questions about the ways in which we process your personal data, we would be happy to provide you with information about your personal data we store, free-of-charge and at any time (Article 15 GDPR).
- You have the right to rectification of incorrect and completion of incomplete data (Article 16 GDPR).
- You have a right to block/restrict processing or delete your personal data that is no longer required or stored due to legal obligations (Articles 17 and 18 GDPR).
- You have the right to data portability in a structured, commonly used, and machine-readable format, if you have provided us said data based on consent or a contract concluded between us (Article 20 GDPR).
- You have the right to object to the processing of your data for direct marketing purposes at any time (Article 21 (2) and (3) GDPR).
- You have the right to object to the processing of personal data on the basis of a legitimate interest, with us having the opportunity to demonstrate compelling legitimate grounds for the processing (Article 21 (1) GDPR). Please refer to earlier sections of this Notice to find out when such grounds exist.
- If you have given your consent to data processing, you can withdraw said consent at any time with effect for the future. In other words, the lawfulness of data processing up to the time of withdrawal shall remain unaffected. After withdrawing your consent, you may no longer be able to use our services.
You additionally have the right to lodge a complaint with a supervisory authority (Article 77 GDPR). We do, however, recommend you first direct your complaint to us.
You can exercise your rights against any of the data controllers mentioned at the beginning of this Privacy Notice. Please submit your request in writing (using the keyword: data protection) or by email, using the likewise specified contact details. We reserve the right to verify your identity so that your personal data does not become known to unauthorised persons.
Note on your right to object to the processing of your personal data at any time
You are welcome to send such an objection to U.I. LAPP GmbH.
We will check without undue delay, but at the latest within one month of receiving your objection, whether we are obligated to erase your data on the basis of the grounds specified or whether further processing of your data by us is necessary to protect overriding interests worthy of protection or to assert, exercise or defend legal claims. We will inform you of the result of our assessment in writing or another text form.
Occasionally, we need to make changes to the present Privacy Notice. We reserve the right to do so at any time. The updated version of the Privacy Notice will be published here. Whenever you visit us, you should therefore read through this Privacy Notice again.
Version: 14 September 2023