Privacy Policy
Privacy Notice regarding Visits to our Website pursuant to Articles 13, 14, and 21 of the EU and UK General Data Protection Regulations (GDPR)
Lapp Limited (UK and Eire), UK company number 01497180, with registered office address at 88 Crawford Street, London, W1H 2EJ, UK, phone: +44 20 8758 7800, email: sales.uk.luk@lapp.com (hereinafter referred to as 'LAPP', 'we', 'us', 'our' etc.) has drafted this Privacy Notice to inform you about the ways in which we process any personal data during your visit to our website, in communication with us, as well as during your use of website contents.
We have appointed George Karas as our data protection officer.
We provide Lapp products and services in the United Kingdom and Republic of Ireland. Data processing performed by us is governed by the data protection law of the United Kingdom, and of the European Union and Republic of Ireland. In this privacy notice references to “GDPR” and “Article” are to the versions of GDPR in force in the United Kingdom and/or European Union/Republic of Ireland, and the relevant Article thereof, respectively.
1. What personal data do we always collect from you?
1.1 When visiting our website
If you do not register or provide us with any other information, we only collect the personal data that your browser transmits to our server (so-called log files). If you wish to view our website, we collect the following data, which is technically necessary for us to display our website, to establish a connection, and to guarantee system stability and security:
• the IP address of the computer/device with which you access the Internet;
• the date and time of the request;
• time zone difference to Greenwich Mean Time (GMT);
• the website/application from which the request comes;
• the access status/HTTP status code;
• respectively transferred data volumes;
• the browser used;
• the operating system used together with its user interface;
• language and version of the browser software;
This is necessary for us to display our website and to guarantee stability and security. This is in our legitimate interest within the meaning of Article 6 (1) (f) GDPR.
During contract processing, the aforementioned data is stored on the servers of Lapp Service GmbH, Oskar-Lapp-Str. 2, 70565 Stuttgart, Germany. The servers are located in Germany.
Data is stored until the end of the following year and then erased automatically.
Collection of such data for the provision of the website and storage of data in log files is strictly necessary for proper operation of the website. As a result, the user does not have the option to object.
1.2 Phone and video conferencing as well as contact via 'Microsoft Teams'
We use Microsoft Teams as a tool to hold phone and/or video conferences and to accept calls to the phone numbers communicated to you (hereinafter collectively referred to as 'Online Meetings'). The service provider is Microsoft Ireland Operations, Ltd., One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521, Ireland, which processes the data on our behalf within the meaning of Article 28 GDPR.
Please note that this Privacy Notice only informs you about the processing of your personal data by ourselves if you hold Online Meetings with us. If you access the Microsoft Teams website, the Microsoft Teams provider is the controller responsible for data processing. If you wish to receive information about the processing of your personal data by Microsoft, we kindly ask that you access the relevant statement at Microsoft.
Various types of data are processed when using Microsoft Teams. The scope of said data is, among other things, dependent on your data choices before and during your participation in an Online Meeting.
The following personal data is processed:
• the IP address of the computer/device with which you access the Internet;
• information on you as a user: e.g. display name, possibly email address, profile picture (optional), preferred language;
• meeting metadata: e.g. date, time, Meeting ID, phone numbers, location;
• text, audio and video data: you may have the option to use the chat feature in an Online Meeting. To this extent, any text entries you make are processed to display these in the Online Meeting. To make sure that video and audio can be accessed, the data of your device's microphone and any video camera are processed accordingly for the duration of your meeting. You always have the option of disabling your camera or muting your microphone through relevant settings in the Microsoft Teams applications.
The legal basis for data processing when holding Online Meetings is Article 6 (1) (b) GDPR, to the extent that said Meetings were conducted within the context of a contractual relationship.
If the processing of personal data is a key requisite for the use of Microsoft Teams, the legal basis for processing users' personal data is Article 6 (1) (f) GDPR. Our legitimate interest is in this case effectively conducting Online Meetings.
If there is no contractual relationship, the legal basis is still Article 6 (1) (f) GDPR. Here too, our legitimate interest is the effective conduct of Online Meetings.
Personal data processed in connection with participation in Online Meetings will not be disclosed to third parties as a matter of principle, unless it is specifically intended to be disclosed. Please note that the content of both Online Meetings and face-to-face meetings is often used to communicate information with customers, interested parties, and third parties, and is therefore intended to be disclosed.
The Microsoft Teams provider necessarily obtains knowledge of the aforementioned data insofar as this is provided in the context of our data processing agreement with Microsoft Teams.
Data processing outside of the European Union (EU) does not take place as a matter of principle, as we have restricted our storage location to data centers in the European Union. However, we cannot guarantee that data is not routed via Internet servers located outside the EU. One particular instance of such routing is whenever participants participate in Online Meetings in a non-Member State.
However, the data is encrypted during transport over the Internet and thus protected against unauthorised access by third parties.
2. What personal data from you do we collect in the optional individual case?
In addition to phone and video conferences as well as telephony and the use of our website for purely informational purposes, we also offer various services that you can use if you are interested in them. This usually requires you to provide additional personal data that we use to provide the respective service.
In some cases, we use service providers in compliance with the legal requirements by way of commissioned processing pursuant to Article 28 GDPR, i.e. on the basis of a contract on our behalf, in accordance with our instructions and under our control. These are companies in particular in categories of IT service providers, logistics, telecommunications, sales and marketing, legal and tax consulting, about which we will inform you accordingly on a case-by-case basis. In these cases, we remain responsible for processing; the distribution and processing of personal data to and by our processors is based on the legal basis that allows us to process the data in each case. No separate legal basis is required.
We additionally transmit personal data to recipients which fall outside of the immediate jurisdiction of the GDPR ('third countries'). To the extent that for these countries the European Commission, and/or in the case of the UK the UK Information Commissioner’s Office, has not decided that they provide an adequate level of legal protection for your personal data, we must either ensure that we implement adequate safeguards for your personal data or that one of the legal exceptions applies.
We regularly use the standard contractual clauses approved by the European Commission, and/or in the case of the UK the UK Information Commissioner’s Office, with recipients located in third countries not recognised as safe as safeguards pursuant to Article 46 (2) (c) GDPR. Nevertheless, in some countries there is a risk that your data may be requested by national authorities for control and monitoring purposes, without the conditions being clearly regulated or corresponding legal remedies being available. Where such risks exist that are considered unreasonable by the case law of the European courts, and/or in the case of the UK the UK courts, (in some situations this is the case in the USA, for example), we will take additional protective measures and make agreements whenever possible.
In some cases, we will obtain your express consent for data transmissions to recipients in unsafe third countries pursuant to Article 49 (1) (a) GDPR. This is the case, for example, whenever our partners use cookies or comparable technologies on our website. If you give your consent, you accept that the risks described above, in particular the risk of foreign authorities accessing your data, will occur without any further relevant safeguards being agreed or additional protective measures being taken.
On this basis, we would like to inform you about the following data processing in our individual optional services:
2.1 Customer account and performance of contract
We process the personal data submitted by you when opening a customer account and/or for the performance of contract. This data includes:
• title;
• first name;
• surname;
• (email) address;
• phone and fax number;
• company;
• customer number;
• role;
• department;
• VAT identification number.
In this respect, our identification system is used for unambiguous personal identification and helps all customers to log in securely. We also record the LAPP ID – consisting of an email address and password – when registering for our Online Shop and also assign your inquiries and your user behaviour to it, particularly when and how often you log into the Online Shop, whether you register for any webinars, when submitting questions via the chat, or when you are configuring cables via the configurator. In addition to managing customer identity and profile data, the standardised login also serves to protect customer information against attacks.
We use the Auth0 Single-Sign-On authentication service to allow log ins to our website. The service provider is the American company Auth0 Inc., 10800 NE 8th Street, Suite 700, Bellevue, WA 98004, USA. Auth0 processes data in the USA, among other countries. We would like to point out that, according to the European Court of Justice and, in the case of the UK the UK Information Commissioner’s Office/UK government, there is currently no adequate level of protection for the transfer of data to the USA. This may be accompanied by various risks to the legality and security of data processing. We use the standard contractual clauses approved by the EU Commission and, in the case of the UK the UK Information Commissioner’s Office in accordance with Article 46 (2) and (3) GDPR as the basis for data processing for recipients based in third countries (in particular the USA) or data transfers to such countries. These safeguards commit Auth0 to comply with the EU and UK levels of data protection when processing relevant data, also outside the EU. These safeguards are based on an implementing decision of the European Commission.
After complete processing of the contract or deletion of your customer account, your data will be blocked with regard to tax and commercial law retention periods and deleted after expiry of these periods, unless you have expressly consented to the further use of your data or a legally permitted further use of data has been reserved on our part.
We store and use the data communicated by you for the purpose of processing the contract. The legal basis for the use of the login data is Article 6 (1) (b) GDPR insofar as the initiation, conclusion, and performance of the contract is concerned, and Article 6 (1) (f) GDPR to the extent that you are an employee of our customer and we have a legitimate interest through the conclusion of the contract. The legal basis for making optimal adjustments to the website is Article 6 (1) (f) GDPR; our legitimate interest here is based on the optimisation and personalisation of our (website content / online shop) offers.
2.2 Contact forms and contact via email
Contact forms can be used on our website in a range of ways in which you can contact us electronically regarding the following, among other things:
• initial contact;
• product details (EPLAN, AUCOTEC, special cables, or similar);
• product inquiries (ETHERLINE, Skintop, Train, or similar);
• configuration/configurator inquiries;
• electronic invoicing inquiries;
• registering complaints;
• trade fair registrations;
• Registrations for consultation appointments
• (This list is not exhaustive and will be continuously expanded to make sure we offer you the best way to get in touch with us)
Appropriate contact forms can be used on our website for this purpose. If you use this option, the data you enter in the input mask will be transmitted to us and stored. Depending on the input mask, this data might include:
• title;
• first name;
• surname;
• (email) address;
• phone and fax number;
• company;
• customer number;
• department;
• subject;
• message.
In addition, the following data is collected at the time you send your message:
• IP address;
• date and time.
Alternatively, you can contact us using one of the email addresses provided or over the phone. In this case, the personal data transmitted by you via email will be stored.
When contacting us, we will process the data provided by you for the purpose of processing your inquiry. In addition, we process in particular the e-mail address provided by you for the purpose of evaluating the performance of the contact form used by you in each case. There will be no transfer of personal data to third parties in connection with this data processing.
The legal basis for processing your data when using our contact forms is your consent pursuant to Article 6 (1) lit. a GDPR. If you contact us by sending an email, the legal basis for processing your personal data is Article 6 (1) (f) GDPR. If you contact us via email with the intention to conclude a contract, the additional legal basis for the processing is Article 6 (1) (b) GDPR. We process the personal data from the input mask solely for the purpose of processing the relevant inquiry. In the event of contact by email, this also includes the necessary legitimate interest in the processing of the data. The other personal data processed during the sending of your message is used exclusively to prevent misuse of the contact form and to ensure the security of our information technology (IT) systems.
Once the data is no longer required for the collection purpose(s), it is deleted. This is also the case for the personal data from the input mask/contact form and for data sent by you via email, once the respective conversation has ended. The conversation ends when it can be concluded from the circumstances that the matter in question has definitively been clarified. The additional personal data collected at the time of sending will be deleted after a period of seven days at the latest.
2.3 Direct mailing
2.3.1 Newsletter
If you subscribe to our newsletter, we will regularly contact you with information about our offers. The only mandatory information (marked with an asterisk) for us to send you the newsletter is your email address. The provision of any additional, separately marked data is voluntary and is used to address you personally.
This data includes:
• title;
• first name;
• surname;
• email address*;
• company;
• customer number;
• role;
• department.
In addition, the following data is collected at the time you send your message:
• IP address;
• date and time.
We use the SAP Marketing Cloud to send and evaluate emails in the form of newsletters. The data you enter to receive the newsletter will be processed on the servers of the SAP Marketing Cloud in Eemshaven (Netherlands). By sending our newsletter with SAP Marketing Cloud, we can track whether a newsletter was opened, if any links were clicked, and if so which ones. The SAP Marketing Cloud also enables us to classify recipients of newsletters into different categories (also known as 'tagging'). This enables us to subdivide newsletter recipients according to their interest in a specific product or product group. We also use 'web beacons' to measure email opening rates. The click-through rate is measured using the SAP Marketing Cloud URLs associated with the email. Interests are automatically assigned based on clicks on a URL or image. The assignment of these interests does not have any influence on the possibility of acquiring services from LAPP or on the assessment of whether and under what conditions you can enter into a contract with us.
The data collected by us when subscribing to our newsletter is exclusively used to establish contact for marketing purposes in the form of our newsletter and its evaluation. In addition, you as a newsletter subscriber shall be notified by email in all instances in which this is necessary for the operation of the newsletter service, as could be the case in the event of changes to the newsletter offer or changes in technical circumstances.
We use the double opt-in procedure for sending the newsletter. This means that we will not send you an email newsletter until you have expressly confirmed your consent to receiving our newsletter. We do so by means of a confirmation email, prompting you to reconfirm your intent to receive the newsletter in future by clicking a link.
By activating the confirmation link, you give us your consent for the use and evaluation of your personal data pursuant to Article 6 (1) (a) GDPR. In order to be able to trace a possible misuse of your e-mail address at a later point in time, we also have a legitimate interest pursuant to Article 6 (1) (f) GDPR in storing the data collected at the time of sending your message.
You can unsubscribe from our newsletter at any time via the link provided for this purpose in the newsletter or by sending a corresponding message to the controller named at the beginning. After unsubscribing, your email address will be deleted from our newsletter distribution list immediately, unless you have expressly consented to further use of your data or we reserve the right to use your data for any other purpose that is permitted by law and about which we inform you in this statement.
2.3.2 Electronic advertising to existing customers
If you have provided us with your email address when purchasing items or services, we reserve the right to periodically email you offers for items or services similar to those you have already purchased from our product line. For customers in the UK pursuant to Regulation 22(3) Privacy and Electronic Communications (EC Directive) Regulations 2003/2426, we do not need to obtain separate consent from you for this. For customers in the Republic of Ireland the corresponding provision is . In this respect, data processing is carried out solely on the basis of our legitimate interest in personalised direct advertising pursuant to Article 6 (1) (f) GDPR. If you have objected to the use of your email address for this purpose, we will not send you any emails.
We use the SAP Marketing Cloud to send emails in the form of electronic advertising to existing customers. Your email address – which we receive from you when you purchase our items or services – will be processed on the servers of the SAP Marketing Cloud in Eemshaven (Netherlands). If we use the SAP Marketing Cloud to send electronic advertising to you as an existing customer, we can anonymously determine whether an email has been opened. We also use 'web beacons' to anonymously measure the opening rate of emails. The click-through rate is measured using the SAP Marketing Cloud URLs associated with the email.
You are entitled to object to the use of your e-mail address for the aforementioned advertising purpose at any time with effect for the future by notifying the controller named at the beginning or by clicking on the unsubscribe link in our emails. The only charges you will incur in this regard are the base rate charges for transmitting the message. After receiving your objection, we will stop using your email address for marketing purposes without undue delay.
2.4 Webinars
Every now and then, we offer you the option of registering for different webinars on various current topics via our website. Webinars are video seminars run with computer support. We use the Conference Manager tool from Conference Manager GmbH, Türkenstr. 7, 80333, Munich, Germany, to offer webinars over the Internet; this provider processes the data on our behalf pursuant to Art. 28 GDPR.
The following mandatory data is requested when registering:
• title;
• first name;
• surname;
• company;
• email address;
• country
To register for a webinar, enter this data on the landing page via the link on our website. If you take part in a webinar, we will receive information from the webinar service provider, along with your registration details, about the duration of participation, interest in the webinar, questions asked or answers given to them for the purpose of further customer support or for improving the webinars.
The webinar is carried out via an encrypted connection between you and Conference Manager. The audio or image information transmitted is only recorded by us if expressly communicated before the start of the webinar. If you ask questions in the webinar, these questions will also be recorded and played back when you call up the webinar at a later date. If you want to avoid this recording, please submit your questions via email afterwards. Conference Manager processes anonymised statistical data during and after the webinar. You are not permitted to create any recordings or screenshots of the webinar.
Your personal data that you provide to us as part of your registration will only be used by us on the basis of Art. 6 (1) (b) GDPR to process your registration provide the webinar and for communication in the period leading up to and the period after your participation in the webinar.
2.5 Configurators
Our website has the following configurators:
• cable finder;
• cable assembly finder;
• cable gland finder;
• cable protection finder;
• cable marking finder;
• connector finder;
• housing configurator;
• servo configurator;
• chain configurator;
• fibre optic cable configurator;
These can only be used after creating/registering for a customer account as described in 2.1, with the corresponding LAPP ID, or by using one of the individual contact forms described in 2.2. We exclusively use the data specified here to create, dispatch, and negotiate the requested offer.
We forward the data that you enter in the context of the configurators to the LAPP company of the relevant country specified by you. You can see which country this is by clicking the following link: https://www.lappgroup.com/de.html
The data provided by you in the context of the chain configurator is also passed on to our service provider SOTEHA srl a Socio Unico, with registered office at Via Ticino, 6, 20095 Cusano Milanino (MI, Italy) and the following address: Via Zucchi, 39/C, 20095 Cusano Milanino (MI, Italy). Our service provider’s servers are located in the EU (Data Centre Verizon Business, Pero (MI), Italy). In the context of the LWL Lichtwellenleiteibrer / FO Fiber Optic configurator, our service provider Encoway GmbH, Buschhöhe 2, 28357 Bremen, Germany, may receive your data. Here, too, the server location is in the EU.
The storage is limited to fulfilling the purpose of providing you with an individual offer based on the data provided and to negotiate on this offer. Once the data is no longer required, it is deleted. Furthermore, we only store the data if this is required by commercial and tax law regulations. The legal basis for the processing of the data is Art. 6 (1) (b) GDPR, to the extent that the preparation of the possible contract is concerned. Otherwise Art. 6 (1) (f) GDPR applies with regard to answering other inquiries.
We sometimes use cookies when you use a configurator. Please refer to Section 4 for exhaustive information on our use of cookies.
2.6 Chat
If you contact us via the chat on the website, you do so using the Userlike software, which is live chat software of the company Userlike UG (limited liability), Probsteigasse 44-46, 50670, Cologne, Germany, which is bound by instructions.
Once the chat has started, the following related personal data is processed:
• date and time of the call;
• browser type/version;
• IP address;
• operating system used;
• URL of the previously visited website;
• amount of data sent.
This data is required in order to be able to perform country identification and therefore language selection and to ensure the stability and security of the chat. This is in our legitimate interest within the meaning of Article 6 (1) (f) GDPR.
In order to be able to use the chat function at all, you also need to provide us with the following personal data:
• name;
• email address.
Depending on the course of the conversation, further personal data entered by you may be processed in the chat. The nature of this data depends heavily on your request or the problem you describe to us.
This data processing takes place on the basis of Article 6 (1) (b) GDPR. The purposes of the processing include enabling the use of our specific products and services within the scope of our website content.
We would like to point out that the data that you voluntarily provide us with via the chat will be stored for the purposes of processing your inquiry and for statistical purposes. Only the chat log and associated IP address are stored in this regard. The data contained herein is not used to personally identify visitors to this website, nor for other purposes, particularly for marketing purposes. The chat log is deleted after one year.
In this regard, Userlike uses cookies, inter alia, about which we provide information in Chapter 4.
3. Which of your personal data is still processed?
In some cases, your data will also be transferred to third parties, i.e. partners with whom we cooperate outside of a commissioned processing. Such partners provide their services as their own data controllers; the processing of your data by partners is governed solely by their privacy notices.
3.1. Payment service providers
You can pay on our website using the payment service of CyberSource Ltd, Kennet Wharf, 41-45 Queens Road, Reading, Berkshire, RG1 4BQ, United Kingdom. CyberSource processes the transaction. In this context, personal data is also transmitted to CyberSource, such as bank details or credit card numbers. Said processing is necessary for the verification and processing of the payment order triggered to fulfil the contract you have concluded with us. The legal basis is Art. 6 (1) (b) GDPR. CyberSource also reserves the right to carry out a credit assessment. To this end, your payment details may be transmitted to credit agencies, based on the legitimate interest of CyberSource in determining your creditworthiness, pursuant to Article 6 (1) (f) GDPR. CyberSource uses the result of the credit assessment to determine the statistical probability of default and to then decide whether or not to offer the respective payment method. The credit assessment may contain probability values (so-called scores). If scores are included in the credit assessment results, they are based on scientifically accepted, mathematical-statistical methods. Address data is (not exclusively) used to calculate scores. For more information on privacy, including information on any involved credit agencies, please refer to CyberSource's Data Protection Declaration under the following link: https://www.cybersource.com/en-us/about/dpa.html can always object to the processing of your data by sending a message to CyberSource. Nevertheless, CyberSource Payments might still be entitled to process your personal data if this is required for the contractual handling of payments.
3.2 Carrying out credit assessments
If we make any advance performance (such as delivery on invoice), we reserve the right to carry out a credit assessment on the basis of mathematical-statistical methods to safeguard our legitimate interest in verifying the solvency of our customers. We transmit the personal data required for a credit assessment to the following service providers pursuant to Article 6 (1) (f) GDPR:• Dun & Bradstreet Ltd, The Point, 37 North Wharf Road, Paddington, London, W2 1AF, United Kingdom, credit assessment may contain probability values (so-called scores). If scores are included in the credit assessment, they are based on a scientifically accepted, mathematical-statistical method. Address data is (not exclusively) used to calculate scores. We use the result of the credit assessment to determine the statistical probability of default and to make decisions on the substantiation, performance, or termination of a contractual relationship. You can always object to this processing of your data by sending a message to the controller or the aforementioned credit agencies. Nevertheless, we might still be entitled to process your personal data if this is required for the contractual handling of payments.
.
3.3 The use of ratings and test seal graphics (Trusted Shops)
In order to display our Trusted Shops seal together with any reviews, and to offer Trusted Shops products to buyers after placing an order, we have integrated the Trusted Shops Trustbadge on our website.
This processing serves to protect our legitimate interest in optimally marketing our offer, deemed overriding after a balancing of interests, pursuant to Article 6 (1) (f) GDPR. The Trustbadge and services it advertises are an offer of Trusted Shops AG, Subbelrather Str. 15C, 50823 Cologne, Germany. We are joint controllers within the meaning of Article 26 GDPR. In this Privacy Notice, we shall now inform you of the material contents of the contract pursuant to Article 26 (2) GDPR.
The Trustbadge is provided in joint responsibility by a CDN (Content Delivery Network) provider from the US. An adequate level of data protection is maintained through the use of the standard data protection clauses and additional contractual measures. You can find further information on data protection at Trusted Shops AG in their Privacy Policy: https://www.trustedshops.de/impressum-datenschutz/
When calling up the Trustbadge, the website automatically stores a so-called server log file, which, for example, might contain your IP address, the date and time of access, transmitted data quantities, and the requesting provider (access data) and therewith documents the request. This access data is not analysed and is automatically overwritten seven days after you stopped visiting the website at the latest.
After order completion, your email address –hashed by cryptological one-way function – will be transmitted to Trusted Shops GmbH. The legal basis is Article 6 (1) (f) GDPR. This is done to check whether you have already registered for Trusted Shops GmbH's services and is thus required to satisfy our overriding legitimate interest in providing the buyer protection linked to the specific order and transactional evaluations, pursuant to Article 6 (1) (f) GDPR. If so, further processing will be carried out in accordance with the contractual agreement between you and Trusted Shops. If you have not yet registered for the services, you will receive the option of setting up an account. Any further processing after registration is governed by the contractual agreement between you and Trusted Shops GmbH. If you do not register for an account, all transmitted data will be automatically deleted by Trusted Shops GmbH and this data can then no longer be linked to a person.
Any additional personal data is only transmitted to Trusted Shops if you have consented thereto, if we are allowed to send you service emails under Regulation 22(3) Privacy and Electronic Communications (EC Directive) Regulations 2003/2426 (cf. Section 2.3.2), if you opt to use Trusted Shops products after completing an order, or if you have already registered for use. In this case, the contractual agreement concluded between you and Trusted Shops shall apply.
Within the scope of the joint responsibility existing between us and Trusted Shops GmbH, we kindly recommend that you first contact Trusted Shops GmbH if you have any questions concerning data protection or to assert any rights using the contact options specified in the privacy policies linked in this section. Regardless, however, you can always contact the controller of your choice. If necessary, your request will then be forwarded to another controller for processing.
3.4 Use of social media icons
We have added social media icons to our website. With a simple mouse click you can access the following social media platforms: Instagram, Facebook, LinkedIn, Twitter, Xing and YouTube. When you visit our website, no personal data is passed on to the providers. You can recognise the provider of the platforms by the logo. We give you the option of directly accessing articles by LAPP on their website by using the icon. If you are logged in to the respective provider's website or app at the time the icon is activated, the network can assign your visit to our website. If you do not want this to happen, log out before clicking on the icon. We have no influence on the collected data and data processing procedures, nor are we aware of the full extent of the data collection, the purposes of the processing and the storage periods. We also have no information regarding erasure.
By clicking on the icon, we offer you the opportunity to receive information from LAPP on the respective platform. The legal basis for use is Article 6 (1) (f) GDPR.
3.5 Embedding YouTube Videos
We have embedded YouTube videos on our website, which are stored on http://www.YouTube.com and can be played directly from our website. The service provider is YouTube LLC, 901 Cherry Ave., 94066 San Bruno, CA, USA, a subsidiary of Google Inc., Amphitheater Parkway, Mountain View, CA 94043, USA. For users who have their habitual residence in the European Economic Area or Switzerland, Google Ireland Limited ('Google'), Gordon House, Barrow Street, Dublin 4, Ireland is the controller responsible for your data.
In order for you to retain control of your data, all videos are initially deactivated by default and are activated after you have agreed to their use via the cookie consent tool or the cookie settings. The legal basis for displaying the videos is Article 6 (1) (a) GDPR.
After activating the link, your personal data about usage will be automatically processed by the platform, as if you were visiting the platform directly. The platform alone is the controller responsible for this processing.
By visiting the website, YouTube receives the information that you have accessed the corresponding sub-page of our website. This occurs regardless of whether YouTube provides a user account which you are logged in to or whether no user account exists. If you are logged in to Google, your data will be assigned directly to your account. If you do not wish to be associated with your YouTube profile, you must log out before activating the button. YouTube stores your data as usage profiles and uses it for advertising purposes, market research and/or needs-based design of its website. Such an evaluation is carried out in particular (even for users who are not logged in) in order to provide needs-based advertising and to inform other users of the social network about your activities on our website. To the extent that data is processed outside the European Economic Area / the EU, where there is no data protection level corresponding to that of the European standard, Google, according to its own statements, uses standard contractual clauses. You have the right to object to the creation of these user profiles, however, you must contact YouTube to exercise this right.
Further information on the purpose and scope of data collection and its processing by YouTube can be found in Google's Privacy Policy. There, you will also find further information on your rights and setting options in order to protect your privacy: https://www.google.de/intl/de/policies/privacy.
Information on the third-country transfer taking place can be found below in Chapter 8.2 Third-country transfer.
4. Cookies
To design our website in the most user-friendly way possible and to display more relevant advertisements to visitors of our website, we and our partners use so-called cookies. Cookies are small files stored on the device of a user. They allow information to be retained for a certain period of time and identify the visitor's terminal device. This is sometimes also done using tracking pixels, which are not stored on the hard drives of users, but can also help in identifying visitors in a similar way as cookies. In the following, the word cookie covers both cookies in the technical sense as well as tracking pixels and similar technical methods.
4.1 Cookie consent tool of CookiePro by OneTrust
When visiting our website for the first time, you will be shown a banner by CookiePro by OneTrust with a cookie consent text. If you provide consent here or in our cookie settings, said consent will be stored in your browser via a selection cookie. This way, we do not have to display this notice every time you visit any page. If said reference is no longer preserved in your browser (e.g. after deleting the browsing history), this notice will once again be displayed when revisiting our website.
In this context, the collected data will not be passed on to the provider of CookiePro and will only be stored by us up until you erase the selection cookie yourself or until the original purpose for data storage no longer applies. Any mandatory statutory retention periods remain unaffected.
CookiePro Consent technology is used to obtain the statutory consents for the use of cookies. The legal basis is Article 6 (1) (c) GDPR.
Cookie List
A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:
Strictly Necessary Cookies
These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will not then work. These cookies do not store any personally identifiable information.
Strictly Necessary Cookies
Cookie Subgroup Cookies Cookies used
api-shop.lapp.com ROUTE
First Party
lapp.com OptanonConsent , OptanonAlertBoxClosed
First Party
www.lapp.com JSESSIONID , recentlyViewedProducts
First Party
eu.auth0.com
__cf_bm Third Party
login.lapp.com
did, __cf_bm, auth0, auth0_compat, did_compat Third Party
Performance Cookies
These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited our site, and will not be able to monitor its performance.
Performance Cookies
Cookie Subgroup Cookies Cookies used
lapp.com emos_jcvid
First Party
Targeting Cookies
These cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.
Targeting Cookies
Cookie Subgroup Cookies Cookies used
www.lapp.com uslk_umm_1798_s
First Party
youtube-nocookie.com
CONSENT Third Party
4.2 Configurators cookie list
In addition to the cookies listed in Section 4.2, the following cookies are used for the configurators:
Strictly Necessary Cookies
Cookie Subgroup Cookies Cookies used Lifespan
configurator.lapp.com JSESSIONID 1st Party session-related
https://lapp.com/ Nginxp_fe 3rd Party 1 day
Performance Cookies
Cookie Subgroup Cookies Cookies used Lifespan
lapp.com emos_jcvid 1st Party 730 days
5. Website optimisation
5.1 Econda
To design our website tailored to needs and for the optimisation of this website, solutions and technologies of econda GmbH, Zimmerstr. 6, 76137 Karlsruhe, Germany, collect and store pseudonymised data and use this data to create usage profiles from pseudonyms created.
econda anonymises the data when it is recorded by truncating the IP address, meaning that it is not possible to assign it to a specific user when used according to its intended purpose. The anonymised data remains on the econda servers and can only be accessed there by us. This aggregated data enables us to analyse visitor flows and click paths, for example, without being able to assign them to a specific user. The servers are exclusively located in Germany.
For this purpose, cookies can be used, cf. Chapter 4, which enable the recognition of a browser. However, user profiles are not compiled with data of the person behind the pseudonym without the express permission of the visitor. IP addresses in particular are made unrecognisable immediately after the user has accessed the website, making it impossible to assign user profiles to IP addresses. Visitors to this website can object to the recording and storage of this data for the future at any time, here.
The data is stored for a period of ten (10) years.
5.2 Google Tag Manager
We use Google Tag Manager on our website. Google Tag Manager is a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (Google).
With Google Tag Manager, we can integrate various codes and services on our website in an orderly and simplified manner. Google Tag Manager implements the tags or 'triggers' the integrated tags. When a tag is triggered, Google may collect information (including personal data) and process it. It cannot be ruled out that Google will also transmit the information to a server in a third country.
In particular, the following personal data is processed by Google Tag Manager:
• online identifiers (including cookie identifiers);
• IP address.
The legal basis for using Google Tag Manager is Art. 6 (1) (a) GDPR, provided you have consented to its use via the cookie consent tool or the cookie settings.
You can find more detailed information about Google Tag Manager on the websites https://www.google.de/tagmanager/use-policy.html and under https://www.google.com/intl/de/policies/privacy/index.html the section 'Data that we receive as a result of your use of our services'.
Furthermore, we have concluded an order processing contract with Google for the use of Google Tag Manager pursuant to Art. 28 GDPR. Google processes the data on our behalf in order to trigger the stored tags and to display the services on our website. Google may transmit this information to third parties if this is legally required or if third parties process this data on behalf of Google.
By integrating Google Tag Manager, we are pursuing the purpose of being able to integrate various services in a simplified and clear manner. In addition, the integration of Google Tag Manager optimises the loading times of the various services.
Information on the third-country transfer taking place can be found below in Chapter 8.2 Third-country transfer.
5.3 Google Ads
We have integrated Google Ads on our website. The operator of the Google Ads services is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (Google).
Google Ads is an Internet advertising tool, which allows us to show ads in both Google search engine results as well as within the Google advertising network. Google Ads allows us to predefine keywords that ensure that ads are shown in the Google search engine results if you use a search word that is related to the keyword. Within the Google advertising network, the ads are distributed to topically relevant websites by means of an automatic algorithm, taking into consideration the predefined keywords.
Google uses the collected data and information to create visitor statistics for our website. We, in turn, use these visitor statistics to determine the total number of users mediated to us through Ads advertisements, i.e. to assess the success or failure of the corresponding Ads advertisements and thus optimise our Ads advertisements in future. Neither LAPP nor other Google Ads customers receive information from Google that can help identify data subjects.
If you still wish to object to Google Ads, you can generally disable it by making the necessary settings at www.google.com/settings/ads.
You can find further information on Google Ads and the Google Privacy Policy at: www.google.com/privacy/ads/
Information on the third-country transfer taking place can be found below in Chapter 8.2 Third-country transfer.
5.4 Google retargeting
Through our cookie consent tool, a so-called conversion cookie can be stored on your IT system. Refer to Section 4 of this Privacy Notice for an explanation of what cookies are. The retargeting function of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (Google) can be used with the help of this conversion cookie.
This feature generally aims to present interest-based ads to visitors of a website within the Google advertising network. If you visit our website and then visit a website within Google's advertising network, you may be shown advertisements from LAPP. The purpose behind Google Retargeting is thus to advertise our website by displaying advertising that is tailored to interests on the websites of third-party companies and in the Google search engine results.
The legal basis for data processing when using Google Retargeting is Article 6 (1) lit. a GDPR, if you consented to the use of conversion cookies through the cookie consent tool or in the cookie settings. A conversion cookie lapses after thirty (30) days.
The conversion cookie is used to store personal information, such as websites visited by a data subject. Whenever you visit our website, personal data, including the IP address of the Internet connection used by the data subject, is transmitted to Google in the United States. Google stores this personal data in the US. Google may under some circumstances share the personal data collected through this technical process with third parties.
If you wish to object to the use of Google Retargeting, you can generally disable conversion cookies at any time, by making the necessary configurations in our cookie settings or at www.google.com/settings/ads.
You can find further information on Google Retargeting and the Google Privacy Policy at: www.google.com/privacy/ads/
Information on the third-country transfer taking place can be found below in Chapter 8.2 Third-country transfer.
6. Compliance with legal requirements
In addition to the previously mentioned purposes, we also process your data to fulfil legal requirements. We are subject to a variety of legal obligations. These are primarily legal requirements (e.g. from commercial and tax laws), but also, if applicable, regulatory or other official requirements. These include, in particular, the fulfillment of tax control and reporting obligations as well as archiving and documentation obligations.
The legal basis for the processing is Article 17 (3) (b) GDPR and Article 6 (1) (c) GDPR.
7. Law enforcement and legal defence
We may also process your personal data in order to assert our rights and to be able to enforce our legal claims and/or to be able to defend ourselves against legal claims and/or to the extent necessary to prevent or prosecute criminal offences.
The legal basis for the processing is Article 17 (3) (e) GDPR and Article 6 (1) (c) GDPR. Our legitimate interest lies in law enforcement and legal defence.
8. Recipients of personal data
We share your data to the extent necessary with service providers we use which support us in providing our services.
8.1 Recipient categories
The categories of recipients of your data are stated below. These are, in particular:
• IT service providers which, inter alia, store data and support the administration and maintenance of IT systems;
• logistics service providers, e.g. to deliver our products;
• payment service providers/banks;
• public bodies and institutions, to the extent that we are legally obligated to do so.
Furthermore, your personal data will also be passed on to our affiliated companies within our global group, to the extent that they work for us as processors and, for example, provide IT services or insofar as such is necessary for the provision of our services. The transfer takes place to the extent that this data is lawful for the fulfillment of our contractual and legal obligations or on the basis of our legitimate interests in accordance with Article 6 (1) (f) GDPR. This can be for economic, administrative or other internal business management purposes; this only applies if such are not overridden by your interests or fundamental rights and freedoms which require the protection of personal data.
8.2 Third-country transfer
As part of the use of certain tools stated, your personal data will also be transmitted to a third country in compliance with the requirements of Article 44 et seqq. GDPR. If third-country service providers are used, they are usually obligated to comply with the data protection level of the European Union and United Kingdom through the agreement of the EU and UK standard data protection clauses (if necessary in connection with additional guarantees) adopted by the European Commission and UK Information Commissioner’s Office. The standard data protection clauses are freely available on the Internet on the website of the European Commission and UK ICO.
Despite these contractual and technical measures, it may arise that the level of data protection in the third country does not correspond to that of the European Union. The legal basis for the international data transfer that then takes place is your consent pursuant to Article 49 (1) sentence 1 (a) GDPR, which you provide by granting consent in the cookie banner (or other forms, registrations, etc.). Above all, there is a risk – especially in the case of data transfer to the US – that your personal data may possibly be processed by authorities for control and monitoring purposes, even without sufficient legal remedies being available, without us as the data exporter or you as the data subject being aware of such.
9. Security
Both we and our service providers take the necessary technical and organisational security precautions to protect your personal data under our control against both accidental and intentional manipulation, loss, and destruction, as well as against access by unauthorised parties. Our data processes and security measures are continuously improved to keep up with technological advancements.
Personal data that is exchanged between you and us or other involved companies is generally transmitted via encrypted connections that correspond with the state-of-the-art.
Our employees and any commissioned service providers are – of course – bound to confidentiality.
10. Automated decisions in individual cases / profiling
We process personal data in order to create customer profiles with the purpose of optimising marketing campaigns, offers and services. We do not use procedures for automated decision-making / profiling that have a legal effect on you or significantly affect you in a similar way.
11. Obligation to provide data
You are only required to provide the data that is necessary for the business relationship with us or that we are legally obligated to collect. Without this data, we shall not be able to enter into a business relationship with you or provide you with our services. Personal data that we inevitably need for the purposes mentioned above are marked as such. We process all data provided voluntarily on the basis of your consent in accordance with Article 6 (1) (a) GDPR and/or Article 6 (1) sentence 1 (f) GDPR. Our legitimate interest is the further development of our products and services.
12. Links to other Internet websites
Our website contains links to other websites. We have no influence over operators of these websites complying with data protection regulations, including the GDPR. Even after carefully reviewing the content, we cannot assume any liability for external links to third-party content, either. For more information on the data processing procedures on these pages, we kindly ask you to review the data protection information on the respective websites
13. Your rights
Every natural person whose personal data we process generally (i.e. depending on the respective conditions) has the following rights towards us:
• If you have any questions about the ways in which we process your personal data, we would be happy to provide you with information about your personal data we store, free of charge and at any time (Article 15 GDPR, for UK data subjects possibly with the restrictions under s.45 Data Protection Act 2018 (UK), and for ROI data subjects possibly with the restrictions under [ ] applying).
• You have the right to rectification of incorrect and completion of incomplete data (Article 16 GDPR).
• You have a right to the blocking/restriction of processing or erasure of any of your personal data that is no longer required or was stored to comply with statutory obligations (Articles 17 and 18 GDPR).
• You have the right to data portability in a structured, commonly used, and machine-readable format, if you have provided us said data based on consent or a contract concluded between us (Article 20 GDPR).
• You have the right to object to the processing of your data for direct marketing purposes at any time (Article 21 (2 and 3) GDPR).
• You have the right to object to the processing of personal data on the basis of a legitimate interest, with us having the opportunity to demonstrate compelling legitimate grounds for the processing (Article 21 (1) GDPR). Please refer to earlier sections of this Notice to find out when such grounds exist.
• If you have given your consent to data processing, you can withdraw said consent at any time with effect for the future. In other words, the lawfulness of data processing up to the time of withdrawal shall remain unaffected. After withdrawing your consent, you may no longer be able to use our services.
You additionally have the right to lodge a complaint with a supervisory authority (UK data subjects may direct complaints to the UK Information Commissioner’s Office) (Article 77 GDPR). We do, however, recommend you first direct your complaint to us.
Please submit your request in writing (using the keyword: data protection) or by email, using the contact details specified at the beginning of this Policy. We reserve the right to verify your identity so that your personal data does not become known to unauthorised persons.
Note on your right to object to the processing of your personal data at any time
You have the right to object to the processing of your personal data — as required to safeguard your legitimate interests — at any time on grounds relating to your particular situation. Please send your objection and the reasons for it to:
Lapp Limited (UK & Eire), 88 Crawford Street, London, W1H 2EJ, UK phone: +44 20 8758 7800, email: sales.uk.luk@lapp.com We will check without undue delay, but at the latest within one month of receiving your objection, whether we are obliged to delete your data on the basis of the grounds specified or whether further processing of your data by us is necessary to protect overriding interests worthy of protection or to assert, exercise or defend legal claims. We will inform you of the result of our assessment in writing or another text form.
14. Retention obligations
If you no longer use our services and send us a deletion request, we will delete all personal data except for some categories to fulfill our legal retention obligations. This data will be deleted without undue delay after expiry of said retention periods, without you having to again request deletion.
If retention of your personal data is required, said retention is mandatory for the following purposes and to comply with the following laws:
• To meet retention periods under commercial and tax law . The statutory retention periods vary between six (6) and fifteen (15) years.
• To safeguard proper disaster recovery, to carry out IT audits: General Data Protection Regulation (GDPR) and general civil law.
• Receivables and evidence management: General Data Protection Regulation (GDPR) and general civil law.
15. Changes
Occasionally, we need to make changes to the present Privacy Notice. We reserve the right to do so at any time. The updated version of the Privacy Notice will be published here. Whenever you visit us, you should therefore read through this Privacy Notice again.
Version 3
Reviewed 23 August 2024