Privacy Policy

In this data protect notice, Lapp Holding SE, Oskar-Lapp-Straße 2, 70565 Stuttgart, telephone: 0711 78 38 – 01, email: info.de.uil(at)lapp.com (hereinafter ‘LAPP’, ‘we’, ‘us’) would like to inform you about how we process personal data about you during your visit to our website, when you communicate with us and when you use our online offers.

You can contact our appointed data protection officer at Lapp Holding SE, Data Protection Officer, Oskar-Lapp-Straße 2, 70565 Stuttgart, telephone: 0711 78 38 – 01, email: datenschutz.de.lhi(at)lapp.com

1. What personal data do we collect from you?

1.1 Visiting our website

If you do not provide us with any other information, we only collect the personal data that your browser transmits to our server (so-called log files). If you wish to view our website, we collect the following data, which is technically necessary for us to display our website to you and to ensure the establishment of the connection, system stability and security:

• the IP address of your internet-enabled computer;
• the date and time of the request;
• the time zone difference to Greenwich Mean Time (GMT);
• the website/application from which the request is made;
• the access status/http status code;
• the amount of data transferred;
• the browser used;
• the operating system used and its interface;
• the language and version of the browser software.

This is necessary to display our website and to ensure stability and security. This corresponds to our legitimate interest in accordance with Art. 6 Para. 1 lit. f) GDPR.

The aforementioned data is stored on the servers of Lapp Service GmbH, Oskar-Lapp-Str. 2, 70565 Stuttgart. The server is located in Germany.

The data is stored until the end of the following year and then automatically deleted.

The collection of this data for the provision of the website and the storage of the data in log files are essential for the operation of the website. Consequently, there is no right of objection on the part of the user.

1.2 Telephone and video conferences as well as telephony via ‘Microsoft Teams’

We use the Microsoft Teams tool to conduct telephone and/or video conferences and to accept calls to the telephone numbers known to you (hereinafter: ‘online meetings’). The service provider is Microsoft Ireland Operations, Ltd., One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521, Ireland, which processes the data on our behalf in accordance with Art. 28 GDPR.

Please note that this data protection notice only informs you about the processing of your personal data by us when you conduct online meetings with us. When you access the Microsoft Teams website, the provider of Microsoft Teams is responsible for data processing. If you require information about the processing of your personal data by Microsoft, please refer to the relevant Microsoft statement.

When using Microsoft Teams, various types of data are processed. The scope of the data also depends on the information you provide before or during an online meeting.

The following personal data is subject to processing:

• the IP address of your internet-enabled computer;
• Information about you as a user: e.g. display name, email address if applicable, profile picture (optional), preferred language;
• Meeting metadata: e.g. date, time, meeting ID, phone numbers, location;
• Text, audio and video data: You may have the option of using the chat function in an online meeting. In this respect, the text entries you make are processed in order to display them in the online meeting. To enable the display of video and the playback of audio, the data from the microphone of your end device and from any video camera of the end device are processed for the duration of the meeting. You can switch off the camera or mute the microphone yourself at any time via the Microsoft Teams applications.

The legal basis for data processing when conducting online meetings is Art. 6 (1) point b GDPR, insofar as the meetings are conducted within the framework of a contractual relationship.

Insofar as the processing of personal data should be an essential part of using Microsoft Teams, Art. 6 (1) point f GDPR is the legal basis for data processing. In these cases, we have an interest in the effective execution of online meetings.

If there is no contractual relationship, the legal basis is also Art. 6 (1) point f GDPR. Here, too, our interest lies in the effective execution of online meetings.

Personal data processed in connection with participation in online meetings will not be passed on to third parties, unless they are specifically intended for disclosure. Please note that content from online meetings, as with in-person meetings, often serves the specific purpose of communicating information with customers, prospects or third parties and is therefore intended to be shared.

The provider of Microsoft Teams necessarily obtains knowledge of the above-mentioned data to the extent provided for in our contract processing agreement with Microsoft Teams.

Data processing does not take place outside the European Union (EU) as we have limited our storage location to data centres in the European Union. However, we cannot rule out the possibility that data may be routed through internet servers located outside the EU. This may be the case in particular if participants in online meetings are located in a third country.

However, the data is encrypted during transmission over the internet and is thus protected from unauthorised access by third parties.

2. Cookies

We and our partners use cookies to make our website as user-friendly as possible and to make our advertising more relevant to visitors to our website. Cookies are small files that are stored on a visitor's device. They allow information to be stored for a certain period of time and to identify the visitor's end device. This is also done in part using so-called tracking pixels, which are not stored on a visitor's hard drive, but which, in the same way as a cookie, can help to identify the end device. In the following, the term cookie covers both cookies in the technical sense and tracking pixels and similar technical methods.

3. Website optimisation with Econda

To design our website tailored to needs and for the optimisation of this website, solutions and technologies from econda GmbH, Zimmerstr. 6, 76137 Karlsruhe, Germany, collect and store pseudonymised data and use this data to create usage profiles from pseudonyms created.

Econda anonymises the data when it is recorded by truncating the IP address, meaning that it is not possible to assign it to a specific user when used according to its intended purpose. The anonymised data remains on the econda servers and can only be accessed there by us. This aggregated data enables us to analyse visitor flows and click paths, for example, without being able to assign them to a specific user. The servers are exclusively located in Germany.

Cookies which enable a browser to be recognised again may be used for this purpose. See Section 4 in this regard. However, user profiles are not compiled with data of the person behind the pseudonym without the express permission of the visitor. IP addresses in particular are made unrecognisable immediately after the user has accessed the website, making it impossible to assign user profiles to IP addresses. Visitors to this website can object to the recording and storage of this data for the future at any time in the Cookies Settings.

The data is stored for a period of ten (10) years.

4. Security

Both we and our service providers take the necessary technical and organisational security precautions to protect personal data under our control against both accidental and intentional manipulation, loss, and destruction, as well as against access by unauthorised parties. Our data processes and security measures are continuously improved to keep up with technological advancements.

Personal data that is exchanged between you and us or other involved companies is generally transmitted via encrypted connections that correspond with the state-of-the-art.

Our employees and any commissioned service providers are – of course – bound to confidentiality.

5. Links to other Internet websites

Our website contains links to other Internet websites. We have no influence over operators of these websites complying with data protection regulations, including the GDPR. Even after carefully reviewing the content, we can not assume any liability for external links to third-party content, either. For more information on the data processing procedures on these pages, we kindly ask you to review the data protection information on the respective websites.

6. Your rights

Every natural person whose personal data we process generally (i.e. depending on the circumstances) has the following rights towards us:

• If you have any questions about the ways in which we process your personal data, we would be happy to provide you with information about your personal data we store, free of charge and at any time (Article 15 GDPR, possibly with the restrictions under Sec. 34 German Federal Data Protection Act [Bundesdatenschutzgesetz, BDSG] applying).
• You have the right to rectification of incorrect and completion of incomplete data (Article 16 GDPR).
• You have a right to the blocking/restriction of processing or erasure of any of your personal data that is no longer required or was stored to comply with statutory obligations (Articles 17 and 18 GDPR).
• You have the right to data portability in a structured, commonly used, and machine-readable format, if you have provided us said data based on consent or a contract concluded between us (Article 20 GDPR).
• You have the right to object to the processing of your data for direct marketing purposes at any time (Article 21 (2 and 3) GDPR).
• You have the right to object to the processing of personal data on the basis of a legitimate interest, with us having the opportunity to demonstrate compelling legitimate grounds for the processing (Article 21 (1) GDPR). Please refer to earlier sections of this Privacy Notice to find out when such grounds exist.
• If you have given your consent to data processing, you can withdraw said consent at any time with effect for the future. In other words, the lawfulness of data processing up to the time of withdrawal shall remain unaffected. After withdrawing your consent, you may no longer be able to use our services.

You additionally have the right to lodge a complaint with a supervisory authority (Article 77 GDPR). We do, however, recommend you first direct your complaint to us.

Please submit your request in writing (using the keyword: data protection) or by email, using the contact details specified at the beginning of this Privacy Notice. We reserve the right to verify your identity in order to make sure that unauthorised persons do not gain knowledge of your personal data.

7. Retention obligations

If you no longer use our services and send us an erasure request, we will erase all your personal data, with the exception of some categories of data required for us to fulfil our statutory retention obligations. This data will be erased without undue delay after expiry of said retention periods, without you having to again request erasure.

If retention of your personal data is required, said retention is mandatory for the following purposes and to comply with the following laws:

• To meet retention periods under commercial and tax law, underpinned by the following laws: the German Commercial Code [Handelsgesetzbuch, HGB], the German Fiscal Code [Abgabenordnung, AO], and the German Value-Added Tax Act (Umsatzsteuergesetz, UStG). The statutory retention periods vary between six (6) and ten (10) years.
• To safeguard proper disaster recovery, to carry out IT audits: General Data Protection Regulation (GDPR) and the German Civil Code [Bürgerliches Gesetzbuch, BGB]. The statutory retention periods and obligatory documentation periods are three (3) years.
• Receivables and evidence management: General Data Protection Regulation (GDPR) and the German Civil Code. The statutory retention periods and obligatory documentation periods are three (3) years from the end of the calendar year in which the event to be documented took place.

8. Changes

Occasionally, we need to make changes to the present Privacy Notice. We reserve the right to do so at any time. The updated version of the Privacy Notice will be published here. Whenever you visit us, you should therefore read through this Privacy Notice again.

Version 2.01

Last updated 12.12.2022