Privacy Policy

Lapp Holding SE, Oskar-Lapp-Straße 2, 70565 Stuttgart, Germany, phone: +49 (0)711 78 38 – 01, email: info.de.uil(at)lapp.com (hereinafter referred to as "LAPP", "we", "us", "our" etc.) has drafted this Privacy Notice to inform you about the ways in which we process any personal data during your visit to our website, in communication with us, as well as during your use of online offers.

You can reach our appointed data protection officer at Lapp Holding SE, Data Protection Officer, Oskar-Lapp-Strasse 2, 70565 Stuttgart, Germany, phone: +49 (0)711 78 38 - 01, email: datenschutz.de.lhi(at)lapp.com

1. What personal data do we always collect from you?

1.1 When visiting our website

If you do not register or provide us with any other information, we only collect the personal data that your browser transmits to our server (so-called log files). If you wish to view our website, we collect the following data, which is technically necessary for us to display our website, to establish a connection, and to guarantee system stability and security:

• the IP address of the computer/device with which you access the Internet;
• the date and time of the request;
• time zone difference to Greenwich Mean Time (GMT);
• the website/application from which the request comes;
• the access status/HTTP status code;
• respectively transferred data volumes;
• the browser used;
• the operating system used together with its user interface;
• language and version of the browser software;

This is necessary for us to display our website and to guarantee stability and security. This is in our legitimate interest within the meaning of Article 6 (1) (f) GDPR.

During contract processing, the aforementioned data is stored on the servers of Lapp Service GmbH, Oskar-Lapp-Str. 2, 70565 Stuttgart, Germany. The servers are located in Germany.

Data is stored until the end of the following year and then erased automatically.

Collection of such data for the provision of the website and storage of data in log files is strictly necessary for proper operation of the Internet website. As a result, the user does not have the option to object.

1.2 Phone and video conferencing as well as contact via "Microsoft Teams"

We use Microsoft Teams as a tool to hold phone and/or video conferences and to accept calls to the phone numbers communicated to you (hereinafter collectively referred to as "Online Meetings"). The service provider is Microsoft Ireland Operations, Ltd., One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521, Ireland, which processes the data on our behalf within the meaning of Article 28 GDPR.

Please note that this Privacy Notice only informs you about the processing of your personal data by ourselves if you hold Online Meetings with us. If you access the Internet website of Microsoft Teams, the provider of Microsoft Teams is responsible for data processing. If you wish to receive information about the processing of your personal data by Microsoft, we kindly ask that you access the relevant statement from Microsoft.

Various types of data are processed when using Microsoft Teams. The scope of said data is, among other things, dependent on your data choices before and during your participation in an Online Meeting.

The following personal data is processed:

• the IP address of the computer/device with which you access the Internet;
• information on you as a user: e.g. display name, possibly email address, profile picture (optional), preferred language;
• meeting metadata: e.g. date, time, Meeting ID, phone numbers, location;
• text, audio and video data: you may have the option to use the chat feature in an Online Meeting. To this extent, any text entries you make are processed to display these in the Online Meeting. To make sure that video and audio can be accessed, the data of your device's microphone and any video camera are processed accordingly for the duration of your meeting. You always have the option of disabling or muting your microphone through relevant settings in the Microsoft Teams applications.

The legal basis for data processing when holding Online Meetings is Article 6 (1) (b) GDPR, to the extent that said Meetings where conducted within the context of a contractual relationship.

If the processing of personal data is a key requisite for the use of Microsoft Teams, the legal basis for processing users' personal data is Article 6 (1) (f) GDPR. Our legitimate interest is in this case effectively conducting Online Meetings.

If there is no contractual relationship, the legal basis is still Article 6 (1) (f) GDPR. Our legitimate interest is again effectively conducting Online Meetings.

As a general principle, personal data that is processed due to participation in Online Meetings is not passed on to third parties unless such distribution is intended. Please note that the content of both Online Meetings and in-person meetings is often used to communicate information to customers, interested parties, and third parties, and the distribution of such information is thus intended.

As is necessary, the provider of Microsoft Teams gains awareness of the aforementioned data, if this is intended as part of the agreement on processing between us and Microsoft Teams.

The data processing shall generally not be carried out outside of the European Union (EU), since we have limited our storage locations to data centres in the European Union. However, we cannot guarantee that data is not routed over Internet servers situated outside of the EU. One particular instance of such routing is whenever participants participate in Online Meetings in a non-Member State.

Nevertheless, while being transported over the Internet, the data is encrypted, protecting it from unauthorised third-party access.

2. Cookies

To design our website in the most user-friendly way possible and to display more relevant advertisements to visitors of our website, we and our partners use so-called cookies. Cookies are small files stored on the device of a user. They can capture information for a certain period and identify the device of the user. This is sometimes also done using tracking pixels, which are not stored on the hard drives of users, but can also help in identifying visitors in a similar way as cookies. In the following, the word cookie covers both cookies in the technical sense as well as tracking pixels and similar technical methods.

4. Security

Both we and our service providers take the necessary technical and organisational security precautions to protect personal data under our control against both accidental and intentional manipulation, loss, and destruction, as well as against access by unauthorised parties. Our data processes and security measures are continuously improved to keep up with technological advancements.

Personal data that is exchanged between you and us or other involved companies is generally transmitted via encrypted connections that correspond with the state-of-the-art.

Our employees and any commissioned service providers are – of course – bound to confidentiality.

5. Links to other Internet websites

Our website contains links to other Internet websites. We have no influence over operators of these websites complying with data protection regulations, including the GDPR. Even after carefully reviewing the content, we can not assume any liability for external links to third-party content, either. For more information on the data processing procedures on these pages, we kindly ask you to review the data protection information on the respective websites.

6. Your rights

Every natural person whose personal data we process generally (i.e. depending on the circumstances) has the following rights towards us:

• If you have any questions about the ways in which we process your personal data, we would be happy to provide you with information about your personal data we store, free of charge and at any time (Article 15 GDPR, possibly with the restrictions under Sec. 34 German Federal Data Protection Act [Bundesdatenschutzgesetz, BDSG] applying).
• You have the right to rectification of incorrect and completion of incomplete data (Article 16 GDPR).
• You have a right to the blocking/restriction of processing or erasure of any of your personal data that is no longer required or was stored to comply with statutory obligations (Articles 17 and 18 GDPR).
• You have the right to data portability in a structured, commonly used, and machine-readable format, if you have provided us said data based on consent or a contract concluded between us (Article 20 GDPR).
• You have the right to object to the processing of your data for direct marketing purposes at any time (Article 21 (2 and 3) GDPR).
• You have the right to object to the processing of personal data on the basis of a legitimate interest, with us having the opportunity to demonstrate compelling legitimate grounds for the processing (Article 21 (1) GDPR). Please refer to earlier sections of this Privacy Notice to find out when such grounds exist.
• If you have given your consent to data processing, you can withdraw said consent at any time with effect for the future. In other words, the lawfulness of data processing up to the time of withdrawal shall remain unaffected. After withdrawing your consent, you may no longer be able to use our services.

You additionally have the right to lodge a complaint with a supervisory authority (Article 77 GDPR). We do, however, recommend you first direct your complaint to us.

Please submit your request in writing (using the keyword: data protection) or by email, using the contact details specified at the beginning of this Privacy Notice. We reserve the right to verify your identity in order to make sure that unauthorised persons do not gain knowledge of your personal data.

7. Retention obligations

If you no longer use our services and send us an erasure request, we will erase all your personal data, with the exception of some categories of data required for us to fulfil our statutory retention obligations. This data will be erased without undue delay after expiry of said retention periods, without you having to again request erasure.

If retention of your personal data is required, said retention is mandatory for the following purposes and to comply with the following laws:

• To meet retention periods under commercial and tax law, underpinned by the following laws: the German Commercial Code [Handelsgesetzbuch, HGB], the German Fiscal Code [Abgabenordnung, AO], and the German Value-Added Tax Act (Umsatzsteuergesetz, UStG). The statutory retention periods vary between six (6) and ten (10) years.
• To safeguard proper disaster recovery, to carry out IT audits: General Data Protection Regulation (GDPR) and the German Civil Code [Bürgerliches Gesetzbuch, BGB]. The statutory retention periods and obligatory documentation periods are three (3) years.
• Receivables and evidence management: General Data Protection Regulation (GDPR) and the German Civil Code. The statutory retention periods and obligatory documentation periods are three (3) years from the end of the calendar year in which the event to be documented took place.

8. Changes

Occasionally, we need to make changes to the present Privacy Notice. We reserve the right to do so at any time. The updated version of the Privacy Notice will be published here. Whenever you visit us, you should therefore read through this Privacy Notice again.

Version 2.01

Last updated 12.12.2022