Privacy Policy

I. Information on the controller / data protection officer

1. Name and address of the controller

The controller within the meaning of the General Data Protection Regulation and other national data protection laws of the member states, as well as other data protection regulations, is:

LHLK Agentur für Kommunikation GmbH
Tegernseer Platz 7
D-81541 München
Geschäftsführer:innen: Dirk Loesch
Telefon: 0049 (0) 89.720 187 0
E-Mail: kommunikation@lhlk.de
Website: www.lhlk.de

2. External data protection officer

Alarmstufe Red GmbH
Bettina Sandrock
St. Georg Straße 44
86911 Dießen
Telefon: 0049 (0) 8807.949596
E-Mail: dsgvo@alarmstufe-red.de
Website: www.alarmstufe-red.de

II. General information on data processing

1. Scope of processing of personal data

We generally collect and use personal data of our users only to the extent necessary to provide a functional website and our content and services. In most cases, the collection and use of personal data of our users takes place only with the consent of the user. An exception applies in cases where prior consent cannot be obtained for factual reasons and the processing of the data is permitted by legal regulations.

2. Legal basis for the processing of personal data

Insofar as we obtain consent from the data subject for the processing of personal data, Article 6 (1) sentence 1 (a) of the EU General Data Protection Regulation (GDPR) serves as the legal basis for the processing of personal data. Article 6 (1) (b) GDPR serves as the legal basis for the processing of personal data necessary for the performance of a contract to which the data subject is a party. This also applies to processing operations necessary to take steps prior to entering into a contract.

If processing of personal data is necessary to fulfil a legal obligation to which our company is subject, Article 6 (1) (c) GDPR serves as the legal basis. In the event that vital interests of the data subject or another natural person require processing of personal data, Article 6 (1) (d) GDPR serves as the legal basis. If the processing is necessary to safeguard a legitimate interest of our company or a third party and the interests, fundamental rights and freedoms of the data subject do not override the aforementioned interest, Article 6 sentence 1 (f) GDPR serves as the legal basis for the processing.

3. Data deletion and retention period

The personal data of the data subject will be deleted or blocked as soon as the purpose of storage no longer applies. Storage may also take place if provided for by the European or national legislator in Union regulations, laws or other regulations to which the controller is subject. The data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or performance of a contract.

III. Provision of the website and creation of log files

1. Description and scope of data processing

Each time our website is accessed, our system automatically collects data and information from the system of the computer with which the website is being accessed.

The following data is collected:

Information about the browser type and version used
The operating system of the user
The IP address of the user
Date and time of access
Websites from which the user’s system was forwarded to our website

The data is also stored in the log files of our system. This data is not stored with other personal data of the user.

2. Legal basis for data processing

The legal basis for the temporary storage of data and log files is Article 6 sentence 1 (f) GDPR.

3. Purpose of data processing

The temporary storage of the IP address by the system is necessary to enable delivery of the website to the user’s computer. For this purpose, the user’s IP address must remain stored for the duration of the session. IP addresses are stored in log files to ensure the functionality of the website. In addition, the data helps us to optimise the website and to ensure the security of our information technology systems. The data is not evaluated for marketing purposes in this context. These purposes also constitute our legitimate interest in data processing pursuant to Article 6 sentence 1 (f) GDPR.

4. Duration of storage

The data will be deleted as soon as it is no longer necessary to achieve the purpose for which it was collected. In the case of the collection of data to provide the website, this is the case when the respective session has ended. If the data is stored in log files, this is the case after seven days at the latest. Data may be stored beyond this period, in which case the IP addresses of the users are deleted or pseudonymised so that they can no longer be attributed to the client that visited the website.

5. Possibility of objecting to data collection or removing data

The collection of data for the provision of the website and the storage of data in log files is absolutely necessary for the operation of the website. As a result, it is not possible for the user to object to the collection of the data.

IV. Use of cookies – banners

1. General information about cookies we use

Our website only uses cookies if you have given your consent to the use of cookies through the cookie banner. Cookies are text files that are stored by the browser or by the browser on the user’s computer system. The information stored in a cookie may include the language settings on a website (we offer you the choice to view the website in German or English) or consent to the use of cookies.

The following distinction is used to better understand what types of cookies exist:

Temporary cookies are automatically deleted when you close the browser and include, in particular, session cookies. They store what is known as a session ID, with which various requests from your browser can be assigned to a single session. This ensure that your computer is recognised when you return to our website. Session cookies are deleted when you log out or close the browser. We collect temporary cookies only when necessary for the service provided.
Permanent cookies remain stored even after the browser is closed. They are automatically deleted after a predetermined period, which may differ depending on the cookie. You can delete cookies at any time in the security settings of your browser. We only collect information above and beyond necessary cookies if you have given your consent by way of the cookie banner. You can also use the cookie banner to revoke consent at any time.
First-party cookies, which are created by us and required for the website to function properly.
Third-party cookies, which are used by commercial entities (third parties) to process user information. We only collect third-party cookies if you have given your consent by way of the cookie banner. You can also use the cookie banner to revoke consent at any time.
Necessary (or essential) cookies are those that are specifically required for the website to function properly.

Statistical and marketing cookies, which are cookies that are used for the purposes of online marketing (in particular the marketing of advertising space, targeted advertising) and the analysis of user behaviour in order to optimise the online offering. These cookies are also used for profiling purposes. Profiling is used to show users content that matches their potential interests. If we use cookies or tracking technologies, we notify you separately in the privacy policy or as part of the consent process. You are free to configure your browser settings as you wish and, for example, refuse to accept third-party cookies or any cookies at all. Please note that this may result in you not being able to use all of the website’s functions.

2. Description and scope of data processing

Cookies store usage data (including the times at which you access the website, the websites you visit, the consent you view) and meta/communication data (device information, IP addresses).

3. Legal basis for data processing

If we ask you to give consent to the processing of your personal data by means of cookies and you consent, the legal basis for the data processing is your consent (Article 6 (1) sentence 1 (a) GDPR). Otherwise, the legal basis for the processing of personal data using cookies is Article 6 (1) sentence 1 (f) GDPR.

4. Storage period

As part of obtaining consent (consent for the use of cookies), we will notify you of the period for which the respective permanent cookies will be stored. As a rule, the storage period can be up to two years.

5. Cookie banner

Our cookie banner contains information about the collection of information. The “Details” section tells you specifically what data is collected, the functionality, the provider and how long it is stored for. The “Essential Cookies” section is activated to ensure that the website is accessible. In addition, the following sections are disabled by default:

YouTube Videos
Google Analytics
Facebook Pixel
LinkedIn Insight Tag

We do not collect data beyond what is technically necessary without receiving your prior consent by way of the cookie banner. You can also use the cookie banner to revoke your consent at any time.

6. Right to object and revoke consent

If the basis for processing personal data through cookies is statutory permission, you can object to the processing at any time. You can object to the processing of your data firstly by changing the settings in your browser (for example by disabling the use of cookies). Please note that certain functions of our website (such as the default language) will then no longer work. We will inform you of the other ways you can object to the processing of your data in the information on the service providers and cookies used.

If the processing of personal data through cookies is based on your consent, you can withdraw this consent at any time. For this purpose, we use a tool to manage cookie consent, which provides you with information about the cookies we use (processing and providers). In addition, you can give and/or revoke your consent in this tool. The declaration of consent is stored by means of a cookie. A cookie is used so that the request for the use of cookies does not have to be made again and we can also prove consent as we are legally obliged to do. The cookie stores the settings you have made in the cookie tool.

V. E-Mail contact

1. Description and scope of data processing

You can use the e-mail address provided to contact us or click on the contact function, which opens an e-mail window in your e-mail program. The personal data of the user transmitted with the e-mail will be stored but will not be passed on to third parties. The data is used exclusively for processing the conversation.

2. Legal basis for data processing

The legal basis for the processing of data transmitted in the course of sending an e-mail is Article 6 (1) sentence 1 (f) GDPR. If the e-mail contact takes place with the intention of entering into a contract, the additional legal basis for the processing is Article 6 (1) sentence 1 (b) GDPR.

3. Purpose of data processing

If you contact us by e-mail, our legitimate interest in processing the data is responding to your message.

4. Duration of storage

The data will be deleted as soon as it is no longer necessary to achieve the purpose for which it was collected. For the personal data sent by e-mail, this is the case when the respective conversation with the user has ended. The conversation has ended when it can be concluded from the circumstances that the matter concerned has been conclusively clarified.

5. Possibility of objecting to data collection or removing data

If you contact us by e-mail, you can object to the storage of your personal data at any time, for example by e-mail. In such a case, the conversation cannot continue and all personal data stored in the course of contacting us will be deleted.

VI. Online Marketing

As part of online marketing, we process personal data for the purpose of displaying advertising or other content intended to be based on the potential interests of users. Another purpose of processing is to judge the effectiveness of the measures and to optimise our website content.

For this purpose, relevant information relating to said content is stored in user profiles. These user profiles are stored in cookies (please also see our information on cookies in this privacy policy). Information stored includes, but is not limited to:

Online networks used
Websites visited
Content viewed
Browser used
Computer system used
Usage times
IP addresses

IP addresses are pseudonymised by shortening the IP address to protect users. The section below contains information about the third-party services used, as well as about the third parties themselves. It then covers the legal basis, the purpose of processing and the storage period.

1. Facebook Pixel

Facebook Pixel will only be activated once you have given us your consent by way of the cookie banner.

a) Service

Facebook Pixel is an analytics service provided by Facebook Ireland Ltd. that connects data from the Facebook network to actions taken through this website. This allows users of the website to see interest-based advertisements (“Facebook ads”) when visiting the social network Facebook or other websites that also use the method. By using this service, we pursue the interest of showing you advertisements of interest to you in order to make our website more interesting for you. For this purpose, your browser automatically establishes a direct connection to the Facebook server. We have no influence on the scope and further use of the data collected through the use of this tool by Facebook and therefore inform you based on what we know: By integrating Facebook Pixel, Facebook receives the information that you have accessed the corresponding pages on our website or have clicked on one of our ads. If you are registered with a Facebook service, Facebook can attribute the visit to your account. Even if you are not registered with Facebook or have not logged in, there is a possibility that the provider will discover and store your IP address and other identifying features.

b) Provider

Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, parent company: Facebook, 1 Hacker Way, Menlo Park, CA 94025, USA; website: https://www.facebook.com; privacy policy: https://www.facebook.com/about/privacy; Opt-Out: https://www.facebook.com/settings?tab=ads

2. Google Analytics

Google Analytics is an analytics service that is activated once you have given us your consent by way of the cookie banner.

a) Service

Our website uses Google Analytics, a web analytics service provided by Google Inc. or Google Ireland Ltd. (“Google”). The information stored in a cookie about your use of our website is usually transmitted to a Google server in the United States and stored there. However, if IP anonymisation is activated on this website, your IP address will be truncated beforehand by Google within member states of the European Union or in other contracting states to the Agreement on the European Economic Area. Only in exceptional cases is the full IP address transmitted to a Google server in the United States and shortened there. On our behalf, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide the website operator with other services related to website and internet use. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.

b) Anbieter

Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; website: https://marketingplatform.google.com/intl/de/about/analytics/; Privacy policy: https://policies.google.com/privacy; Opt-Out: Opt-Out-Plugin: https://tools.google.com/dlpage/gaoptout?hl=de, settings for displaying advertisements: https://adssettings.google.com/authenticated

3. LinkedIn Insight Tag

LinkedIn Insight Tag is a feature of LinkedIn that is activated once you have given us your consent by way of the cookie banner.

a) Service

Our website uses LinkedIn Insight Tag, an analytics service provided by LinkedIn Corporation or LinkedIn Ireland Unlimited Company that connects data from the LinkedIn network to actions taken through this website. By using this service, we pursue the interest of showing you advertisements of interest to you in order to make our website more interesting for you.

b) Anbieter

LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA; website: https://www.linkedin.com; security measures: IP-Masking (Pseudonymisierung der IP-Adresse); Privacy-Policy: https://www.linkedin.com/legal/privacy-policy, Cookie-Policy: https://www.linkedin.com/legal/cookie_policy; Opt-Out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

4. Scope of processing of personal data

The aforementioned online marketing services result in the following personal data being processed:

Usage data (characteristics identifying the user, information about the beginning and end as well as the extent of the respective use, websites visited, information about the content viewed by the user)
Meta/communication data
Location data
Event data (Facebook)

5. Legal basis for the processing of personal data

If you consent to the use of third parties, the legal basis for the processing of your personal data is consent (Article 6 (1) sentence 1 (a) GDPR). Processing does not take place without consent (please also see the section on cookies or cookie settings).

6. Purpose of data processing

We use the above services for the purpose of tracking and remarketing, to make our range of products and services more attractive, to obtain information about our target audience and to measure the success of our ad campaigns.

7. Duration of storage, possibility of objecting to data collection or removing data

The Cookie settings contain information about the duration of cookie storage and how you can withdraw your consent (please see the section on cookies). Please also refer to the data protection declarations of the respective providers (see above) regarding the storage period and your options for objecting to data collection and removing data. You can also disable cookies in your browser settings.

8. Security measures

The IP address is pseudonymised (IP masking).

VII. No social media plug-ins

We do not use social media plug-ins. On our website we simply draw attention to the fact that we have a presence on the social networks Facebook, Instagram, Xing and LinkedIn. If you click on the logo or the name of the social network under “Visit us on:”, you will be redirected to our respective social network channel. By doing so, the data referred to under III. 1. of this privacy policy is transmitted to the respective provider of the social network. We do not know which other data is collected or processed by the respective provider of the social network and have no influence over this.

You can prevent data processing by not clicking on the link under “Visit us on:” or on the logo/icon of the social network. Further information on the purpose and scope of the data collection and its processing by the provider of the social networks can be found in the provider’s privacy policy communicated below. There you will also find further information about your rights in this regard and setting options to protect your privacy.

Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA; https://www.facebook.com/policy.php; weitere Informationen zur Datenerhebung: sowie.
Instagram LLC, 1601 Willow Rd, Menlo Park CA 94025; Privacy information can be found here: https://help.instagram.com/155833707900388
Xing AG, Gänsemarkt 43, 20354 Hamburg, DE; https://www.xing.com/privacy
LinkedIn Corporation, 2029 Stierlin Court, Mountain View, California 94043, USA; https://www.linkedin.com/legal/privacy-policy

VIII. Embedding of videos through Vimeo and YouTube

We also display videos on our website.

1. Vimeo, own server

Videos that are embedded through Vimeo are hosted locally on our own server, so no connection is established to the United States when they are accessed. We use the external video provider Vimeo to display the videos (more on this at https://vimeo.com). If you are logged in as a member of Vimeo, the fact that you accessed video can be attributed to your personal user account. You can prevent this from happening by logging out of your Vimeo user account before using our website and deleting the corresponding cookies from Vimeo. Vimeo’s privacy policy can be found here: https://vimeo.com/privacy.

The legal basis for the transmission of personal data to Vimeo is Article 6 (1) sentence 1 (f) GDPR, whereby our legitimate interest is also in the purpose of data processing to make an attractive offer to visitors to our website. We have concluded a contract with Vimeo in accordance with the EU standard contractual clauses and also incorporate the “Do Not Track” variant, which means that as little personal data as possible is transmitted to the provider.

2. YouTube

Videos that are embedded on our website through YouTube contain a layer informing you that, when the video is selected, data is transferred to the company. The service provider of the video platform YouTube is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. The Google privacy policy can be found here https://policies.google.com/privacy; Opt-Out: Opt-Out-Plugin: https://tools.google.com/dlpage/gaoptout?hl=de, display settings: https://adssettings.google.com/authenticated.

By playing YouTube videos, data about you is transmitted to Google. Personal data may also be transmitted to and processed in the United States. The European Court of Justice has ruled that the United States does not have an adequate level of data protection. We explicitly inform you of this fact. You can then decide whether or not you want to play YouTube videos on our website. We have no influence on the processing of personal data by Google.

For this reason, you will be alerted to this circumstance before playing a YouTube video and can decide whether or not to play the video. If you allow the video to be played, you give us your consent to data processing. You can withdraw your consent at any time by using the cookie settings (please also see our information on cookies).

The legal basis for data processing is your consent in accordance with Article 6 (1) sentence 1 (a) GDPR

IX. Rights of the data subject

If your personal data is processed, you are a data subject within the meaning of the GDPR, and you have the following rights vis-à-vis the controller:

1. Right of access

You can request confirmation from the controller as to whether personal data concerning you is processed by us. If such data is processed, you can request access to the following information from the controller:

(1) the purposes for which the personal data is processed;

(2) the categories of personal data that is processed;

(3) the recipients or categories of recipients to whom the personal data concerning you have been or will be disclosed;

(4) the planned duration of storage of the personal data concerning you or, if specific information is not possible, criteria for determining the storage period;

(5) the existence of a right to rectification or erasure of personal data concerning you, a right to restriction of processing by the controller or a right to object to such processing;

(6) the existence of a right to lodge a complaint with a supervisory authority;

(7) any available information about the origin of the data if the personal data is not collected from the data subject;

(8) the existence of automated decision-making, including profiling, in accordance with Article 22 (1) and (4) GDPR and, at least in these cases, meaningful information about the logic involved and the scope and envisaged consequences of such processing for the data subject. You have the right to request information as to whether your personal data is transferred to a third country or to an international organisation. In this context, you may request to be informed of the appropriate safeguards pursuant to Article 46 GDPR in connection with the transmission.

2. Right to rectification

You have a right to the rectification and/or completion of your data by the controller if the processed personal data concerning you is incorrect or incomplete. The controller must make the correction immediately.

3. Right to restriction of processing

You may request the restriction of the processing of your personal data under the following conditions:

(1) if you dispute the accuracy of the personal data concerning you for a period that enables the controller to verify the accuracy of the personal data;

(2) the processing is unlawful and you oppose the erasure of the personal data and instead request the restriction of the use of the personal data;

(3) the controller no longer needs the personal data for the purposes of the processing, but you need it for the establishment, assertion or defence of legal claims; or

(4) if you have objected to the processing pursuant to Article 21 (1) GDPR and it has not yet been established whether the legitimate reasons of the controller override your reasons. Where the processing of personal data concerning you has been restricted, such data may – with the exception of storage – only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the European Union or a member state. If processing has been restricted in accordance with the above conditions, you will be informed by the controller before the restriction is lifted.

4. Right to erasure

a) Obligation to erase

You may request that the controller erase your personal data without undue delay. The controller is obliged to erase this data without undue delay if one of the following reasons applies:

(1) The personal data concerning you is no longer necessary for the purposes for which it was collected or otherwise processed.

(2) You revoke your consent to which the processing pursuant to Article 6 (1) (a) or Article 9 (2) (a) GDPR, and there is no other legal basis for the processing.

(3) You object to the processing pursuant to Article 21 (1) GDPR and there are no overriding legitimate grounds for the processing, or you file an objection to the processing pursuant to Article 21 (2) GDPR.

(4) The personal data concerning you has been processed unlawfully.

(5) The erasure of personal data concerning you is necessary to fulfil a legal obligation under the law of the European Union or a member state to which the controller is subject.

(6) The personal data concerning you has been collected in relation to information society services offered pursuant to Article 8 (1) GDPR.

b) Information to third parties

If the controller has made the personal data concerning you public and is obliged to erase it pursuant to Article 17 (1) GDPR, the controller must take reasonable steps, including technical measures, taking into account the available technology and the implementation costs, to inform controllers processing the personal data that you, as the data subject, have requested the erasure of all links to such personal data or copies or replications of such personal data.

c) Derogations

The right to erasure does not exist if processing is necessary

(1) to exercise the right to freedom of expression and information;

(2) to fulfil a legal obligation requiring processing under the law of the European Union or a member state to which the controller is subject, or to perform a task carried out in the public interest or in the exercise of official authority vested in the controller;

(3) for reasons of public interest in the field of public health pursuant to Article 9 (2) (h) and (i) and Article 9 (3) GDPR;

(4) for archival purposes in the public interest, scientific or historical research purposes, or for statistical purposes pursuant to Article 89 (1) GDPR, insofar as the right referred to in section a) is likely to render impossible or seriously impair the achievement of the objectives of such processing; or

(5) to assert, exercise or defend legal claims.

5. Right to information

If you have asserted the right to rectification, erasure or restriction of processing against the controller, the latter is obliged to notify all recipients to whom the personal data concerning you has been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves a disproportionate effort. You have the right vis-à-vis the controller to be informed about these recipients.

6. Right to data portability

You have the right to receive the personal data concerning you that you have provided to the controller in a structured, commonly used and machine-readable format. In addition, you have the right to transmit this data to another controller without hindrance from the controller to whom the personal data has been provided, provided that

(1) the processing is based on consent pursuant to Article 6 (1) (a) GDPR or Article 9 (2) (a) GDPR or on a contract pursuant to Article 6 (1) (b) GDPR and

(2) processing is carried out using automated procedures.

In exercising this right, you also have the right to have your personal data transmitted directly from one controller to another, insofar as this is technically feasible. Freedoms and rights of other persons may not be affected thereby. The right to data portability does not apply to processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

7. Right to object

You have the right, on grounds relating to your particular situation, to object at any time to the processing of your personal data which is based on Article 6 (1) (e) or (f) GDPR; this also applies to profiling based on these provisions. The controller no longer processes your personal data unless they can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or for the establishment, exercise or defence of legal claims. If the personal data concerning you is processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for such marketing, including profiling to the extent that it is related to such direct marketing. If you object to the processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes. Notwithstanding Directive 2002/58/EC, you have the option to exercise your right to object in connection with the use of information society services by means of automated procedures using technical specifications.

8. Right to withdraw consent under data protection law

You have the right to revoke your declaration of consent under data protection law at any time. Withdrawal of consent does not affect the lawfulness of the processing carried out on the basis of consent until withdrawal.

9. Automated decision-making in individual cases including profiling

You have the right not to be subject to a decision based solely on automated processing – including profiling – that has legal effect on you or similarly significantly affects you. This does not apply if the decision

(1) is necessary for the conclusion or performance of a contract between you and the controller;

(2) is permitted by the law of the European Union or a member state to which the controller is subject and such law contains reasonable measures to safeguard your rights and freedoms and legitimate interests; or

(3) with your express consent.

However, these decisions may not be based on special categories of personal data pursuant to Article 9 (1) GDPR, unless Article 9 (2) (a) or (g) applies and appropriate measures have been taken to protect your rights and freedoms and legitimate interests. With regard to the cases referred to in (1) and (3), the controller must take reasonable measures to safeguard the rights and freedoms and your legitimate interests, including at least the right to obtain human intervention on the part of the controller, to express your point of view and to contest the decision.

10. Right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the member state of your habitual residence, place of work or place of the alleged infringement, if you believe that the processing of your personal data violates the GDPR. The supervisory authority with which the complaint has been lodged must inform the complainant of the status and results of the complaint, including the possibility of a judicial remedy under Article 78 GDPR.

The complete privacy policy?
download here