Status July 2022
Thank you for visiting our website and for your interest in our company. We consider data protection to be a customer-oriented quality standard. The protection of your personal data and the protection of your personal rights are important to us.
With this data protection declaration, we would like to transparently inform all visitors to our website about the type, scope, and purpose of the personal data which we collect, use and process, and to inform you about the rights to which you are entitled.
In principle, the use of our website is possible without the provision of personal data. However, should you make use of our company's services via our website, the processing of your personal data may become necessary.
The data collected automatically when you visit our website and/or which you enter when you use our services will be processed in accordance with the current legal provisions for the protection of personal data.
1. Contact Information for the Controller
Responsible person in the sense of thebasic data protection regulation is:
LEIPA Group GmbH
Phone: +49 3332 24-00
Appointed Data Protection Officer:
Phone: +49 8232 80988-70
2. Collection of general access information
Every time you visit our website, server log file information that your browser transmits to us is automatically recorded. This includes:
- IP address (Internet Protocol address) of the accessing computer
- the website from which you are visiting us (referrer)
- our website you are visiting
- the date and duration of the visit
- browser type and browser settings
- operating system
Please note that this data cannot be attributed to a specific person. We use this technical access information exclusively for the following purposes:
- to improve the attractiveness and usability of our websites,
- to detect technical problems on our website at an early stage.
- to deliver the content of our website correctly,
- and to provide law enforcement authorities with the information necessary for law enforcement in the event of a cyber-attack.
This data is stored for a maximum of 7 days as a technical precaution to protect the data processing systems against unauthorised access.
3. Collection and forwarding of personal data
We use your personal data only for the purposes stated on this data protection information page.
The following input masks exist on our website for the collection of personal data:
3.1 Contact Fields on Our Website
3.2.1 Contact by e-mail or contact form
On our website we offer you the option to contact us by e-mail and/or via a contact form. If you contact us by e-mail or via contact form, the personal data transmitted by you will be stored automatically. Such personal data, which you voluntarily provide to us, will be stored for the purpose of processing your inquiry or contacting the person concerned. This personal data is not passed on to third parties.
3.2.2 Career portal (online application)
You can apply online for open positions on our career portal. The portal is operated by the company softgarden e-recruiting GmbH, Tauentzienstraße 14, 10789 Berlin (hereinafter: softgarden) on our behalf. We have concluded an order processing contract with softgarden in which we obligate softgarden to protect the applicants' data and not to pass it on to third parties. At the following internet address you will find detailed information about the data protection regulations of softgarden.
3.2.3 Comment function
In parts it is possible on our website to comment on published articles. This should be done under a clear name, can also be done under a pseudonym, only a functional email address is required. This is not publicly visible, but can be viewed by authorized employees and representatives of the LEIPA Group.
Information entered via the comment function (incl. the name given) may be made public under certain circumstances and after editorial review and is thus also accessible to search engines (e.g. Google); this data may thus be visible and findable throughout the Internet.
The IP address of your terminal device used when using the comment function is logged. This information may also be used in particular to clarify possible misuse of the comment function.
The legal basis for data processing is Art. 6 para. 1 sentence 1 lit. a and b DSGVO. In this context, the use of the comment function is considered consent according to Art. 6 para. 1 sentence 1 lit. a DSGVO. You can revoke your consent at any time. Comments and associated information can be deleted in the process. To do so, please contact the data protection officer of the LEIPA Group informally by e-mail.
4. What are cookies used for?
5. Deletion, Blocking, and Duration of the Storage of Personal Data
We process and store your personal data only for the period of time required to achieve the respective storage purpose or as provided for by law. After discontinuation of a storage purpose or after expiry of the storage period provided for by law, the personal data is routinely blocked or deleted from further processing in accordance with the statutory provisions.
6. Data Protection Rights of the Affected Person
If you have any questions about your personal data, you can contact us in writing at any time. You have the following rights under DS-GMO:
6.1 The Right to Information (Sub-itemArt. 15 DS-GVO)
You have the right to receive at any time information regarding which categories and information about your personal data are processed by us, for what purpose, how long and according to which criteria these data are stored, and whether an automated decision-making including profiling is applied in this context. You also have the right to know the identities of recipients or categories of recipients to which your data has been or is still being disclosed: in particular, recipients in third countries or international organisations. In this case you also have the right to be informed about appropriate guarantees in connection with the transmission of your personal data.
In addition to the right of appeal to the supervisory authority and the right to information about the origin of your data, you have the right to have your personal data deleted, corrected, and limited, or to object to the processing of your personal data.
In all the above cases, you have the right to request a free copy of your personal data processed by us from the data processor. We are entitled to charge an appropriate administration fee for all further copies that you request, or which go beyond the data subject's right to information.
6.2 The Right of Correction (Art. 16 DS-GVO)
You have the right to request the immediate correction of your incorrect personal data and, taking into account the purposes of the processing, also to request the completion of incomplete personal data by means of a supplementary declaration.
If you wish to exercise your right to rectification, you can contact our data protection officer or the data controller at any time.
6.3 The Right to Deletion (Art. 17 DS-GVO)
You have the right to demand the immediate deletion of your data ("right to be forgotten") especially if the storage of the data is no longer necessary, if you revoke your consent to data processing, if your data was processed unlawfully or was collected unlawfully,or if there is a legal obligation to delete under EU or national law.
However, the “right to be forgotten” shall not apply if there is a predominant right to freedom of expression or information, if data storage is necessary for the fulfilment of a legal obligation (e.g., storage obligations), if archiving purposes prevent deletion, or if storage serves to assert, exercise, or defend legal claims.
6.4 The Right of Limitation (Art. 18 DS-GVO)
You have the right to request that the controller restrict the processing of your data if you dispute the accuracy of the data, if the processing is unlawful, if you refuse to delete your personal data and instead request that processing be restricted, if the requirements for the purpose of processing cease to apply, or if you have objected to the processing in accordance with Article 21(1), as long as it is not yet clear whether there are any legitimate reasons on our part which outweigh yours.
6.5 The Right to Data Transferability (Art. 20 DS-GVO)
You have the right to the transferability of your personal data, which you have provided to our company in the form of a standard format, so that you can have your personal data forwarded to another person in charge without hindrance, provided, for example, that you have given approval and that the processing is carried out using an automated procedure.
6.6 The Right to Object (Art. 21 DS-GVO)
You have the right to object at any time to the collection, processing or use of your personal data for the purposes of direct advertising or market and opinion research as well as general business data processing, unless we can prove compelling reasons worthy of protection for processing which outweigh your interests, rights and freedoms.
Furthermore, you cannot exercise your right of objection if a legal provision provides for the collection, processing or use of the data or obliges the collection, processing or use.
6.7 Right of Appeal to the Data Protection Supervisory Authority (Art. 77 DS-GVO in conjunction with § 19 BDSG)
You have a recognized right to complain to the competent supervisory authority if you believe there has been an infringement involving the processing of your personal data.
6.8 Right to Revoke Consent under Data Protection Law (Art. 7(3) DS-GVO)
You can revoke your consent to the processing of your personal data at any time and without giving reasons. This also applies to the revocation of declarations of consent given to us prior to the entry into force of the EU Data Protection Basic Regulation.
7. Legal Basis of Processing
In the processing of personal data for which we obtain the consent of the data subject, Art. 6 (1) sentence 1a) of the Basic Data Protection Ordinance (DSGVO) serves as the legal basis.
In the processing of personal data required for the performance of a contract to which the data subject is a party, Article 6 (1)sentence 1b) (DSGVO) serves as the legal basis. This regulation also covers processing operations that are necessary to carry out pre-contractual measures.
Insofar as the processing of personal data is necessary to fulfil a legal obligation to which our company is subject, Art. 6 (1) sentence 1c) (DSGVO) serves as the legal basis.
If processing is necessary to protect a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the former interest, Art. 6 (1) sentence 1f) (DSGVO) serves as the legal basis for processing. The legitimate interest of our company lies in the performance of our business activities and in the analysis, optimisation and maintenance of the security of our online offer.
8. Transmission of Data to Third Parties
We generally do not sell or rent user data. A transmission to third parties beyond the scope described in this data protection declaration only takes place if this is necessary for the processing of the respective requested service.
We only transfer data if there is a legal obligation to do so. This is the case if state institutions (e.g., law enforcement authorities) request information in writing or a court order is available.
A transfer of personal data to so-called third countries outside the EU/EEA area does not take place.
9. Legal or Contractual Regulations for the Provision of Personal Data and Possible Consequences of Non-Provision
We hereby point out that in certain cases (e.g., tax regulations) the provision of personal data is prescribed by law or may result from contractual regulations (e.g., information on the contractual partner). For example, for a contract to be concluded, it may be necessary for the person/contractual partner concerned to make his/her personal data available so that we can process his/her request (e.g., order) at all. An obligation to provide personal data exists above all when concluding contracts. If in this case no personal data is provided, the contract cannot be concluded with the person concerned. Before the data subject provides personal data, the data subject may contact our data protection officer or the data controller. The data protection officer or the controller shall then inform the data subject whether the provision of the personal data required is required by law or by contract or is necessary for the conclusion of the contract, and whether in the data subject's case there is an obligation to provide the personal data, or what consequences the failure to provide the data requested will have for the data subject.
10. Existence of Automated Decision-making
As a responsible company, we do without automatic decision-making or profiling in our business relationships.