Data privacy statement

Lemonize
Privacy

Data protection

I. NAME AND ADDRESS OF THE CONTROLLER

The controller within the meaning of the General Data Protection Regulation and other national data protection laws of the member states as well as other data protection regulations is:

Lemonize GmbH
Kleiststraße 45
89077 Ulm
Germany
Phone: +49 731 602 601 00
E-Mail: info@lemonize.de
Website: www.lemonize.de

II. NAME AND ADDRESS OF THE DATA PROTECTION OFFICER

The data protection officer of the controller is:

Horst Löpprich
Kleiststraße 45
89077 Ulm
Germany
Phone: +49 731 602 601 009
E-Mail: horst.loepprich@lemonize.de
Website: www.lemonize.de

III. GENERAL INFORMATION ON DATA PROCESSING

1. SCOPE OF THE PROCESSING OF PERSONAL DATA

We process personal data of our users insofar as this is necessary to provide a functional website, our content and services and for advertising purposes. The processing of our users' personal data only takes place regularly with the user's consent. An exception applies in cases where prior consent cannot be obtained for factual reasons and the processing of the data is permitted by law.

2. LEGAL BASIS FOR THE PROCESSING OF PERSONAL DATA

Insofar as we obtain the consent of the data subject for the processing of personal data, Art. 6 para. 1 lit. a EU General Data Protection Regulation (GDPR) serves as the legal basis.

When processing personal data that is necessary for the performance of a contract to which the data subject is a party, Art. 6 para. 1 lit. b GDPR serves as the legal basis. This also applies to processing operations that are necessary to carry out pre-contractual measures.

Insofar as the processing of personal data is necessary to fulfill a legal obligation to which our company is subject, Art. 6 para. 1 lit. c GDPR serves as the legal basis.

In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 para. 1 lit. d GDPR serves as the legal basis.

If the processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the first-mentioned interest, Art. 6 para. 1 lit. f GDPR serves as the legal basis for the processing.

3. DATA ERASURE AND STORAGE DURATION

The personal data of the data subject will be deleted or blocked as soon as the purpose of storage no longer applies. Data may also be stored if this has been provided for by the European or national legislator in EU regulations, laws or other provisions to which the controller is subject. The data will also be blocked or erased if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or fulfillment of a contract.

IV. PROVISION OF THE WEBSITE AND CREATION OF LOG FILES

1. DESCRIPTION AND SCOPE OF DATA PROCESSING

Each time our website is accessed, our system automatically collects data and information from the computer system of the accessing computer.

The following data is collected:

- The user's operating system

- The IP address of the user

- Date and time of access

- Websites from which the user's system accesses our website

- Websites that are accessed by the user's system via our websiteThe data is also stored in the log files of our system. This data is not stored together with other personal data of the user.

The data is also stored in the log files of our system. This data is not stored together with other personal data of the user.

2. LEGAL BASIS FOR DATA PROCESSING

The legal basis for the temporary storage of data and log files is Art. 6 para. 1 lit. f GDPR.

3. PURPOSE OF THE DATA PROCESSING

The temporary storage of the IP address by the system is necessary to enable the website to be delivered to the user's computer. For this purpose, the user's IP address must remain stored for the duration of the session.

The data is stored in log files to ensure the functionality of the website. We also use the data to optimize the website and to ensure the security of our information technology systems. The data is not analyzed for marketing purposes in this context.

These purposes also constitute our legitimate interest in data processing in accordance with Art. 6 para. 1 lit. f GDPR.

4. DURATION OF STORAGE

The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended.

If the data is stored in log files, this is the case after seven days at the latest. Storage beyond this period is possible. In this case, the IP addresses of the users are deleted or anonymized so that it is no longer possible to identify the accessing client.

5. RIGHT OF OBJECTION AND REMOVAL

The collection of data for the provision of the website and the storage of data in log files is absolutely necessary for the operation of the website. Consequently, the user has no option to object.

V. USE OF COOKIES

A) DESCRIPTION AND SCOPE OF DATA PROCESSING

Our website uses cookies. Cookies are small blocks of data that are created by a web server while a user is browsing a website and are stored by the user's web browser on their end device.

Essential and non-essential (functional) cookies

Essential cookies enable the correct use of the website, in particular the transmission or security of the connection. Non-essential or functional cookies can be used to save the user's preferences and use them on the next visit (e.g. enabling services), for statistical purposes (e.g. to count the number of visitors) or for marketing purposes (e.g. to collect information about the materials downloaded from the Lemonize website in order to recognise the user's interests).

Session cookies and persistent cookies

Session cookies help you navigate efficiently through the website and track your path from page to page so that you do not have to be asked for information that you have already entered during the current session. Session cookies are stored in the browser's temporary memory and are deleted when the web browser is closed. No explicit consent is required for the use of session cookies.

Persistent cookies, on the other hand, store user preferences for current and subsequent visits. They are stored in your device's non-volatile memory (usually on the hard drive) and are still valid when you restart your browser. Persistent cookies are often used to track user behaviour and to place targeted advertising. Explicit consent is usually required for the use of persistent cookies.

First-party and third-party cookies

First-party cookies are set by the website owner, who is responsible for informing the website user about the purpose of the data processing and for obtaining the user's consent. Third-party cookies are set by some third-party plug-ins, and both the website owner and the third-party provider are jointly responsible for informing the user of the purpose of the data processing and for obtaining the user's consent.

We use cookies to improve the user-friendliness of our website and for advertising and analytical purposes. Some elements of our website require that the accessing browser can be identified even after a page change.

In principle, you will be informed in advance about the use of cookies when you visit our website and can individually configure which cookies are used.

Cookies and services used on our website:

Essential

  • klaro: Cookie of our Consent Management System which stores information about the services for which consent has been given.

  • statamic_session: Cookie of the content management system which authenticates the visitor to access the website. Personal data is not processed.

  • XSRF-TOKEN: Cookie of the content management system to improve the security of the site by preventing cross-site request forgery attacks.

Functional

  • Google Maps: This map service provided by Google LLC (1600 Amphitheatre Parkway Mountain View, CA 94043, United States of America) is used to display interactive maps on the website.

    • Purpose of the data: Display of interactive maps

    • Data collected by the service:

      • Date and time of the visit

      • Location information

      • IP address

      • URL

      • Usage data

      • Search terms

      • Geographical location

    • Legal basis for the processing of the data: After consent of the user Art. 6 para. 1 sentence 1 lit. a GDPR

    • Recipient of the collected data: Alphabet Inc, Google LLC, Google Ireland Limited

    • Duration of storage, objection and removal options: The data will be deleted as soon as it is no longer required for the purpose for which it was collected.

    • Further information: https://policies.google.com/technologies/cookies?hl=de

    • Technology used: API

Marketing

  • Google Ads: This advertising service provided by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) is used to display personalised or non-personalised advertising to users. By selecting Google adverts that refer to our website, Google sets a cookie that is analysed by us for various purposes. Among other things, this enables us and Google to track whether visitors have reached our website via Ads adverts.

    • Purpose of the data: Advertising, analysis, provision of services, statistics

      • Personal data collected by the service:

        • Viewed adverts

        • Cookie ID

        • Date and time of the visit

        • Device information

        • Geographic location

        • IP address

        • Search terms

        • Displayed adverts

        • Customer ID

        • Impressions

        • Online identifiers

        • Browser information

      • Legal basis for the processing of data: After consent of the user Art. 6 para. 1 sentence 1 lit. a GDPR

      • Recipients of the collected data: Alphabet Inc, Google LLC, Google Ireland Limited

      • Duration of storage, objection and removal options: The data is deleted as soon as it is no longer required for the purpose for which it was collected. You can object to interest-based advertising by Google at any time by clicking on the following opt-out link https://adssettings.google.com/

      • Further information: https://policies.google.com/technologies/cookies?hl=de

      • Technology used: Cookie

  • Google Ads Conversion: This is a conversion marketing service provided by Google Ireland Limited (G Gordon House, Barrow Street, Dublin 4, Ireland), which can be used to measure the success of advertising campaigns.

    • Purpose of the data: Advertising, conversion tracking

    • Personal data collected by the service:

      • Cookie ID

      • Date and time of the visit

      • Device information

      • IP address

      • Information about the operating system

      • Referrer URL

      • Web request

      • Browser information

    • Legal basis for the processing of data: After consent of the user Art. 6 para. 1 sentence 1 lit. a GDPR

    • Recipient of the collected data: Alphabet Inc, Google LLC, Google Ireland Limited

    • Duration of storage, objection and removal options: The data will be deleted as soon as it is no longer required for the purpose for which it was collected.

    • Further information: https://policies.google.com/technologies/cookies?hl=en-US

    • Technology used: Cookie

  • Google Ads Remarketing: This is a remarketing service provided by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) to display targeted advertising to users on other websites even after they have visited the website. Remarketing allows users of the website to see interest-based adverts on other websites within the Google Display Network, for example in Google Search or on YouTube. Google Ads Remarketing allows users to be shown targeted adverts even after they have left the website they have already visited.

    • Purpose of the data: Remarketing, advertising, tracking user action

    • Personal data collected by the service:

      • Visit Duration

      • IP address

      • Pages visited

      • Content in which the user is interested

      • Website usage

      • Referrer URL

      • Advertising identifier

      • Date and time of the visit

      • Device information

      • Browser information

    • Legal basis for the processing of data: After consent of the user Art. 6 para. 1 sentence 1 lit. a GDPR

    • Recipients of the collected data: Alphabet Inc, Google LLC, Google Ireland Limited

    • Duration of storage, possibility of objection and removal: The duration of the storage of the data is as long as the duration of the stated processing purposes of the data. If the data is no longer required for the specified processing purposes, it will be deleted.

    • Further information: https://policies.google.com/technologies/cookies?hl=en-US

    • Technology used: Cookie

  • LinkedIn Insights Tag: This is a conversion tracking and retargeting service provided by LinkedIn Ireland Unlimited Company (Wilton Place, Dublin 2, Ireland). The LinkedIn Insights Tag makes it possible to analyse the behaviour of users who reach our website via LinkedIn.

    • Purpose of the data: Marketing, retargeting, analysis

    • Personal data collected by the service:

      • Device information

      • IP address

      • Referrer URL

      • Timestamp

      • Browser information

    • Legal basis for the processing of data: After consent of the user Art. 6 para. 1 sentence 1 lit. a GDPR

    • Recipient of the collected data: LinkedIn Ireland Unlimited Company

    • Duration of storage, objection and removal options: The data will be deleted as soon as it is no longer required for the purpose for which it was collected. Collected data will be deleted after 90 days at the latest.

    • Further information: https://www.linkedin.com/legal/cookie_policy?src=li-other&veh=www.linkedin.com

    • Technology used: Cookie

  • Facebook Pixel: This is a tracking technology provided by Meta Platforms Ireland Ltd (4 Grand Canal Square, Grand Canal Harbour, Dublin, D02, Ireland) to analyse visitor interactions with our website after selecting an ad placed on Facebook or other services provided by Meta.

    • Purpose of the data: Analysis, marketing, retargeting, advertising, conversion tracking, personalisation

    • Personal data collected by the service:

      • Viewed adverts

      • Viewed content

      • Device information

      • Geographic location

      • HTTP header

      • Interactions with adverts, services and products

      • IP address

      • Clicked elements

      • Marketing information

      • Pages visited

      • Pixel ID

      • Referrer URL

      • Usage data

      • User behaviour

      • Facebook cookie information

      • Facebook user ID

      • Usage/click behaviour

      • Browser information

      • Device operating system

      • Device ID

      • User Agent

      • Browser type

    • Legal basis for the processing of data: After consent of the user Art. 6 para. 1 sentence 1 lit. a GDPR

    • Recipient of the collected data: Meta Platforms Ireland Ltd, Meta Platforms Inc.

    • Duration of storage, objection and removal options: The data is deleted as soon as it is no longer required for the purpose for which it was collected. The user's recorded interactions on the website are not stored for longer than two years.

    • Further information: https://www.facebook.com/privacy/explanation

    • Technology used: cookie, pixel

Analytics

  • Google Analytics 4: This is a service provided by Google Ireland Limited (G Gordon House, Barrow Street, Dublin 4, Ireland) to analyse the surfing behaviour of our users. GA4 places a cookie on the user's computer (for cookies, see above).

    • Purpose of the data: Tracking, conversion tracking, analysis

    • Personal data collected by the service:

      • The IP address of the user's accessing system

      • The website accessed

      • The website from which the user reached the website accessed (referrer)

      • The subpages that are accessed from the accessed website

      • The time spent on the website

      • The frequency with which the website is accessed

      • Browser

      • Secondary version of the browser

      • User agent string of the browser

      • Operating system

      • Device brand

      • Device model

      • Device name

      • Screen resolution

      • City

    • Legal basis for the processing of data: After consent of the user Art. 6 para. 1 sentence 1 lit. a GDPR

    • Recipient of the collected data: Meta Platforms Ireland Ltd, Meta Platforms Inc.

    • Duration of storage, objection and removal options: The data is deleted as soon as it is no longer required for our recording purposes. IP and cookie information is deleted by Google after 9 and 18 months respectively.

    • Further information: https://policies.google.com/privacy

    • Technology used: Cookie

2. BASIC POSSIBILITY OF OBJECTION AND CANCELLATION

Cookies are stored on the user's computer and transmitted by it to our website. As a user, you therefore have full control over the use of cookies. You can deactivate or restrict the transmission of cookies by changing the settings in your Internet browser. Cookies that have already been saved can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to use all functions of the website to their full extent.

Further information on the privacy settings of the respective services can be found under "Further information" in the descriptions of the services used.

VI. WEB ANALYSIS, ANALYSIS TOOLS AND ADVERTISING

Google Tag Manager

We use Google Tag Manager, which is provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

1. SCOPE OF THE PROCESSING OF PERSONAL DATA

Google Tag Manager allows us to integrate tracking or statistical tools and other technologies on our website. The Google Tag Manager itself does not create any user profiles, does not store any cookies and does not carry out any independent analyses. It is used exclusively to manage and display the tools integrated via it. The Google Tag Manager records an anonymised IP address and can also transmit this to Google's parent company in the USA.

2. LEGAL BASIS FOR THE PROCESSING OF PERSONAL DATA

The Google Tag Manager is used based on Art. 6 para. 1 lit. f GDPR. If consent has been requested, the processing is carried out exclusively on the legal basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user device (e.g. device fingerprinting) within the meaning of the TTDSG. This declaration of consent can be revoked at any time.

3. PURPOSE OF DATA PROCESSING

As the operator of the website, Lemonize GmbH has a legitimate interest in integrating and managing various tools for analysis and marketing purposes on its website in a quick and easy way.

Google LLC is certified according to the "EU-US Data Privacy Framework" (DPF). The DPF is an agreement between the European Union and the USA which is intended to ensure that European data protection standards are complied with when processing data in the USA. Every company that is certified under the DPF undertakes to comply with these data protection standards.

You can find more information from the provider at the following link: https://www.dataprivacyframework.gov/list

Google Analytics

This website uses the Google Analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

1. SCOPE OF THE PROCESSING OF PERSONAL DATA

Data, sessions and interactions across multiple devices are assigned to a pseudonymous user ID in order to be able to analyse the activities of a user across devices.

Google Analytics uses so-called "cookies", text files that are stored on your end device and enable your website usage to be analysed. The information generated by the cookie about the use of this website is usually transmitted to a Google server in the USA and stored there.

However, by activating IP anonymisation on this website, your IP address will be shortened beforehand by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. In exceptional cases, however, the full IP address may be transmitted to a Google server in the USA and truncated there.

2. LEGAL BASIS FOR THE PROCESSING OF PERSONAL DATA

The legal basis for the use of Google Analytics is Art. 6 para. 1 lit. a GDPR.

3. PURPOSE OF THE DATA PROCESSING

The IP address transmitted by your browser as part of Google Analytics is not merged with other Google data. The information collected is used by Google on behalf of the operator of this website to analyse the use of the website, to compile reports on the activities on the website and to provide the website operator with further services associated with the use of the website and the Internet.

4. DURATION OF STORAGE

The data sent by us that is linked to cookies, user identifiers (e.g. user ID) or advertising IDs is automatically deleted after 14 months. Data whose retention period has been reached is automatically deleted once a month.

5. POSSIBILITY OF OBJECTION AND REMOVAL

By using a browser plugin, the user can prevent information, including their IP address, which is collected using the cookies set, from being sent to Google Inc. and used by Google Inc. The plugin can be downloaded from the following link: https://tools.google.com/dlpage/gaoptout?hl=en

Further information on the terms of use and data protection can be found at https://www.google.com/analytics/terms/de.html or at https://policies.google.com/?hl=en.

Google Ads and Google Conversion Tracking

This website uses Google Ads, an online advertising programme from Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland.

1. SCOPE OF THE PROCESSING OF PERSONAL DATA

We use conversion tracking as part of Google Ads. This is an analysis service from Google Inc. that links the data from the Google Ads advertising network with actions that are defined for this website.

Personal data such as cookies and usage data are processed. The conversion tracking cookie is set when a user clicks on an advert placed by us on Google Ads. The cookie set has a limited validity and is not used for personal identification.

As long as the cookie has not expired, Google can recognise for our company which ad a visitor was redirected to our website via. It should be noted that each Google Ads customer receives an individual cookie, which prevents tracking via the websites of Google Ads customers.

When using Google Ads, personal data may be transmitted to the servers of Google LLC in the USA. The provider has implemented the standard contractual clauses of the European Union to ensure an adequate level of data protection.

Further information on Google's privacy policy can be found at the following Internet address: https://www.google.de/policies/privacy/

2. LEGAL BASIS FOR THE PROCESSING OF PERSONAL DATA

The use of Google Ads takes place exclusively with your consent in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR.

3. PURPOSE OF THE DATA PROCESSING

Lemonize GmbH uses Google Ads to draw attention to our offers and services with the help of advertising material (so-called Google Ads) on external websites. The information collected through conversion tracking is used to create conversion statistics. Our company thus receives information about the total number of users who were directed to our website via adverts placed by us. The data collected through conversion tracking does not contain any information that allows users to be personally identified. The data collected is used to determine key performance indicators for the respective advertising campaigns and to optimise our website.

4. DURATION OF STORAGE

Google Ads cookies are generally valid for 30 days.

5. OBJECTION AND REMOVAL OPTION

If you do not wish to participate in tracking, you can object to its use by deactivating Google Conversion Tracking in the cookie settings on our website. You will then no longer be included in the conversion tracking statistics.

Please note that some functions of this website may not work or may only work to a limited extent if you deactivate the use of cookies.

Google Ads Remarking

Our website uses the functions of Google Ads Remarketing to advertise this website in Google search results and on third-party websites. The provider is Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland.

1. SCOPE OF THE PROCESSING OF PERSONAL DATA

For this purpose, Google places a cookie in the browser of your end device, which automatically enables interest-based advertising by means of a pseudonymous cookie ID and on the basis of the pages you visit.

Any further data processing will only take place if you have consented to Google linking your Internet and app browsing history to your Google account and using information from your Google account to personalise the ads you visit on the Internet. In this case, if you are logged in to Google while visiting our website, Google will use your data together with Google Analytics data to create and define target group lists for cross-device remarketing. For this purpose, your personal data is temporarily linked by Google with the Google Analytics data in order to create target groups. In the context of the use of Google Ads Remarketing, personal data may also be transferred to servers of Google LLC. in the USA.

In the event that personal data is transferred to Google LLC. based in the USA, the provider has implemented the so-called standard contractual clauses of the European Union to ensure an adequate level of data protection.

You can find further information and the data protection provisions about advertising and Google here: https://www.google.com/policies/technologies/ads/

2. LEGAL BASIS FOR THE PROCESSING OF PERSONAL DATA

The processing is based on your consent in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR.

3. PURPOSE OF THE DATA PROCESSING

We use Google Ads Remarketing to present you with personalised advertising based on your previous visits to our website. This allows us to target you with adverts on other websites in the Google Display Network or in Google's search results. By recording and analysing your user behaviour on our website, we can optimise our marketing activities and present relevant content.

4. DURATION OF STORAGE

Google Remarketing cookies are generally valid for 30 days.

5. POSSIBILITY OF OBJECTION AND REMOVAL

It is possible to permanently deactivate the setting of cookies for advertising preferences. To do this, you can download and install the browser plug-in at the following link: https://www.google.com/settings/ads/onweb/.

Another option is to obtain information from the Digital Advertising Alliance at the Internet address https://www.aboutads.info about the setting of cookies and to make settings for this. Finally, you have the option of setting your browser so that you are informed about the setting of cookies and can decide individually whether to accept them or to exclude the acceptance of cookies for certain cases or in general. Please note, however, that rejecting cookies may restrict the functionality of our website.

Social media buttons

Our website uses social media buttons for Facebook, Instagram and LinkedIn to enable you to interact with the platforms.

These buttons are not integrated as plugins, but as links. By clicking the social media buttons, you will be forwarded directly to the page of the corresponding provider. The corresponding provider is responsible for compliance with data protection regulations and the accuracy, timeliness and completeness of the information provided there on data processing within the meaning of Art. 4 No. 7 GDPR.

Newsletter/ e-mail marketing

Our website offers the option of subscribing to a free newsletter. This is used by us to inform you about offers, news and product information. In return for subscribing to our newsletter, the user receives access to a bonus in connection with the respective newsletter promotion.

1. SCOPE OF THE PROCESSING OF PERSONAL DATA

When you register for the newsletter, the following data is transmitted to us

E-mail address

  • Consent to receive the newsletter

  • Consent to the privacy policy

  • Date and time of registration

  • if specified:

    • Salutation

      o First name and surname

      o Company

Double-Opt-In

Registration for the newsletter takes place via the double opt-in procedure. After registering, the user receives an initial e-mail in which they must explicitly agree to the registration. If the registration is not approved within 14 days, the data transmitted to us will be automatically deleted. After this time, it is no longer possible to confirm the registration by e-mail and a new registration must be made via our website.

Data processing

Registration for our newsletter requires the explicit consent of the user to the processing of their transmitted data. The data is processed in accordance with our privacy policy, which is referred to at the time of registration and confirmation. Personal data collected when registering for the newsletter will not be disclosed to CleverReach GmbH & Co. KG (Schafjückenweg 2, 26180 Rastede, Germany) for the purpose of sending and managing our newsletter using the email marketing software provided by the latter.

This concerns the following personal data

  • E-mail address

  • Consent to receive the newsletter

  • Acceptance of the privacy policy

  • Date and time of registration

  • if specified:

    • Salutation

    • First name

    • Surname

    • Company

Place of data storage

The data collected during newsletter registration is stored on servers of CleverReach GmbH & Co. KG servers in Germany and Ireland.

2 TRACKING

CleverReach enables us to analyse the recipients' interaction with the emails we send. This includes, among other things, the opening rate of the emails, unsubscribes from the newsletter, bounces and clicks. Furthermore, conversion tracking via Google Analytics can be used to track whether an action defined by us takes place after a link within an email has been clicked.

Further information on this: https://www.cleverreach.com/en-de/newsletter-tool/newsletter-reporting/

If an analysis by CleverReach is not desired, the user must explicitly unsubscribe from the newsletter. For this purpose, a corresponding link is provided in the footer of every email we send.

Further information on the data collected: https://www.cleverreach.com/de-de/datenschutz/

Data processing and forwarding

Data collection and processing by CleverReach takes place within the framework of an order processing contract (AVV), which is concluded in accordance with the provisions of the GDPR. No data is passed on to third parties in connection with data processing for sending the newsletter. The data collected is used exclusively for sending the newsletter and for marketing purposes.

3. LEGAL BASIS FOR DATA PROCESSING

The processing of data when registering for the newsletter takes place with the consent of the user on the basis of Art. 6 para. 1 lit. a GDPR. The purpose of collecting the user's email address is to deliver the newsletter and to provide information about further marketing campaigns.

4. RIGHT OF OBJECTION AND CANCELLATION

The data will be deleted as soon as it is no longer required to fulfil the purpose for which it was collected. The user's email address is only stored for as long as the subscription to the newsletter is active.

The subscription to the newsletter can be cancelled by the user at any time. There is a link for this purpose in the footer of every e-mail.

Cancellation of the data stored during active registration, as well as its disclosure, can be made via the email address dataprivacy@lemonize.de.

VII. CONTACT FORM AND E-MAIL CONTACT

1. DESCRIPTION AND SCOPE OF DATA PROCESSING

There is a contact form on our website that can be used to contact us electronically. If a user makes use of this option, the data entered in the input mask will be transmitted to us and stored.

Transmitted and stored data includes

  • Name

  • E-mail address

  • Message

The following data is also stored at the time the message is sent:

  • The IP address of the user

  • Date and time of sending

The user's consent is obtained for the processing of the data as part of the sending process and reference is made to this privacy policy.

Alternatively, it is possible to contact us via the e-mail address provided. In this case, the user's personal data transmitted with the e-mail will be stored.

The data will not be passed on to third parties in this context. The data is used exclusively for processing the contact and the subsequent exchange of messages.

2. LEGAL BASIS FOR DATA PROCESSING

The legal basis for the processing of the data is Art. 6 para. 1 lit. a GDPR if the user has given consent.

The legal basis for the processing of data transmitted in the course of sending an e-mail is Art. 6 para. 1 lit. f GDPR. If the e-mail contact is aimed at the conclusion of a contract, the additional legal basis for the processing is Art. 6 para. 1 lit. b GDPR.

3. PURPOSE OF DATA PROCESSING

The processing of the personal data from the input mask serves us solely to process the contact. If contact is made by email, this also constitutes the necessary legitimate interest in processing the data.

The other personal data processed during the sending process is used to prevent misuse of the contact form and to ensure the security of our information technology systems.

4. DURATION OF STORAGE

The data will be deleted as soon as it is no longer required to fulfil the purpose for which it was collected. For the personal data from the input mask of the contact form and those sent by e-mail, this is the case as soon as the respective conversation with the user has ended. The conversation is ended when it can be inferred from the circumstances that the matter in question has been conclusively clarified.

The additional personal data collected during the sending process will be deleted after a period of seven days at the latest.

5. POSSIBILITY OF OBJECTION AND CANCELLATION

The user has the option to revoke their consent to the processing of personal data at any time. If the user contacts us by e-mail, they can object to the storage of their personal data at any time. In such a case, the conversation cannot be continued.

All personal data stored in the course of contacting us will be deleted in this case.

Calendly

Our website uses the Calendly online appointment booking system. The service provider is the American company Calendly LLC, 271 17th St NW, 10th Floor, Atlanta, Georgia 30363, USA.

1. SCOPE OF THE PROCESSING OF PERSONAL DATA

A connection is established between the browser used and the Calendly servers via the IFrame provided by Calendly and a direct exchange of data with Calendly takes place. When using the Calendly appointment booking service, the user's personal data such as name, e-mail address and website link are requested and stored on Calendly's servers. In addition, the user has the opportunity to describe their request and provide us with further information. All information that a user sends using the form is transmitted to the Calendly servers and stored there. Calendly uses functional and optional cookies to collect and store data on our website. Functional cookies are set the first time pages with the Calendly IFrame are accessed, other optional cookies are only set with the user's consent. Consent can be revoked and managed at any time in the Calendly Cookie Consent Tool. The tool is available on every page with the Calendly integration and is located at the bottom left of the IFrame.

2. LEGAL BASIS FOR THE PROCESSING OF PERSONAL DATA

The processing of your data is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG, insofar as this consent includes access to information in the user's terminal device or the storage of cookies within the meaning of the TTDSG. In addition, the legal basis for the use of Calendly is Art. 6 para. 1 lit. f GDPR, as there is a legitimate interest in entering into a direct exchange with customers, potential customers and other interested parties and processing inquiries directly and as quickly as possible.

3. PURPOSE OF THE DATA PROCESSING

We use Calendly to facilitate and automate the planning and arrangement of consultation, sales and demo appointments. The data provided by the user is used exclusively for scheduling and managing appointments. This generally includes the name, e-mail address and any other relevant contact data required to confirm and communicate an appointment. User data will not be used for other purposes or passed on to third parties unless this is necessary for the execution of the agreed appointment or required by law. We take appropriate measures to protect the data collected and ensure its confidentiality.

4. DURATION OF STORAGE

The user and customer data stored in connection with the booking of appointments will be deleted as soon as the purpose of the processing has been fulfilled and further storage of the data is no longer necessary. Mandatory statutory provisions on retention periods remain unaffected. The EU Commission's Standard Contractual Clauses (SCC) apply to data transfers to the USA. Further information can be found here: https://calendly.com/privacy and https://calendly.com/pages/dpa

5. POSSIBILITY OF OBJECTION AND REMOVAL

The user can withdraw their consent at any time with effect for the future. The legality of the data processing that has already taken place is not affected by the revocation. The use of appointment booking is optional. However, if there are any concerns regarding the processing of data by Calendly, we offer alternative contact options by e-mail or telephone. Further information on this can be found under the menu item “Contact”.

VIII Plugins

Google Maps plugin

This website uses the Google Maps service, a map service provided by Google Inc (1600 Amphitheatre Parkway Mountain View, CA 94043, USA).

1.SCOPE OF THE PROCESSING OF PERSONAL DATA

The Google Maps API provided by Google is used to display the Google Maps component on our website. No cookies are stored on the user's device when the map is displayed.

To create a route, the user is redirected to the external Google Maps page. The data processed in this process is subject to the data protection provisions of Google LLC (1600 Amphitheatre Parkway Mountain View, CA 94043, United States of America).

The connection to Google can be used to determine from which website the enquiry was sent and from which location the directions are to be created. To determine the location, the approximate position of the user is used, which is sent to Google by their end device or manual input and after their consent.

You can find more information on the terms of use of Google Maps and data processing by Google on the Google website:

http://www.google.com/intl/den_de/help/terms_maps.html

http://www.google.com/privacypolicy.html

2.LEGAL BASIS FOR THE PROCESSING OF PERSONAL DATA

The legal basis is Art. 6 para. 1 lit. a GDPR.

3.PURPOSE OF THE DATA PROCESSING

We use Google Maps on our website to display our location and to provide directions.

4.DURATION OF STORAGE

Google Maps does not use cookies. No data is stored on the browser side.

5.POSSIBILITY OF OBJECTION AND REMOVAL

The use of the Google Maps plugin must be explicitly consented to. If you no longer wish to use the Google Maps map service, you can deactivate the Google Maps service via the cookie banner and prevent further data transmission to Google. However, we would like to point out that in this case you will no longer be able to use all the functions of the map view on our website.

IX. RIGHTS OF THE DATA SUBJECT

If personal data of users are processed, the user is a data subject within the meaning of the GDPR and has the following rights towards the controller:

1. RIGHT TO INFORMATION

Data subjects can request confirmation from the controller as to whether personal data concerning them is being processed by Lemonize GmbH.

If such processing is taking place, the data subject can request the following information from the controller:

  • the purposes for which the personal data are processed

  • the categories of personal data that are processed

  • the recipients or categories of recipients to whom the personal data concerning you have been or will be disclosed

  • the envisaged period for which the personal data concerning you will be stored, or, if specific information on this is not possible, the criteria used to determine that period

  • the existence of a right to rectification or erasure of personal data concerning you, a right to restriction of processing by the controller or a right to object to such processing

  • the existence of a right to lodge a complaint with a supervisory authority

  • all available information about the origin of the data if the personal data is not collected from the data subject

  • You have the right to request information as to whether the personal data concerning you is transferred to a third country or to an international organisation. In this context, you may request to be informed of the appropriate safeguards pursuant to Art. 46 GDPR in connection with the transfer.

2. RIGHT TO RECTIFICATION

Data subjects have a right to rectification and/or completion vis-à-vis the controller if the processed personal data concerning them is incorrect or incomplete. The controller must carry out the rectification without undue delay.

3. RIGHT TO RESTRICTION OF PROCESSING

Under the following conditions, a data subject may request the restriction of the processing of personal data concerning him/her:

  • if the data subject contests the accuracy of the personal data concerning him or her for a period enabling the controller to verify the accuracy of the personal data

  • the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead

  • the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims, or

  • the data subject has objected to processing pursuant to Art. 21 (1) GDPR pending the verification whether the legitimate grounds of the controller override those of the data subject.

Where processing of the personal data concerned has been restricted, such data shall, with the exception of storage, only be processed with the data subject's consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.

If the restriction of processing has been restricted in accordance with the above conditions, the data subject shall be informed by the controller before the restriction of processing is lifted.

4. RIGHT TO ERASURE

A) OBLIGATION TO ERASE

The data subject may request the controller to erase personal data concerning him or her without undue delay and the controller shall have the obligation to erase such data without undue delay where one of the following grounds applies:

  • the personal data concerning him/her are no longer necessary for the purposes for which they were collected or otherwise processed

  • the data subject withdraws consent on which the processing is based according to Art. 6 para. 1 lit. a or Art. 9 para. 2 lit. a GDPR, and where there is no other legal ground for the processing

  • the data subject objects to the processing pursuant to Art. 21 (1) GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Art. 21 (2) GDPR

  • the personal data in question has been processed unlawfully.

  • the deletion of the personal data concerned is necessary to fulfill a legal obligation under Union law or the law of the Member States to which the controller is subject

  • the personal data have been collected in relation to the offer of information society services referred to in Art. 8 (1) GDPR

B) INFORMATION TO THIRD PARTIES

Where the controller has made the personal data public and is obliged pursuant to Art. 17 (1) GDPR to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that the data subject has requested the erasure by such controllers of any links to, or copy or replication of, those personal data.

C) EXCEPTIONS

The right to erasure does not apply if the processing is necessary

  • for exercising the right of freedom of expression and information

  • for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller

  • for reasons of public interest in the area of public health in accordance with Art. 9 para. 2 lit. h and i and Art. 9 para. 3 GDPR

  • for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Art. 89 para. 1 GDPR, insofar as the right referred to in section a) is likely to render impossible or seriously impair the achievement of the objectives of that processing, or

  • for the establishment, exercise or defense of legal claims.

5. RIGHT TO INFORMATION

If the data subject has asserted the right to rectification, erasure or restriction of processing against the controller, the controller is obliged to notify all recipients to whom the personal data concerned have been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves a disproportionate effort.

The data subject has the right to be informed of these recipients by the controller.

6. RIGHT TO DATA PORTABILITY

The data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to the controller, in a structured, commonly used and machine-readable format. In addition, the data subject has the right to transmit this data to another controller without hindrance from the controller to which the personal data has been provided, provided that

  • the processing is based on consent pursuant to Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR or on a contract pursuant to Art. 6 para. 1 lit. b GDPR and

  • the processing is carried out by automated means.

In exercising this right, the data subject also has the right to obtain that the personal data concerning him or her be transferred directly from one controller to another controller, insofar as this is technically feasible. The freedoms and rights of other persons must not be impaired by this.

The right to data portability does not apply to the processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

7. RIGHT TO OBJECT

The data subject has the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on point (e) or (f) of Article 6(1) GDPR, including profiling based on those provisions.

The controller shall no longer process the personal data concerned unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defense of legal claims.

Where personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning him or her for such marketing, which includes profiling to the extent that it is related to such direct marketing.

If the data subject objects to the processing for direct marketing purposes, the personal data concerning him or her will no longer be processed for these purposes.

In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, the data subject may exercise his or her right to object by automated means using technical specifications.

8. RIGHT TO REVOKE THE DECLARATION OF CONSENT UNDER DATA PROTECTION LAW

The data subject has the right to withdraw their declaration of consent under data protection law at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

9. AUTOMATED DECISION-MAKING IN INDIVIDUAL CASES, INCLUDING PROFILING

The data subject has the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her. This does not apply if the decision

  • is necessary for the conclusion or performance of a contract between the data subject and the controller

  • is authorized by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard the data subject's rights and freedoms and legitimate interests, or

  • with his or her express consent.

However, these decisions may not be based on special categories of personal data pursuant to Art. 9 para. 1 GDPR, unless Art. 9 para. 2 lit. a or g GDPR applies and appropriate measures have been taken to protect the rights and freedoms as well as its legitimate interests.

With regard to the cases referred to in (1) and (3), the data controller shall implement suitable measures to safeguard the data subject's rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express his or her point of view and to contest the decision.

10. RIGHT TO LODGE A COMPLAINT WITH A SUPERVISORY AUTHORITY

Without prejudice to any other administrative or judicial remedy, the data subject shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of his or her habitual residence, place of work or place of the alleged infringement if the data subject considers that the processing of personal data relating to him or her infringes the GDPR.

The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Art. 78 GDPR.

X. Social media presence

Lemonize GmbH has publicly accessible profiles on the social media platforms Instagram, Facebook and LinkedIn. We would like to point out that our publicly accessible profiles are only one of several options for contacting us or obtaining information. Further options are available on our website in the form of a contact form.

1. DATA PROCESSING

If a user is logged into their social media account and visits our public social media profiles, the operator of the respective platform can assign their visit to their social media account.

The platforms can use this data to create user profiles in order to store your preferences and interests and to display interest-based advertising inside and outside the platform.

The social networks Instagram, Facebook and LinkedIn may also collect data about user interactions with our fan pages in accordance with their own privacy policies. This may include the processing of personal data such as demographic information, location data, device information and interactions. We would like to point out that we have no insight into all processing procedures within the respective social media platforms. Further details can be found in the terms of use and privacy policies of the respective social media platforms.

We reserve the right to amend this privacy policy by publishing the new content on our website. After the change, the privacy notice will appear on the website in a new version with a new date. In the event of a change to the privacy policy, of which users must be informed in accordance with local data protection laws, we will notify you directly. This will be done electronically, by means of a notice at the entrance to the website or in any other way that makes it easiest to access this information.

If a change means that we need to obtain users' consent again in order to process their personal data, we will ask for their consent again.

Current data protection and cookie policy: Version 1/2024 25.03.2024