Data Protection and Privacy Policy

We are delighted that you are interested in our company, products, and services and would like to provide you with some key information regarding our approach to protecting your personal data. Protecting personal data is crucial, particularly in tomorrow's Internet-based business models and when developing Internet-based economies. In this data protection statement, we therefore aim to emphasize our dedication to protecting your personal data.

Our employees as well as the service providers appointed by us are bound to confidentiality and to observing the General Data Protection Regulation (EU) 2016/679 (GDPR) and any other relevant data protection regulations. We take protecting your personal data very seriously and conscientiously follow the rules of data protection acts.

1. Contacts

Contact for the responsible company and CEO:

IB-Lenhardt AG
Daniel Lenhardt
Heinrich-Hertz-Allee 7
66386 St. Ingbert
E-Mail: d.lenhardt@ib-lenhardt.de
Phone: +49 6894 38938-20
Fax: +49 6894 38938-99

Contact for the Data Protection Officer:

Fabian Hewer
Heinrich-Hertz-Allee 7
66386 St. Ingbert
E-Mail: datenschutz@ib-lenhardt.de
Phone: +49 6894 38938-53
Fax: +49 6894 38938-99

Contact for the Supervisory Authority:

Unabhängiges Datenschutzzentrum Saarland
Fritz-Dobisch-Str. 12
66111 Saarbrücken
E-Mail: poststelle@datenschutz.saarland.de
Phone: +49 0681 94781-0
Fax: +49 0681 94781-29

2. Collection and storage of personal data and purpose of their use

a) When visiting our website

The web browser you use on your device automatically sends data to our website once it is loaded. This information is stored temporarily in a so-called log file. The following information is logged automatically and stored until it is automatically deleted:

  • IP address of the requesting device

  • Date and time of the request

  • Name and URL of the requested file

  • Website from which the request originated (referer URL);

  • browser software used, possibly the operating system of your device and the name of your access provider.

The data points listed above are processed to the following end:

  • Ensuring the flawless delivery of the website

  • Assuring the comfortable use of our website

  • Analysis for system stability and security

GDPR Article 6 (1) point (f) forms the legal basis for this data processing. Our legitimate interest arises from the aforementioned purposes of gathering data. In no case we use the gathered data to draw conclusions about your person.

Furthermore, when visiting our website we make use of cookies and analytical services (Google Analytics). You can find more information on this in sections 4 and 5 of this document.


b) When signing up to our newsletter

If you have expressly agreed to do so according to GDPR Article 6(1)(a), we use your e-mail address to regularly send you our newsletter. Providing an e-mail address is sufficient for receiving our newsletter. Unsubscribing is possible at any time, i. e. via a link at the end of each newsletter. You may also send us your desire to unsubscribe by e-mail to privacy@ib-lenhardt.de.


c) When using our contact form

For questions of any kind we provide the possibility to get in touch with us through a contact form on our website. This requires giving a correct name and a valid e-mail address, so that we know who contacted us and to reply. Further details may be provided voluntarily.

Processing the data to the end of contacting us follows GDPR Article 6(1)(a) on basis of your voluntary consent.

Personal data gathered by using our contact form is automatically deleted after we have completed your request.

3. Passing on your data

Transmission, proliferation and passing-on of your data to any third party does not take place, with the following purposeful exceptions:

We will pass on your data only to a third party if:

  • you have given your express permission according to GDPR Article 6(1)(a);

  • necessary for the enforcement, exercise or defense of legal interests and there are no grounds for the assumption that you may have a substantially predominate interest in the protection and non-disclosure of your data, according to GDPR Article 6(1)(f);

  • there are legal obligations to do so, according to GDPR Article 6(1)(c); or

  • doing so is in accordance to GDPR Article 6(1)(b) in order to fulfill a contract with you.

4. Cookies

On our website we use cookies. These are small files, which your browser creates automatically and stores on your device (i. e. computer, notebook, tablet, smart phone) when you visit our website. Cookies cannot harm your device; they contain no viruses, trojans or other malware. A cookie may contain information that relates to your specific device. But this does not mean that we automatically and directly know your identity or who you are.

On the one hand we use cookies to give you a better browsing experience on our website. Thus, we may use so-called session cookies to see that you have visited a certain page from our website before. Your browser deletes them automatically as soon as you close it.

Furthermore, we may also use temporary cookies for a pre-defined time range on your device. We do this to constantly improve our website and give you a better browsing experience; for example, this may spare you from re-entering information you already entered into a form on a previous visit to our website.

On the other hand, we use cookies to gather statistical information, which will be processed to the end of improving our website for the future (see also section 5). These cookies let us know that you’ve already been here before. After a pre-defined time range, these cookies are deleted automatically as well.

Data processed through our Cookies constitute a legitimate interest of both ourselves and of third-parties according to GDPR Article 6(1)(f).

Most browsers accept cookies automatically. However, you may configure your browser to not store cookies at all on your computer or that each you are informed before a new cookie is created. But please note that full deactivation of cookies may result in the inability to use all features of our website.

5. Analysis tools, marketing, services

The following technologies are used to place interest-based advertising and to analyze and optimize the use of our website.

Use of SalesViewer® technology

This website uses SalesViewer® technology from SalesViewer® GmbH on the basis of the website operator’s legitimate interests (Section 6 paragraph 1 lit.f GDPR) in order to collect and save data on marketing, market research and optimisation purposes.

In order to do this, a javascript based code, which serves to capture company-related data and according website usage. The data captured using this technology are encrypted in a non-retrievable one-way function (so-called hashing). The data is immediately pseudonymised and is not used to identify website visitors personally

The data stored by Salesviewer will be deleted as soon as they are no longer required for their intended purpose and there are no legal obligations to retain them.

The data recording and storage can be repealed at any time with immediate effect for the future, by clicking on https://www.salesviewer.com/opt-out in order to prevent SalesViewer® from recording your data. In this case, an opt-out cookie for this website is saved on your device. If you delete the cookies in the browser, you will need to click on this link again.


Cloudflare

Description of the service

Cloudflare is a service that offers websites increased security and performance. For example, Cloudflare offers a Content Delivery Network ("CDN") to improve website loading times. The use of a CDN enables the user to make content available for retrieval more quickly with the help of regionally or internationally distributed servers.

Processing company

Cloudflare Inc, 101 Townsend St., San Francisco, CA 94107, United States of America

Purpose of the data

This list shows the purposes of data collection and processing.

  • Optimization

  • Website security

  • Improvement of the service

  • Reducing bandwidth usage

Technologies used

This list shows all the technologies that this service uses to collect data.

  • Cookies

Data collected

This list contains all (personal) data collected by or through the use of this service.

  • IP address

  • System configuration information

  • Name of the website

  • Date and time of the request

  • Name and URL of the retrieved file

  • Amount of data transferred

  • Status information

  • Device operating system

  • Referrer URL

  • Requesting provider

  • Device type

  • Time of the server request

Legal basis

The required legal basis for the processing of data is stated below

Art. 6 para. 1 sentence 1 lit. f GDPR

Retention period

The retention period is the period of time during which the collected data is stored for processing. The data must be deleted as soon as it is no longer required for the specified processing purposes.

The data is deleted as soon as it is no longer required for the purposes of processing.

Data recipients

The recipients of the data collected are listed below

Cloudflare Group


Google AJAX

Description of the service

This is a stable, reliable, globally available high-speed content delivery network ("CDN") for the most popular open source JavaScript libraries

Processing company

Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland

Purpose of the data

This list shows the purposes of data collection and processing.

  • Delivering content

Technologies used

This list shows all the technologies used by this service to collect data.

  • JavaScript

Data collected

This list contains all (personal) data collected by or through the use of this service.

  • IP address

  • Browser information

  • Geographical location

  • Websites visited

Legal basis

The required legal basis for the processing of data is stated below

Art. 6 para. 1 sentence 1 lit. a GDPR

Retention period

The retention period is the period of time during which the collected data is stored for processing. The data must be deleted as soon as it is no longer required for the specified processing purposes.

Data is deleted as soon as it is no longer required for the processing purposes.

Data recipients

The recipients of the collected data are listed below

  • Google LLC

  • Google Ireland Limited

  • Alphabet Inc

Google Fonts

Description of the service

This is a collection of fonts for commercial and personal use.

Processing company

Google Ireland Limited, Gordon House, 4 Barrow St, Dublin 4, Ireland

Purpose of the data

This list shows the purposes of data collection and processing.

  • Provision of fonts

  • Improvement of the service

Technologies used

This list shows all the technologies that this service uses to collect data.

  • API

Collected data

This list contains all (personal) data collected by or through the use of this service.

  • IP address

  • Aggregated usage figures

  • Font request

  • Referrer URL

  • CSS requests

  • User Agent

  • Browser information

Legal basis

The required legal basis for the processing of data is stated below

Art. 6 para. 1 sentence 1 lit. a GDPR

Retention period

The retention period is the period of time during which the collected data is stored for processing. The data must be deleted as soon as it is no longer required for the specified processing purposes.

Data is deleted as soon as it is no longer required for the processing purposes.

Data recipients

The recipients of the data collected are listed below

Alphabet Inc, Google LLC, Google Ireland Limited

Google Tag Manager

Description of the service

This is a tag management system. Google Tag Manager allows tags to be integrated centrally via a user interface. Tags are small sections of code that can track activities. Script codes from other tools are integrated via the Google Tag Manager. The Tag Manager makes it possible to control when a specific tag is triggered.

Processing company

Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland

Purpose of the data

This list shows the purposes of data collection and processing.

  • Tag management

Technologies used

This list shows all the technologies used by this service to collect data.

  • Website tags

Collected data

This list contains all (personal) data collected by or through the use of this service.

  • Aggregated data about the tag triggering

Legal basis

The required legal basis for the processing of data is stated below

Art. 6 para. 1 sentence 1 lit. a GDPR

Retention period

The retention period is the period of time during which the collected data is stored for processing. The data must be deleted as soon as it is no longer required for the specified processing purposes.

The data is deleted as soon as it is no longer required for the purposes of processing.

Data recipients

The recipients of the data collected are listed below

Alphabet Inc, Google LLC, Google Ireland Limited



gstatic.com

Description of the service

This is a domain used by Google to offload static content to another domain name in order to reduce bandwidth usage and increase network performance for the end user.

Processing company

Alphabet Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043-1351, United States of America

Purpose of the data

This list shows the purposes of data collection and processing.

  • Increase network performance

  • Reducing bandwidth usage

Technologies used

This list shows all the technologies that this service uses to collect data.

  • JavaScript

Data collected

This list contains all (personal) data collected by or through the use of this service.

  • Images

  • CSS

Legal basis

The required legal basis for the processing of data is stated below

Art. 6 para. 1 sentence 1 lit. f GDPR

Retention period

The retention period is the period of time during which the collected data is stored for processing. The data must be deleted as soon as it is no longer required for the specified processing purposes.

Requests for CSS assets are stored temporarily for 1 day, font files are stored temporarily for one year. Some information is stored until it is removed by the user, some expires after a certain time, some is stored until the user's Google account is deleted.

Data recipients

The recipients of the data collected are listed below

Alphabet Inc, Google LLC, Google Ireland Limited



Hotjar

Description of the service

This is a web analysis service. It is used to collect data about user behavior. Hotjar may also process information provided by you as part of surveys and feedback functions that are integrated on our website.

Processing company

Hotjar Limited, Dragonara Business Centre, 5th Floor, Dragonara Road, Paceville St Julian's STJ 3141, Malta

Purpose of the data

This list sets out the purposes of data collection and processing.

  • Analysis

  • feedback

Technologies used

This list shows all the technologies used by this service to collect data.

Cookies

Collected data

This list contains all (personal) data collected by or through the use of this service.

  • Date and time of the visit

  • Device type

  • Geographical location

  • IP address

  • Mouse movements

  • Pages visited

  • Referrer URL

  • Screen resolution

  • Unique device identifier

  • Language information

  • Device operating system

  • Browser type

  • Clicks

  • Domain name

  • Unique user ID

  • Responses to surveys

Legal basis

The required legal basis for the processing of data is stated below

Art. 6 para. 1 sentence 1 lit. a GDPR

Retention period

The retention period is the period of time during which the collected data is stored for processing. The data must be deleted as soon as it is no longer required for the specified processing purposes.

Data about your visit and your activities on the website are generally stored for 365 days and then automatically deleted. This does not apply to information collected as part of surveys and incoming feedback. However, the data will always be deleted as soon as it is no longer required for the purposes of processing.

Data recipients

The recipients of the data collected are listed below.

Hotjar Ltd, Amazon Web Services EMEA SARL, Datadog Inc, Functional Software Inc.



New Relic

Description of the service

This is a performance analysis service.

Processing company

New Relic Inc, 188 Spear Street, Suite 1200, San Francisco, CA 94105, United States of America

Purpose of the data

This list shows the purposes of data collection and processing.

  • Marketing purposes

  • Digital performance monitoring

  • analysis

Technologies used

This list shows all the technologies used by this service to collect data.

  • cookies

  • Mobile SDK

  • API

Collected data

This list contains all (personal) data collected by or through the use of this service.

  • Browser information

  • Date and time of the visit

  • Device information

  • Device operating system

  • Domain name

  • Geographical location

  • IP address

  • Performance data

  • Unique device identifier

  • Usage data

  • User ID

  • Database query

Legal basis

The required legal basis for the processing of data is stated below

Art. 6 para. 1 sentence 1 lit. a GDPR

Retention period

The retention period is the period of time during which the collected data is stored for processing. The data must be deleted as soon as it is no longer required for the specified processing purposes.

Data is deleted as soon as it is no longer required for the processing purposes.

Data recipients

The recipients of the collected data are listed below.

New Relic Inc.



Usercentrics Consent Management Platform

Description of the service

This is a consent management service. Usercentrics GmbH is used on the website as a processor for the purpose of consent management.

Processing company

Usercentrics GmbH, Sendlinger Str. 7, 80331 Munich, Germany

Purpose of the data

This list shows the purposes of data collection and processing.

  • Compliance with legal obligations

  • Consent storage

Technologies used

This list shows all the technologies that this service uses to collect data.

  • Local Storage

  • Pixel

Collected data

This list contains all (personal) data collected by or through the use of this service.

  • Opt-in and opt-out data

  • Referrer URL

  • User agent

  • User settings

  • Consent ID

  • Time of consent

  • Consent type

  • Template version

  • Banner language

  • IP address

  • Geographical location

Legal basis

The required legal basis for the processing of data is stated below

Art. 6 para. 1 sentence 1 lit. c GDPR

Retention period

The retention period is the period of time during which the collected data is stored for processing. The data must be deleted as soon as it is no longer required for the specified processing purposes.

Consent data (consent given and withdrawal of consent) is stored for one year. The data will then be deleted immediately.

Data recipients

The recipients of the data collected are listed below.

Usercentrics GmbH



Vimeo

Description of the service

This is a service for displaying video content.

Processing company

Vimeo LLC, 555 West 18th Street, New York, New York 10011, United States of America

Purpose of the data

This list shows the purposes of data collection and processing.

  • Show videos

Technologies used

This list shows all the technologies used by this service to collect data.

  • Cookies

Collected data

This list contains all (personal) data collected by or through the use of this service.

  • Browser information

  • Browser language

  • Browser type

  • Cookie information

  • Device information

  • Device operating system

  • Information from third-party sources

  • IP address

  • Pages visited

  • Referrer URL

  • Information provided by users on the site

  • Search queries

  • Geographical location

  • Viewed content

Legal basis

The required legal basis for the processing of data is stated below

Art. 6 para. 1 sentence 1 lit. a GDPR

Retention period

The retention period is the period of time during which the collected data is stored for processing. The data must be deleted as soon as it is no longer required for the specified processing purposes.

Data is deleted as soon as it is no longer required for the processing purposes.

Data recipients

The recipients of the data collected are listed below.

Vimeo LLC

YouTube Video

Description of the service

This is a video player service. It can be used by the user to watch, share, comment on and upload videos.

Processing company

Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland

Purpose of the data

This list shows the purposes of data collection and processing.

Show videos

Technologies used

This list shows all the technologies used by this service to collect data.

  • Cookies (if the "Privacy-Enhanced" mode is not activated)

Collected data

This list contains all (personal) data collected by or through the use of this service.

  • Device information

  • IP address

  • Referrer URL

  • Viewed videos

Legal basis

The required legal basis for the processing of data is stated below

Art. 6 para. 1 sentence 1 lit. a GDPR

Retention period

The retention period is the period of time during which the collected data is stored for processing. The data must be deleted as soon as it is no longer required for the specified processing purposes.

Data is deleted as soon as it is no longer required for the processing purposes.

Data recipients

The recipients of the collected data are listed below.

  • Alphabet Inc.

  • Google LLC

  • Google Ireland Limited

DoubleClick Ad

Description of the service

This is an advertising service. With this service it is possible to provide relevant ads to users and receive campaign reports.

Processing company

Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland

Purpose of the data

This list shows the purposes of data collection and processing.

  • Advertising

  • analysis

  • Optimization

Technologies used

This list shows all the technologies used by this service to collect data.

  • cookies

Collected data

This list contains all (personal) data collected by or through the use of this service.

  • Browser information

  • Click path

  • Cookie information

  • Date and time of visit

  • Demographic data

  • Device identifier

  • Location information

  • Hardware/software type

  • Internet service provider

  • IP address

  • Frequency with which ads are seen

  • Providing domains

  • Interaction data

  • Views of the page

  • Search history

Legal basis

The required legal basis for the processing of data is stated below

Art. 6 para. 1 sentence 1 lit. a GDPR

Retention period

The retention period is the period of time during which the collected data is stored for processing. The data must be deleted as soon as it is no longer required for the specified processing purposes.

Data is deleted as soon as it is no longer required for the processing purposes.

Data recipients

The recipients of the collected data are listed below

  • Google Ireland Limited

  • Google LLC

  • Alphabet Inc.



Google Ads

Description of the service

This is an advertising service. This service can be used to display personalized or non-personalized advertising to users.

Processing company

Google Ireland Limited, Google Building Gordon House, 4 Barrow Street, Dublin D04 E5W5, Ireland

Purpose of the data

This list shows the purposes of data collection and processing.

  • Advertising

  • analysis

  • Provision of services

  • statistics

Technologies used

This list shows all the technologies used by this service to collect data.

  • cookies

Collected data

This list contains all (personal) data collected by or through the use of this service.

  • Advertisements viewed

  • Cookie ID

  • Date and time of the visit

  • Device information

  • Geographical location

  • IP address

  • Search terms

  • Advertising displayed

  • Customer ID

  • Impressions

  • Online identifiers

  • Browser information

Legal basis

The required legal basis for the processing of data is stated below

Art. 6 para. 1 sentence 1 lit. a GDPR

Retention period

The retention period is the period of time during which the collected data is stored for processing. The data must be deleted as soon as it is no longer required for the specified processing purposes.

The data is deleted as soon as it is no longer required for the purposes of processing. Log data is anonymized after 9 months and cookie information after 18 months.

Data recipients

The recipients of the data collected are listed below

Alphabet Inc, Google LLC, Google Ireland Limited



Google AdServices

Description of the service

This is an advertising service.

Processing company

Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland

Purpose of the data

This list shows the purposes of data collection and processing.

Advertising

Targeting

Technologies used

This list shows all the technologies used by this service to collect data.

  • Cookies

Collected data

This list contains all (personal) data collected by or through the use of this service.

  • Click path

  • events

  • IP address

  • Referrer URL

  • Touchpoint to the advertising material

  • Transaction

  • User Agent

  • Pages viewed

Legal basis

The required legal basis for the processing of data is stated below

Art. 6 para. 1 sentence 1 lit. a GDPR

Retention period

The retention period is the period of time during which the collected data is stored for processing. The data must be deleted as soon as it is no longer required for the specified processing purposes.

The data is deleted as soon as it is no longer required for the purposes of processing.

Data recipients

The recipients of the collected data are listed below

  • Google LLC

  • Google Ireland Limited

  • Alphabet Inc



Google Analytics

Description of the service

This is a web analytics service. It allows the user to measure advertising return on investment (ROI) and track user behavior with Flash, video, websites and applications.

Processing company

Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland

Purpose of the data

This list shows the purposes of data collection and processing.

  • marketing

  • analysis

Technologies used

This list shows all the technologies used by this service to collect data.

  • cookies

  • pixels

  • JavaScript

Collected data

This list contains all (personal) data collected by or through the use of this service.

  • Click path

  • Date and time of the visit

  • Device information

  • Location information

  • IP address

  • Pages visited

  • Referrer URL

  • Browser information

  • Host name

  • Browser language

  • Browser type

  • Screen resolution

  • Device operating system

  • Interaction data

  • User behavior

  • Visited URL

  • Cookie ID

Legal basis

The required legal basis for the processing of data is stated below

Art. 6 para. 1 sentence 1 lit. a GDPR

Retention period

The retention period is the period of time during which the collected data is stored for processing. The data must be deleted as soon as it is no longer required for the specified processing purposes.

The retention period depends on the type of data stored. Each user can choose how long Google Analytics stores data before it is automatically deleted.

Data recipients

The recipients of the data collected are listed below

Google Ireland Limited, Alphabet Inc, Google LLC



Google Syndication

Description of the service

This is a Google domain used to store and load ad content and other resources related to ads for Google AdSense and DoubleClick from the Google CDN.

Processing company

Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland

Purpose of the data

This list shows the purposes of data collection and processing.

Saving and loading ad content

Technologies used

This list shows all the technologies that this service uses to collect data.

Web beacons

Collected data

This list contains all (personal) data collected by or through the use of this service.

  • Category of ads

  • Ads clicked on

  • Interaction with ads

Legal basis

The required legal basis for the processing of data is stated below

Art. 6 para. 1 sentence 1 lit. a GDPR

Retention period

The retention period is the period of time during which the collected data is stored for processing. The data must be deleted as soon as it is no longer required for the specified processing purposes.

Data is deleted as soon as it is no longer required for the processing purposes.

Data recipients

The recipients of the collected data are listed below

  • Google LLC

  • Google Ireland Limited

  • Alphabet Inc



LinkedIn Insight Tag

Description of the service

This is a conversion tracking and retargeting service.

Processing company

LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland

Purpose of the data

This list shows the purposes of data collection and processing.

  • Marketing and

  • Retargeting

  • analysis

Technologies used

This list shows all the technologies used by this service to collect data.

  • cookies

  • pixels

Collected data

This list contains all (personal) data collected by or through the use of this service.

  • Device information

  • IP address

  • Referrer URL

  • Timestamp

  • Browser information

Legal basis

The required legal basis for the processing of data is stated below

Art. 6 para. 1 sentence 1 lit. a GDPR

Retention period

The retention period is the period of time during which the collected data is stored for processing. The data must be deleted as soon as it is no longer required for the specified processing purposes.

The data is deleted after 90 days.

Data recipients

The recipients of the data collected are listed below

LinkedIn Ireland Unlimited Company



nr-data.net

Description of the service

This is a performance monitoring service.

Processing company

New Relic Corporation, 188 Spear St., Suite 1200, San Francisco, CA 94105, United States of America

Purpose of the data

This list shows the purposes of data collection and processing.

  • Optimization

Technologies used

This list shows all the technologies that this service uses to collect data.

  • SDKs

  • cookies

Collected data

This list contains all (personal) data collected by or through the use of this service.

  • IP address

  • Websites visited

  • Device identifier

Legal basis

The required legal basis for the processing of data is stated below

Art. 6 para. 1 sentence 1 lit. a GDPR

Retention period

The retention period is the period of time during which the collected data is stored for processing. The data must be deleted as soon as it is no longer required for the specified processing purposes.

The data is deleted as soon as it is no longer required for the purposes of processing

Google Enhanced Conversions
On our website, we use Google Ads Enhanced Conversions provided by Google Inc. (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, "Google").

By using Google Ads Enhanced Conversions, we can better understand and optimize the performance of our advertising campaigns. For this purpose, we collect the email addresses and phone numbers you enter on our website (hereafter referred to as PIs) in a hashed format for further use in this process. Enhanced Conversions is a feature that improves the accuracy of conversion tracking while protecting user privacy by supplementing existing conversion tags with hashed PIs from the website. As part of the Enhanced Conversion feature, your hashed PIs are transmitted to Google on specific pages.

These measures are only implemented if you have consented to the use of this Google Conversion function in the tool settings. The enrichment of existing data is, of course, subject to the consent provided for this purpose. Only data from the sources you have agreed to are used.

Data Processor
Google Ireland Limited
Gordon House, Barrow Street
Dublin 4
Ireland

Privacy Information of the Data Processor
Below is the email address of the data protection officer of the processing company:
data-access-requests@google.com

Purposes of Data Processing

  • Advertising, recommendations, insights, and measurements

  • Performance

  • Analytics and research

Data Collected
The following is a list of data collected through the use of this service:

  • Hashed email address

  • Hashed phone number
    Data is hashed using the SHA-256 encryption method.

The following list contains data not specifically collected for this process but already available for data processing and use within the respective services:

  • Information about your online behavior on our platforms, e.g., pages visited, forms filled out, products purchased, services used, etc.

Legal Basis
The following is the legal basis required for the processing of personal data:

  • Art. 6 para. 1 sentence 1 lit. a GDPR (Consent)

Location of Processing
European Union, worldwide

Retention Period
90 days

Data Recipients
Google and its worldwide affiliates

Transfer to Third Countries
Worldwide

Further Information
Click here to read the data processor’s privacy policy, obtain additional information, and manage your consents with Google:
https://policies.google.com/?gl=de&hl=de

6. Your rights as affected person

You have the right to:

  • demand disclosure of your personal data processed by us (GDPR Article 15). You may especially demand disclosure on the purposes of processing, the categories of personal data, the categories of recipients having or will have obtained disclosure of your data, the planned retention period, the existence of a right to correction, deletion, limitation of processing or the objection thereof, the existence of a right to appeal, the origin of your data as far as it has not been obtained by us, as well as the existence of an automatic decision-making process including profiling and potentially substantial information on the details thereof;

  • demand the immediate correction of wrong or completion of your personal data stored by us (GDPR Article 16);

  • demand the deletion of your personal data stored by us, as far as they are not necessary to exercising freedom of expression and information, fulfilling duty under law, on grounds of public interest or for the enforcement, exercise or defense of legal interests (GDPR Article 17);

  • demand the limitation of processing your personal data, as long you dispute its correctness, claim unlawful processing thereof, you however deny deletion and we no longer need the data, you however need it to enforce, exercise or defend legal claims or have according to GDPR Article 21 objected the processing of your data (GDPR Article 18);

  • demand your personal data which you have provided us in a common structured and machine-readable format or demand the transfer thereof to a named third party (GDPR Article 20);

  • revoke your one-time consent against us, followed the cease of any processing of your personal data which rested on this consent (GDPR Article 7 (3));

  • file complaint before a Supervisory Authority. Usually you may also do this before the Supervisory Authority responsible for your place of residence or company’s registered office.

7. Right to object

You have the right to object the processing of your personal data, if this data was processed on grounds of legitimate interest according to GDPR Article 6 (1) point (f), if you find yourself in a special situation or if the objection aims direct advertising. In the latter case, you have a general right to objection without naming a special situation. (GDPR Article 21).

If you wish to make use of your right to object, an e-mail to dp@ib-lenhardt.de will suffice.

8. Data Security

For visits on our website we use the common TLS (Transport Layer Security) procedure to secure your connection with the highest level of encryption supported by your web browser. Usually this is 256-bit encryption. If your browser does not support this, encryption will fall back to 128-bit strength. A closed-lock icon in the address bar of your browser will tell you whether or not one of our web pages is transmitted with encryption.

Furthermore, we make use of suitable technical and organizational measures in order to protect your data against manipulation, loss, destruction or the unauthorized access of third-parties. We do our best to keep up with technological evolution.

9. Currency and changes to this policy

This statement of privacy and data protection policy is currently valid and as of May 2018.

Through development of our website and offers thereon or due to changes in legal or authoritative requirements it may become necessary to change this policy.