Privacy Policy

Status: 12 April 2020

This privacy policy clarifies what personal data (hereinafter referred to as “data”) is processed, and how and why it is processed, within our online offering and the websites, functions and content connected with it as well as any external online presence, such as our social media profiles (hereinafter jointly referred to as our “online offering”). All other terms, e.g. “personal data” and their “processing”, are used as defined in Art. 4 of the General Data Protection Regulation (GDPR).

1. Name and contact details of the data controller

This privacy policy applies to the data processing carried out by::

Data Controller: LeanOne GmbH
Address: Lohmühlenstraße 65, 12435 Berlin, Germany
Telephone: +49 (0) 30 6293 8227
Data Protection Officer: Dennis Buecker, +49 (0) 30 6293 8227

2. Collection and storage of personal data and how and why we process it When visiting the website

When you visit our website, the browser used on your device automatically sends information to our website’s server. This information is temporarily stored in a log file. The following information is recorded without your intervention and stored until it is automatically deleted:

  • your IP address,
  • the date and time you visited,
  • the name and URL of any file you accessed,
  • the website you came to our website from (referrer URL),
  • your browser and, where applicable, your operating system and the name of your access provider.

This information is processed by us for the following purposes:

  • to guarantee a smooth connection to the website,
  • to ensure that you can use our website conveniently,
  • to evaluate system security and stability, and
  • for other administrative purposes

The lawful basis for this data processing is Art. 6(1)(f) GDPR. Our legitimate interest is based on the data collection purposes listed above. Under no circumstances do we use the data collected for the purpose of drawing any conclusions about you personally.

In addition, we use cookies and analytics services when you visit our website. You will find more details on this under sections 4 and 5 of this privacy policy.

3. Disclosure of data

Your personal data will not be disclosed to third parties for purposes other than those listed below. We will disclose your personal data to third parties only if:

  • you have given your express consent in accordance with Art. 6(1)(a) GDPR, 
  • the disclosure is necessary to establish, exercise or defend legal claims in accordance with Art. 6(1)(f) GDPR and there is no reason to assume that you have any overriding legitimate interest in the non-disclosure of your data,
  • the disclosure is necessary to comply with a legal obligation in accordance with Art. 6(1)(c) GDPR and
  • this is permitted by law and necessary for the performance of a contract with you in accordance with Art. 6(1)(b) GDPR.

4. Cookies

We use cookies on our website. These are small files that are automatically created by your browser and stored on your device (laptop, tablet, smartphone or similar) when you visit our site. Cookies do not cause any damage to your device and do not contain viruses, Trojans or other malware.

Information related to the specific device used is stored in the cookie. However, this does not mean that we obtain direct knowledge of your identity.

The use of cookies serves partly to improve the experience of using of our online offering. For example, we use session cookies to recognize that you have already visited individual pages of our website. These cookies are automatically deleted when you leave our site.

In addition, we also use temporary cookies to optimize user-friendliness. These are stored on your device for a certain fixed period of time. If you visit our site again to make use of our services, we will automatically recognize that you have already visited us and what entries and settings you made so that you do not have to enter them again.

We also use cookies to collect statistics on the use of our website and to evaluate it for the purpose of optimizing our online offering for you (see section 5). These cookies enable us to automatically recognize that you have already visited us when you visit our site again. These cookies are automatically deleted after a defined period of time.

The data processed by cookies is required for the purposes mentioned above to protect our legitimate interests and those of third parties in accordance with Art. 6(1)(f) GDPR.

Most browsers accept cookies automatically. However, you can configure your browser to not store cookies on your computer or to display a message before any new cookie is created. However, if you completely deactivate cookies you may not be able to use the full functionality of our website.

5. Analytics Tools

The tracking measures listed below and used by us are carried out on the basis of Art. 6(1)(f) GDPR. Our aim in using these tracking measures is to ensure that our website is designed to meet users’ needs and is continuously optimized. We also use the tracking measures to collect statistics on the use of our website and to evaluate it for the purpose of optimizing our online offering for you. 

These are legitimate interests under the GDPR.

Please refer to the individual tracking tools for information on the purposes for which data is processed and the categories of data processed

i) Google Analytics

We use Google Analytics, a web analytics service from Google Inc. ( (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; hereinafter referred to as “Google”) for the purpose of designing our webpages to meet your needs and continuously optimizing them. In this context, pseudonymized user profiles are created and cookies (see section 4) are used. The data generated by the cookie about your use of this website, such as

  • your browser type/version,
  • the operating system you use,
  • the referrer URL (the website you came to our website from),
  • the host name of the accessing computer (your IP address),
  • time of server request,

is transmitted to a Google server in the USA and stored there. The information is used to evaluate your use of this website, compile reports on website activity and provide other services related to website usage and Internet usage for the purposes of market research and to ensure that the design of these webpages meets users’ needs. This information may also be disclosed to third parties if required by law or if third parties process this data on our behalf. Your IP address will not be merged with other Google data. The IP addresses are anonymized to make it impossible to assign them to any individual (IP masking).

You may decline the use of cookies by selecting the appropriate settings on your browser. However, please note that if you do this you may not be able to use the full functionality of this website.

You can also prevent Google from collecting data generated by the cookie and related to your use of the website (including your IP address) and processing this data by downloading and installing a browser add-on (

As an alternative to the browser add-on, especially in the case of browsers on mobile devices, you can also prevent Google Analytics from collecting the data by clicking on this link. Doing so places an opt-out cookie on your device to prevent the future collection of your data when you visit this website. The opt-out cookie is valid only in this browser and only for our website and is stored on your device. If you delete the cookies in this browser, you will need to set the opt-out cookie again.

Further information on data protection in connection with Google Analytics can be found in Google Analytics Help (

ii) Google Adwords Conversion Tracking

We also use Google Conversion Tracking to collect statistics on the use of our website and to evaluate it for the purpose of optimizing our online offering for you. If you access our website through a Google ad, Google AdWords will store a cookie (see section 4) on your computer. 

These cookies expire after 30 days and do not have the purpose of personally identifying you. If a user visits certain pages of an AdWords customer’s website and the cookie stored on their computer has not yet expired, Google and the customer may discover that the user clicked on the ad and was redirected to that page.

Each AdWords customer is assigned a different cookie. Cookies therefore cannot be tracked via the websites of AdWords customers. The information collected through the conversion cookie is used to collect conversion statistics for Adwords customers who have opted for conversion tracking. Adwords customers learn the total number of users who clicked on their ad and were redirected to a page with a conversion tracking tag. However, they do not receive any information that can be used to personally identify users.

If you do not wish to participate in this tracking, you may refuse to accept cookies, for example by changing your browser settings to disable automatic cookies. You can also disable cookies for conversion tracking by setting your browser to block cookies from the domain “”. Google’s privacy policy on conversion tracking can be found here (

6. Rights of data subjects

You have the right:

  • pursuant to Art. 15 GDPR, to request information about the personal data on you that we process. In particular, you can request information about the processing purposes; the category of personal data; the categories of recipients to whom your data has been or will be disclosed; the planned storage duration; the existence of the right to rectification, erasure and restriction of processing, and the right to object; the existence of the right to lodge a complaint; the source of your data if it is not collected by us; and the existence of automated decision-making, including profiling, and, if applicable, meaningful information about the logic applied;
  • pursuant to Art. 16 GDPR, to request the correction of incorrect personal data we hold on you and to have incomplete personal data made complete without undue delay;
  • pursuant to Art. 17 GDPR, to request the erasure of personal data we hold on you, provided that its processing is not required for the purpose of exercising the right of freedom of expression and information; for public interest reasons; or to establish, exercise or defend legal claims;
  • pursuant to Art. 18 GDPR, to request the restriction of processing of your personal data where you contest the accuracy of the data; where the processing is unlawful but you oppose its erasure; where we no longer need the data but it is required by you to establish, exercise or defend legal claims; or where you have objected to processing pursuant to Art. 21 GDPR;
  • pursuant to Art. 20 GDPR, to receive your personal data, which you provided to us, in a structured, commonly used and machine-readable format or to request that this data be transmitted to another controller;
  • pursuant to Art. 7(3) GDPR, to withdraw your consent at any time. If you do so, we will no longer be allowed to continue processing your data based on this consent; and
  • pursuant to Art. 77 GDPR, to lodge a complaint with a supervisory authority. You can normally contact the supervisory authority responsible for your usual place of residence or workplace or our company headquarters for this purpose.

7. Right to object

If your personal data is processed on the basis of legitimate interests in accordance with Art. 6(1)(f) GDPR, you have the right, pursuant to Art. 21 GDPR, to object to the processing of your personal data on grounds relating to your particular situation or when the objection is against direct marketing. In the latter case, you have a general right to object, which we will respect without the need for information concerning a particular situation.

If you wish to exercise your right to withdraw consent or your right to object, simply send an e-mail to

8. Data security

When you visit our website, we use the common SSL procedure (Secure Socket Layer) in combination with the highest possible encryption level that is supported by your browser. This usually is a 256-bit encryption. 

If your browser does not support 256-bit encryption, we will use 128-bit v3 technology instead. You can see by the closed key or lock icon in the lower status bar of your browser whether an individual page of our website is encrypted during transfer. 

We also use suitable technical and organizational security measures to protect your data against accidental or deliberate manipulation, partial or complete loss, destruction or unauthorized access by third parties. Our security measures are continuously enhanced in line with technological developments.

9. Updates and changes to this privacy policy

This privacy policy is currently valid and dated April 2020.

It may be necessary to amend this privacy policy as a result of the further development of our website and online offering or due to amended legal or regulatory requirements. You can retrieve and print out the latest privacy policy from this website at any time.

1 Data protection authorities require the conclusion of a data processing agreement in order for the use of Google Analytics to be permissible. A corresponding template is available from Google at