Status: 12 April 2020
1. Name and contact details of the data controller
Data Controller: LeanOne GmbH
Address: Lohmühlenstraße 65, 12435 Berlin, Germany
Telephone: +49 (0) 30 6293 8227
Data Protection Officer: Dennis Buecker, +49 (0) 30 6293 8227
2. Collection and storage of personal data and how and why we process it When visiting the website
When you visit our website www.leanone.com, the browser used on your device automatically sends information to our website’s server. This information is temporarily stored in a log file. The following information is recorded without your intervention and stored until it is automatically deleted:
- your IP address,
- the date and time you visited,
- the name and URL of any file you accessed,
- the website you came to our website from (referrer URL),
- your browser and, where applicable, your operating system and the name of your access provider.
This information is processed by us for the following purposes:
- to guarantee a smooth connection to the website,
- to ensure that you can use our website conveniently,
- to evaluate system security and stability, and
- for other administrative purposes
The lawful basis for this data processing is Art. 6(1)(f) GDPR. Our legitimate interest is based on the data collection purposes listed above. Under no circumstances do we use the data collected for the purpose of drawing any conclusions about you personally.
3. Disclosure of data
Your personal data will not be disclosed to third parties for purposes other than those listed below. We will disclose your personal data to third parties only if:
- you have given your express consent in accordance with Art. 6(1)(a) GDPR,
- the disclosure is necessary to establish, exercise or defend legal claims in accordance with Art. 6(1)(f) GDPR and there is no reason to assume that you have any overriding legitimate interest in the non-disclosure of your data,
- the disclosure is necessary to comply with a legal obligation in accordance with Art. 6(1)(c) GDPR and
- this is permitted by law and necessary for the performance of a contract with you in accordance with Art. 6(1)(b) GDPR.
Information related to the specific device used is stored in the cookie. However, this does not mean that we obtain direct knowledge of your identity.
In addition, we also use temporary cookies to optimize user-friendliness. These are stored on your device for a certain fixed period of time. If you visit our site again to make use of our services, we will automatically recognize that you have already visited us and what entries and settings you made so that you do not have to enter them again.
The data processed by cookies is required for the purposes mentioned above to protect our legitimate interests and those of third parties in accordance with Art. 6(1)(f) GDPR.
Most browsers accept cookies automatically. However, you can configure your browser to not store cookies on your computer or to display a message before any new cookie is created. However, if you completely deactivate cookies you may not be able to use the full functionality of our website.
5. Analytics Tools
The tracking measures listed below and used by us are carried out on the basis of Art. 6(1)(f) GDPR. Our aim in using these tracking measures is to ensure that our website is designed to meet users’ needs and is continuously optimized. We also use the tracking measures to collect statistics on the use of our website and to evaluate it for the purpose of optimizing our online offering for you.
These are legitimate interests under the GDPR.
Please refer to the individual tracking tools for information on the purposes for which data is processed and the categories of data processed
i) Google Analytics
We use Google Analytics, a web analytics service from Google Inc. (https://about.google/) (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; hereinafter referred to as “Google”) for the purpose of designing our webpages to meet your needs and continuously optimizing them. In this context, pseudonymized user profiles are created and cookies (see section 4) are used. The data generated by the cookie about your use of this website, such as
- your browser type/version,
- the operating system you use,
- the referrer URL (the website you came to our website from),
- the host name of the accessing computer (your IP address),
- time of server request,
is transmitted to a Google server in the USA and stored there. The information is used to evaluate your use of this website, compile reports on website activity and provide other services related to website usage and Internet usage for the purposes of market research and to ensure that the design of these webpages meets users’ needs. This information may also be disclosed to third parties if required by law or if third parties process this data on our behalf. Your IP address will not be merged with other Google data. The IP addresses are anonymized to make it impossible to assign them to any individual (IP masking).
You can also prevent Google from collecting data generated by the cookie and related to your use of the website (including your IP address) and processing this data by downloading and installing a browser add-on (https://tools.google.com/dlpage/gaoptout?hl=en).
As an alternative to the browser add-on, especially in the case of browsers on mobile devices, you can also prevent Google Analytics from collecting the data by clicking on this link. Doing so places an opt-out cookie on your device to prevent the future collection of your data when you visit this website. The opt-out cookie is valid only in this browser and only for our website and is stored on your device. If you delete the cookies in this browser, you will need to set the opt-out cookie again.
Further information on data protection in connection with Google Analytics can be found in Google Analytics Help (https://support.google.com/analytics/answer/6004245?hl=en).
ii) Google Adwords Conversion Tracking
We also use Google Conversion Tracking to collect statistics on the use of our website and to evaluate it for the purpose of optimizing our online offering for you. If you access our website through a Google ad, Google AdWords will store a cookie (see section 4) on your computer.
These cookies expire after 30 days and do not have the purpose of personally identifying you. If a user visits certain pages of an AdWords customer’s website and the cookie stored on their computer has not yet expired, Google and the customer may discover that the user clicked on the ad and was redirected to that page.
Each AdWords customer is assigned a different cookie. Cookies therefore cannot be tracked via the websites of AdWords customers. The information collected through the conversion cookie is used to collect conversion statistics for Adwords customers who have opted for conversion tracking. Adwords customers learn the total number of users who clicked on their ad and were redirected to a page with a conversion tracking tag. However, they do not receive any information that can be used to personally identify users.
6. Rights of data subjects
You have the right:
- pursuant to Art. 15 GDPR, to request information about the personal data on you that we process. In particular, you can request information about the processing purposes; the category of personal data; the categories of recipients to whom your data has been or will be disclosed; the planned storage duration; the existence of the right to rectification, erasure and restriction of processing, and the right to object; the existence of the right to lodge a complaint; the source of your data if it is not collected by us; and the existence of automated decision-making, including profiling, and, if applicable, meaningful information about the logic applied;
- pursuant to Art. 16 GDPR, to request the correction of incorrect personal data we hold on you and to have incomplete personal data made complete without undue delay;
- pursuant to Art. 17 GDPR, to request the erasure of personal data we hold on you, provided that its processing is not required for the purpose of exercising the right of freedom of expression and information; for public interest reasons; or to establish, exercise or defend legal claims;
- pursuant to Art. 18 GDPR, to request the restriction of processing of your personal data where you contest the accuracy of the data; where the processing is unlawful but you oppose its erasure; where we no longer need the data but it is required by you to establish, exercise or defend legal claims; or where you have objected to processing pursuant to Art. 21 GDPR;
- pursuant to Art. 20 GDPR, to receive your personal data, which you provided to us, in a structured, commonly used and machine-readable format or to request that this data be transmitted to another controller;
- pursuant to Art. 7(3) GDPR, to withdraw your consent at any time. If you do so, we will no longer be allowed to continue processing your data based on this consent; and
- pursuant to Art. 77 GDPR, to lodge a complaint with a supervisory authority. You can normally contact the supervisory authority responsible for your usual place of residence or workplace or our company headquarters for this purpose.
7. Right to object
If your personal data is processed on the basis of legitimate interests in accordance with Art. 6(1)(f) GDPR, you have the right, pursuant to Art. 21 GDPR, to object to the processing of your personal data on grounds relating to your particular situation or when the objection is against direct marketing. In the latter case, you have a general right to object, which we will respect without the need for information concerning a particular situation.
If you wish to exercise your right to withdraw consent or your right to object, simply send an e-mail to email@example.com
8. Data security
When you visit our website, we use the common SSL procedure (Secure Socket Layer) in combination with the highest possible encryption level that is supported by your browser. This usually is a 256-bit encryption.
If your browser does not support 256-bit encryption, we will use 128-bit v3 technology instead. You can see by the closed key or lock icon in the lower status bar of your browser whether an individual page of our website is encrypted during transfer.
We also use suitable technical and organizational security measures to protect your data against accidental or deliberate manipulation, partial or complete loss, destruction or unauthorized access by third parties. Our security measures are continuously enhanced in line with technological developments.
1 Data protection authorities require the conclusion of a data processing agreement in order for the use of Google Analytics to be permissible. A corresponding template is available from Google at http://www.google.com/analytics/terms/de.pdf.