Privacy policy
1. Data protection at a glance
General notes
The following notes provide an overview of what happens to your personal data when you visit our website. Personal data are all data with which you can be personally identified. You will find detailed information about data protection in our data protection declaration listed under this text.
Data collection on this website
Who is responsible for the data collection on this website?
The data processing on this website is carried out by the website operator. You can find the contact details in the imprint of this website.
How we collect your data?
Your data is collected when you communicate it to us. This may be data that you enter in a contact form, for example.
Other data is automatically collected by our IT systems when you visit our website. These are mainly technical data (e.g. Internet browser, operating system or time of page visit). This data is collected automatically as soon as you enter our website.
How we use your data?
Part of the data is collected to ensure error-free provision of the website. Other data can be used to analyse your user behaviour.
What rights do you have regarding your data?
You have the right to receive information about the origin, recipient and purpose of your stored personal data free of charge at any time. You also have the right to request the correction, blocking or deletion of this data. You can contact us at any time at the address given in the imprint if you have any further questions about data protection. You also have the right of appeal to the competent supervisory authority.
Third-party analytics and tools
When you visit our website, your surfing behaviour can be statistically evaluated. This is done primarily with cookies and so-called analysis programs. The analysis of your surfing behaviour is usually anonymous; the surfing behaviour cannot be traced back to you. You may object to this analysis or prevent it by not using certain tools. You will find detailed information on this in the following data protection declaration.
You can object to this analysis. We will inform you about the possibilities of objection in this data protection declaration.
2. Hosting
We host the content of our website with the following provider:
External hosting
This website is hosted externally. The personal data collected on this website is stored on the servers of the hoster(s). This may include, but is not limited to, IP addresses, contact requests, meta and communication data, contractual data, contact data, names, website accesses and other data generated via a website.
External hosting is carried out for the purpose of contract fulfillment vis-à-vis our potential and existing customers (Art. 6 para. 1 lit. b DSGVO) and in the interest of a secure, fast and efficient provision of our online offer by a professional provider (Art. 6 para. 1 lit. f DSGVO). If a corresponding consent has been requested, the processing is based exclusively on Art. 6 para. 1 lit. a DSGVO and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user’s terminal device (e.g. device fingerprinting) within the meaning of the TTDSG. The consent can be revoked at any time.
Our hoster(s) will process your data only to the extent necessary to fulfill its performance obligations and follow our instructions with respect to such data.
We use the following hoster(s):
centron GmbH
Heganger 29
96103 Hallstadt
Job processing
We have concluded a contract on order processing (AVV) for the use of the above service. This is a contract required by data protection law, which ensures that this processes the personal data of our website visitors only according to our instructions and in compliance with the GDPR.
3. General notes and mandatory information
Data protection
The operators of these pages take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this data protection declaration.
When you use this website, various personal data is collected. Personal data are data with which you can be personally identified. This data protection declaration explains which data we collect and for what we use it. It also explains how and for what purpose this is done.
We would like to point out that data transmission over the Internet (e.g. communication by e-mail) can have security gaps. A complete protection of data against access by third parties is not possible.
Note on the responsible party
The responsible body for data processing on this website is:
Lexzau, Scharbau GmbH & Co. KG
Kap-Horn-Strasse 18
28237 Bremen
Germany
phone: (49) 421.6101 0
info@leschaco.com
Revocation of your consent to data processing
Many data processing processes are only possible with your express consent. You can revoke your consent at any time. All you need to do is send us an informal e-mail. The legality of the data processing up to the revocation remains unaffected by the revocation.
Right of appeal to the competent supervisory authority
In the event of breaches of data protection law, the person concerned has a right of appeal to the competent supervisory authority. The responsible supervisory authority for data protection issues is the data protection officer of the federal state in which our company is based. A list of data protection officers and their contact details can be found at the following link: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.
Right to data transferability
You have the right to have data which we process automatically based on your consent or in fulfilment of a contract handed over to you or to a third party in a common, machine-readable format. If you request the direct transfer of the data to another person responsible, this will only take place if it is technically feasible.
SSL or TLS encryption
This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or requests that you send to us as the site operator. You can recognize an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and is indicated by the lock symbol in your browser line.
If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.
Information, blocking, deletion
You have the right to free information about your stored personal data, their origin and recipients and the purpose of data processing and, if necessary, a right to correction, blocking or deletion of this data at any time within the scope of the applicable legal provisions. For this and other questions about personal data, you can contact us at any time at the address given in the imprint.
Objection against advertising mails
We herewith object to the use of contact data published within the scope of the imprint obligation to send unsolicited advertising and information material. The operators of these pages expressly reserve the right to take legal action in the event of unsolicited advertising information, such as spam e-mails.
Data protection officer
Statutory data protection officer
We have appointed a data protection officer for our company.
If you have any questions or complaints about the processing of your personal data, please contact our Data Protection Officer (DPO) using the contact details below:
Peter Suhren
c/o FIRST PRIVACY GmbH
Konsul-Smidt-Str. 88
28217 Bremen
E-Mail: office@first-privacy.com
Web: www.first-privacy.com
4. Data collection on this website
Cookies
Some of the Internet pages use so-called cookies. Cookies do not cause any damage to your computer and do not contain any viruses. Cookies serve to make our website more user-friendly, effective and secure. Cookies are small text files that are stored on your computer and saved by your browser.
Most of the cookies we use are so-called “session cookies”. They are automatically deleted at the end of your visit. Other cookies remain stored on your terminal until you delete them. These cookies enable us to recognize your browser the next time you visit our website.
You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. When cookies are deactivated, the functionality of this website may be restricted.
Cookies, which are necessary to carry out the electronic communication process or to provide certain functions desired by you (e.g. shopping basket function), are stored based on Art. 6 para. 1 lit. f DSGVO. The website operator has a legitimate interest in the storage of cookies for technically error-free and optimized provision of his services. If other cookies (e.g. cookies for analysing your surfing behaviour) are stored, these will be handled separately in this data protection declaration.
Consent with Borlabs Cookie
Our website uses Borlabs Cookie Consent technology to obtain your consent to the storage of certain cookies in your browser or to the use of certain technologies and to document this in accordance with data protection law. The provider of this technology is Borlabs GmbH, Rübenkamp 32, 22305 Hamburg (hereinafter Borlabs).
When you enter our website, a Borlabs cookie is stored in your browser, which stores the consents you have given or revoked. This data is not shared with the provider of Borlabs Cookie.
The collected data will be stored until you request us to delete it or delete the Borlabs cookie yourself, or until the purpose for storing the data no longer applies. Mandatory statutory retention periods remain unaffected. Details on the data processing of Borlabs Cookie can be found at https://de.borlabs.io/kb/welche-daten-speichert-borlabs-cookie/.
The use of Borlabs cookie consent technology is done in order to obtain the legally required consents for the use of cookies. The legal basis for this is Art. 6 para. 1 lit. c GDPR.
Server log files
The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:
- Browser type and version
- Operating system used
- Referrer URL
- Host name of the accessing computer
- Time of the server request
- IP address
- Response code of the severs (without reverse resolution of the IP address)
This data is not merged with other data sources.
The basis for the data processing is Art. 6 para. 1 lit. b DSGVO, which permits the processing of data for the performance of a contract or pre-contractual measures.
Request by e-mail, phone or fax
If you contact us by e-mail, telephone or fax, your inquiry including all resulting personal data (name, inquiry) will be stored and processed by us for the purpose of processing your request. We do not share this data without your consent.
The processing of this data is based on Art. 6 para. 1 lit. b DSGVO, provided that your request is related to the performance of a contract or is necessary for the performance of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective handling of the requests addressed to us (Art. 6 (1) f DSGVO) or on your consent (Art. 6 (1) a DSGVO) if this has been requested; the consent can be revoked at any time.
The data you send to us via contact requests will remain with us until you request us to delete it, revoke your consent to store it, or the purpose for storing the data no longer applies (e.g. after we have completed processing your request). Mandatory statutory provisions – in particular statutory retention periods – remain unaffected.
Comment function on this website
For the comment function on this page, in addition to your comment, information on the time of creation of the comment, your e-mail address and, if you do not post anonymously, the username you have chosen will be stored.
IP address storage
Our comment function stores the IP addresses of users who post comments. Since we do not check comments on this website before they are activated, we need this data in order to be able to take action against the author in the event of legal violations such as insults or propaganda.
Subscribe to comments
As a user of the site, you can subscribe to comments after registering. You will receive a confirmation email to verify that you are the owner of the email address provided. You can unsubscribe from this function at any time via a link in the info mails. The data entered in the context of subscribing to comments will be deleted in this case; however, if you have transmitted this data to us for other purposes and at another point (e.g. newsletter order), this data will remain with us.
Comments storage period
The comments and the associated data are stored and remain on this website until the commented content has been completely deleted or the comments have to be deleted for legal reasons (e.g. offensive comments).
Legal basis
The storage of comments is based on your consent (Art. 6 para. 1 lit. a DSGVO). You can revoke any consent you have given at any time. For this purpose, an informal message by e-mail to us is sufficient. The legality of the data processing operations already carried out remains unaffected by the revocation.
5. Social media
eRecht24 Safe Sharing Tool
The content on this website can be shared on social networks such as Facebook, Twitter & Co. in a privacy-compliant manner. This page uses the eRecht24 Safe Sharing Tool for this purpose. This tool establishes direct contact between the networks and users only when the user actively clicks on one of these buttons. The click on the button constitutes consent within the meaning of Art. 6 para. 1 lit. a DSGVO and § 25 para. 1 TTDSG. This consent can be revoked at any time with effect for the future.
An automatic transfer of user data to the operators of these platforms does not take place through this tool. If the user is logged into one of the social networks, an information window appears when using the social media elements of Facebook, Twitter & Co. where the user can confirm the text before sending it.
Our users can share the content of this site in social networks in a privacy-compliant manner without complete surfing profiles being created by the operators of the networks.
The use of the service is carried out in order to obtain the consents required by law for the use of certain technologies. The legal basis for this is Art. 6 para. 1 lit. c GDPR.
Elements of the social network Facebook are integrated on this website. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. However, according to Facebook, the collected data is also transferred to the USA and other third countries.
An overview of Facebook social media elements can be found here: https://developers.facebook.com/docs/plugins/?locale=de_DE.
When the social media element is active, a direct connection is established between your end device and the Facebook server. Facebook thereby receives the information that you have visited this website with your IP address. If you click the Facebook “Like” button while logged into your Facebook account, you can link the content of this website on your Facebook profile. This allows Facebook to associate your visit to this website with your user account. We would like to point out that we, as the provider of the pages, have no knowledge of the content of the transmitted data or its use by Facebook. For more information, please see Facebook’s privacy policy at: https://de-de.facebook.com/privacy/explanation.
Insofar as consent has been obtained, the aforementioned service is used on the basis of Art. 6 Para. 1 lit. a DSGVO and § 25 TTDSG. The consent can be revoked at any time. Unless consent has been obtained, the use of the service is based on our legitimate interest in achieving the greatest possible visibility on social media.
Insofar as personal data is collected on our website with the help of the tool described here and forwarded to Facebook, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland are jointly responsible for this data processing (Art. 26 DSGVO). The joint responsibility is limited exclusively to the collection of the data and its transfer to Facebook. The processing by Facebook that takes place after the forwarding is not part of the joint responsibility. The obligations incumbent on us jointly have been set out in a joint processing agreement. The text of the agreement can be found at: https://www.facebook.com/legal/controller_addendum. According to this agreement, we are responsible for providing the privacy information when using the Facebook tool and for implementing the tool on our website in a privacy-safe manner. Facebook is responsible for the data security of Facebook products. You can assert data subject rights (e.g. information requests) regarding the data processed by Facebook directly with Facebook. If you assert the data subject rights with us, we are obliged to forward them to Facebook.
Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum, https://de-de.facebook.com/help/566994660333381 and https://www.facebook.com/policy.php.
Functions of the Twitter service are integrated on this website. These functions are offered by Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland.
When the social media element is active, a direct connection is established between your end device and the Twitter server. Twitter thereby receives information about your visit to this website. By using Twitter and the “Re-Tweet” function, the websites you visit are linked to your Twitter account and made known to other users. We would like to point out that we, as the provider of the pages, have no knowledge of the content of the transmitted data or its use by Twitter. For more information, please see Twitter’s privacy policy at: https://twitter.com/de/privacy.
Insofar as consent has been obtained, the aforementioned service is used on the basis of Art. 6 Para. 1 lit. a DSGVO and § 25 TTDSG. The consent can be revoked at any time. Unless consent has been obtained, the use of the service is based on our legitimate interest in achieving the greatest possible visibility on social media.
Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://gdpr.twitter.com/en/controller-to-controller-transfers.html.
You can change your Twitter privacy settings in your account settings at https://twitter.com/account/settings.
Our website uses functions of the LinkedIn network. The provider is LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA.
Each time one of our pages containing LinkedIn functions is accessed, a connection to LinkedIn servers is established. LinkedIn is informed that you have visited our web pages with your IP address. If you click the “Recommend Button” of LinkedIn and are logged into your account at LinkedIn, it is possible for LinkedIn to assign your visit to our website to you and your user account. We would like to point out that we, as the provider of the pages, have no knowledge of the content of the transmitted data or its use by LinkedIn.
For more information, please see LinkedIn’s privacy policy at: https://www.linkedin.com/legal/privacy-policy.
Our website uses functions of the XING network. The provider is XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany.
Each time one of our pages containing XING functions is called up, a connection to XING servers is established. As far as we are aware, no personal data is stored in the process. In particular, no IP addresses are stored or usage behavior evaluated.
For further information on data protection and the XING Share button, please refer to XING’s privacy policy at: https://www.xing.com/app/share?op=data_protection.
Our website uses functions of WeChat. The provider is Tencent Holdings Limited, Nanshan District, Shenzhen, China. Each time you visit WeChat using the QR code on our website, WeChat uses third parties for support services, such as SMS service providers for account verification, mapping and points-of-interest services, translation services, and support services. WeChat uses these third party services solely to process or store your data for the purposes described in this policy. WeChat also shares your information with affiliated group companies of Tencent and as required by law. Except for the purposes previously mentioned, WeChat will not share your information with third parties without your prior express consent. We would like to point out that we, as the provider of the pages, have no knowledge of the content of the transmitted data or its use by WeChat. For more information, please see WeChat’s privacy policy:
https://www.wechat.com/de/privacy_policy.html#pp_how.
6. Analysis tools and advertising
WP Statistics
This website uses the WP Statistics analysis tool to statistically evaluate visitor traffic. Provider is Veronalabs, Tatari 64, 10134, Tallinn, Estonia(https://veronalabs.com).
WP Statistics allows us to analyze the use of our website. WP Statistics collects log files (IP address, referrer, browser used, origin of the user, search engine used) and actions that website visitors have taken on the page (e.g. clicks and views).
The data collected with WP Statistics is stored exclusively on our own server.
The use of this analysis tool is based on Art. 6 para. 1 lit. f GDPR. We have a legitimate interest in the anonymized analysis of user behavior in order to optimize both our website and our advertising. If a corresponding consent has been requested, the processing is based exclusively on Art. 6 para. 1 lit. a DSGVO and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user’s terminal device (e.g. device fingerprinting) within the meaning of the TTDSG. The consent can be revoked at any time.
IP anonymization
We use WP Statistics with anonymized IP. Your IP address is shortened so that it can no longer be directly assigned to you.
Jetpack
The controller has integrated Jetpack on this website. Jetpack is a WordPress plug-in that provides additional functionality to the operator of a website built on WordPress. Jetpack allows the website operator, among other things, an overview of the visitors to the page. Furthermore, by displaying related posts and publications or the possibility to share content on the page, it is possible to increase the number of visitors. In addition, security features are integrated into Jetpack, so that a website using Jetpack is better protected against brute force attacks. Jetpack also optimizes and speeds up the loading of images integrated on the website. The operating company of the Jetpack plug-in for WordPress is Automattic Inc, 132 Hawthorne Street, San Francisco, CA 94107, USA. The operating company uses the tracking technology of Quantcast Inc, 201 Third Street, San Francisco, CA 94103, USA.
Jetpack sets a cookie on the information technology system of the data subject. What cookies are has already been explained above. Each time a data subject accesses one of the individual pages of this website operated by the data controller on which a Jetpack component has been integrated, the Internet browser on the data subject’s information technology system is automatically triggered by the respective Jetpack component to transmit data to Automattic for analysis purposes. As part of this technical procedure, Automattic obtains knowledge of data that is subsequently used to create an overview of website visits. The data obtained in this way is used to analyze the behavior of the data subject who has accessed the website of the controller and is evaluated with the aim of optimizing the website. The data collected via the Jetpack component will not be used to identify the data subject without first obtaining the data subject’s separate express consent. The data will also be made available to Quantcast. Quantcast uses the data for the same purposes as Automattic. The data subject can prevent the setting of cookies by our website, as already described above, at any time by means of an appropriate setting of the Internet browser used and thus permanently object to the setting of cookies. Such a setting of the Internet browser used would also prevent Automattic/Quantcast from setting a cookie on the information technology system of the data subject. In addition, cookies already set by Automattic can be deleted at any time via the Internet browser or other software programs. Furthermore, the data subject has the possibility to object to the collection of data generated by the Jetpack cookie and related to a use of this website as well as to the processing of such data by Automattic/Quantcast and to prevent such processing. For this purpose, the data subject must press the opt-out button under the link https://www.quantcast.com/opt-out/, which sets an opt-out cookie. The opt-out cookie set with the objection is stored on the information technology system used by the data subject. If the cookies on the data subject’s system are deleted after an objection, the data subject must call up the link again and set a new opt-out cookie. However, with the setting of the opt-out cookie, there is the possibility that the Internet pages of the controller are no longer fully usable for the data subject. Automattic’s applicable privacy policy is available at https://automattic.com/privacy/. Quantcast’s applicable privacy policy is available at https://www.quantcast.com/privacy/.
7. Plugins and tools
YouTube with enhanced privacy
This website embeds videos from the website YouTube. The operator of the pages is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
We use YouTube in extended data protection mode. According to YouTube, this mode causes YouTube not to store information about visitors to this website before they watch the video. The transfer of data to YouTube partners, on the other hand, is not necessarily excluded by the extended data protection mode. Thus, YouTube – regardless of whether you watch a video – connects to the Google DoubleClick network.
As soon as you start a YouTube video on this website, a connection to YouTube’s servers is established. This tells the YouTube server which of our pages you have visited. If you are logged into your YouTube account, you enable YouTube to associate your browsing behavior directly with your personal profile. You can prevent this by logging out of your YouTube account.
Furthermore, YouTube may store various cookies on your end device after starting a video or use comparable recognition technologies (e.g. device fingerprinting). In this way, YouTube can obtain information about visitors to this website. This information is used, among other things, to collect video statistics, improve the user experience, and prevent fraud attempts.
If necessary, further data processing operations may be triggered after the start of a YouTube video, over which we have no control.
YouTube is used in the interest of an appealing presentation of our online offers. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. If a corresponding consent has been requested, the processing is based exclusively on Art. 6 para. 1 lit. a DSGVO and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user’s terminal device (e.g. device fingerprinting) within the meaning of the TTDSG. The consent can be revoked at any time.
For more information about privacy at YouTube, please see their privacy policy at: https://policies.google.com/privacy?hl=de.
Google Maps
This site uses the map service Google Maps. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
To use the functions of Google Maps, it is necessary to store your IP address. This information is usually transferred to a Google server in the USA and stored there. The provider of this site has no influence on this data transmission. If Google Maps is enabled, Google may use Google Fonts for the purpose of uniform font display. When you call up Google Maps, your browser loads the required web fonts into your browser cache in order to display texts and fonts correctly.
Google Maps is used in the interest of an appealing presentation of our online offers and to make it easy to find the places we indicate on the website. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. If a corresponding consent has been requested, the processing is based exclusively on Art. 6 para. 1 lit. a DSGVO and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user’s terminal device (e.g. device fingerprinting) within the meaning of the TTDSG. The consent can be revoked at any time.
Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://privacy.google.com/businesses/gdprcontrollerterms/ and https://privacy.google.com/businesses/gdprcontrollerterms/sccs/.
You can find more information on the handling of user data in Google’s privacy policy: https://policies.google.com/privacy?hl=de.
Google reCAPTCHA
We use “Google reCAPTCHA” (hereinafter “reCAPTCHA”) on this website. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
The purpose of reCAPTCHA is to verify whether the data entry on this website (e.g. in a contact form) is made by a human or by an automated program. For this purpose, reCAPTCHA analyzes the behavior of the website visitor based on various characteristics. This analysis starts automatically as soon as the website visitor enters the website. For analysis, reCAPTCHA evaluates various information (e.g. IP address, time spent by the website visitor on the website or mouse movements made by the user). The data collected during the analysis is forwarded to Google.
The reCAPTCHA analyses run completely in the background. Website visitors are not made aware that an analysis is taking place.
The storage and analysis of the data is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in protecting its web offerings from abusive automated spying and from SPAM. If a corresponding consent has been requested, the processing is based exclusively on Art. 6 para. 1 lit. a DSGVO and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user’s terminal device (e.g. device fingerprinting) within the meaning of the TTDSG. The consent can be revoked at any time.
For more information about Google reCAPTCHA, please see the Google Privacy Policy and the Google Terms of Service at the following links: https://policies.google.com/privacy?hl=de and https://policies.google.com/terms?hl=de.D