Privacy policy

Your data is save with us.
 

I.    Name and address of the controller


The controller pursuant to the General Data Protection Regulation, other national data protection laws of the member states, and other data protection provisions is as follows:

LKWnow GmbH
Siebenstücken 18 
24558 Henstedt-Ulzburg
Germany

Represented by Managing Director Alexander Grelck

Contact data: 

Email: [email protected]
Phone: +49-4193-7508010
Website: www.lkwnow.eu

Amtsgericht (Local Court of) Kiel file number: HRB 18535 KI

VAT ID: DE 311 557 089

Controller pursuant to data protection laws: Alexander Grelck, Siebenstücken 18, 
24558 Henstedt-Ulzburg
 

II.    General information on data processing

1.    Extent to which personal data are processed
We process our users’ personal data only to the extent required to ensure that our website, content and services function properly. As a rule, we only process a user’s personal data subject to obtaining that person’s consent. We may have to make exceptions to this rule where it is de facto not possible to obtain the corresponding user’s prior consent and where processing of the data is permitted by law. 

2.    The legal basis for processing personal data
Where we obtain the data subject’s consent for the processing of his/her personal data, point (a) of Article 6(1) General Data Protection Regulation (GDPR) serves as the legal basis.
Point (b) of Article 6(1) GDPR serves as the legal basis for the processing of personal data necessary for the performance of a contract to which the data subject is party. This also applies where processing is necessary to take steps at the request of the data subject prior to entering into a contract.
Where the processing of personal data is necessary for compliance with a legal obligation to which our company is subject, point (c) of Article 6(1) GDPR serves as the legal basis.
Where the processing of personal data is necessary to protect the vital interests of the data subject or of another natural person, point (d) of Article 6(1) GDPR serves as the legal basis.
Where data processing is necessary for the purposes of the legitimate interests pursued by our company or by a third party, provided such interests are not overridden by the interests or fundamental rights and freedoms of the data subject, point (f) of Article 6(1) GDPR serves as the legal basis for said processing. 
3.    Data erasure and duration of storage
The personal data of the data subject shall be erased or blocked as soon as the purpose for which they were stored no longer applies. The data may be stored for longer insofar as European or national legislators have provided accordingly in EU regulations, laws or other provisions to which the controller is subject. The data shall also be blocked or erased if a storage period set forth in such regulations, laws or other provisions expires, unless continued storage of the data is necessary for the conclusion or performance of a contract.


III.    Availability of the website, creation of log files


1.    Description and extent of data processing
Each time our website is accessed, our system automatically collects data and information from the accessing computer's system. 
The following data are collected thereby:
(1)    Information about the browser type and version used
(2)    The user’s operating system
(3)    The user’s internet service provider
(4)    The user’s IP address
(5)    The date and time of access
(6)    Websites via which the user’s system accessed our website 
(7)    Websites accessed by the user’s system via our website
The data are stored in our system’s log files. These data are not stored together with other personal data of the user. The log files contain IP addresses and other data that facilitate user identification. Such identification could occur, for example, if the link via which the user accesses our website or the link to the website to which the user switches contains personal data.
2.    The legal basis for data processing 
The legal basis for the temporary storage of data and log files is point (f) of Article 6(1) GDPR.
3.    The purposes of data processing
The system needs to temporarily store the IP address to facilitate delivery of the website to the user’s computer. The user’s IP address must remain stored for the entire duration of the session. 

The process of storing log files serves to ensure the website’s functionality. The corresponding data is also used to optimise the website and ensure the security of our information technology systems. The data do not undergo analysis for marketing purposes in this context. 

Another purpose of data processing is our legitimate interest in such data processing pursuant to point (f) of Article 6(1) GDPR.
4.    The duration of data storage
The data will be deleted as soon as they are no longer necessary to achieve the purposes for which they were collected. Where data are collected for purposes of providing the website, the time at which the data become unnecessary is the time at which the session in question ends. 

Where the data are stored in log files, the time at which they become unnecessary is 30 days after their storage at the latest. Data can be stored for longer periods, however. In such cases, the IP addresses of the users are deleted or anonymised so as to prevent identification of the accessing person.
5.    Right to object and right to erasure
Providing access to the website requires the collection of data and the storage thereof in log files. Such collection and storage is therefore essential to website operation. The user’s right to object therefore does not apply in this context. 


IV.    Use of cookies


A) Description and extent of data processing
Our website uses cookies. Cookies are small text files that are stored by a web browser on the user’s computer. When a user visits a website, a cookie is stored on the user's operating system. This cookie contains a distinguishing string of characters that enable the respective browser to be uniquely identified the next time the website is accessed. 
We use cookies to make our website more user-friendly. Some elements of our website require that the accessing browser be identified even after a page change. 
The following data is stored and transmitted in the cookies:
(1)    Language settings
(2)    Login information
b) The legal basis for data processing 
The legal basis for the processing of personal data using cookies is point (f) of Article 6(1) GDPR.

c) The purposes of data processing
Cookies are technically necessary elements whose purpose is to simplify the use of websites for users. Some functions of our website cannot be offered without the use of cookies as they require recognition of the browser even after a page change.

We need cookies for the following applications:
(1)    Assumption of language settings
The user data collected through cookies are not used to create user profiles.

The aforementioned purposes include our legitimate interest in data processing pursuant to point (f) of Article 6(1) GDPR. 
d) Duration of data storage, objection to use of data, removal of data
Cookies are stored on the user's computer, from where they are then transmitted to our website. You as a user have full control over the use of such cookies in that you can change your web browser's settings to deactivate or restrict the transmission of cookies. Cookies already stored can be deleted at any time. This can take place automatically. If a user deactivates cookies for our website, this may render him/her unable to fully use some of our website’s functionalities.


V.  Registration 


1.    Description and extent of data processing
Users can register with us via our website. This process requires them to enter certain personal data via an online form. This data is transmitted to us and stored; it is not forwarded to third parties. The following data is collected as part of the registration process:

(1)    Company name and address, including the country 
(2)    VAT ID number 
(3)    First and last name 
(4)    Telephone number  
(5)    Fax number
(6)    Email address(es)
(7)    Commercial register number and registry court
At the time the registration takes place, the following data will additionally be stored:
(1)    The user’s IP address
(2)    Date and time of the registration
As part of the registration process, the user's consent to the processing of these data is obtained. The data collected during the registration process (e.g. company profile) will moreover be published on the platform so as to allow registered users to view such data and subsequently interact with each other.  The user may also publish a company logo and the languages spoken at the company.  
2.    The legal basis for data processing 
Point (a) of Article 6(1) GDPR serves as the legal basis for processing data based on the user’s consent.

If registration is performed for purposes of fulfilling a contract to which the user is a party, or of taking measures prior to entering into a contract, the additional legal basis for the data processing is point (b) of Article 6(1) GDPR.
3.    The purposes of data processing
To comply with the contract of use for our platform, users must register under www.lkwnow.eu. 
4.    The duration of data storage
The data will be deleted as soon as they are no longer necessary to achieve the purposes for which they were collected. 

Where data is obtained as part of the registration process required to fulfil a contract or to take steps prior to entering into a contract, then this applies when the data are no longer necessary for the purposes of fulfilling the contract. The requirement to collect and store personal data concerning the contracting partner may continue to exist after a contract has been entered into, for example where data processing is necessary to comply with contractual or statutory obligations.

5.    Right to object and right to erasure
As a user, you are entitled to cancel your registration at any time. Users are moreover entitled to have the stored data concerning them amended at any time.  To have such data erased, users must simply send an email to [email protected] 


Data that are required to fulfil a contract or take steps prior to entering into a contract can only be prematurely erased if there are no contractual or statutory obligations to the contrary. 


VI.    Contact


1.    Description and extent of data processing
Our website contains a feedback form that can be used to contact us via electronic means. If a user makes use of this form, then the data entered into it are transmitted to and stored by us. The user is neither required nor advised to provide any personal data here. 

At the time the message is sent, the following data will additionally be stored:

(1)    The user’s IP address
(2)    The date and time at which the message was sent

Alternatively, users can contact us by using the email address or telephone number provided.  Here, the personal data concerning the user that are conveyed in the email will be stored. 

2.    The legal basis for data processing 
Point (a) of Article 6(1) GDPR serves as the legal basis for processing data based on the user’s consent.

The legal basis for processing data transmitted in the course of sending an email is point (f) of Article 6(1) GDPR. If the purpose of sending the email is to conclude a contract, the additional legal basis for processing is point (b) of Article 6(1) GDPR. 

3.    The purposes of data processing
The processing of personal data obtained from the feedback form is performed solely for purposes of collecting feedback. If you contact us by email, then feedback collection is the legitimate interest on which the data processing is based.
Any other personal data processed during the process of sending an email serve to prevent misuse of the contact form and to ensure the security of our information technology systems.
4.    The duration of data storage
The data will be deleted as soon as they are no longer necessary to achieve the purposes for which they were collected. Where data is obtained from feedback forms or emails sent to us, then this applies when the respective conversation with the user has come to an end, or when the data are no longer necessary. We check the data every two years to establish whether or not it is still necessary.  A conversation is considered to have come to an end when the circumstances indicate that the subject matter has been conclusively clarified. 

5.    Right to object and right to erasure
Users are entitled to withdraw their consent to the processing of personal data at any time. If a user contacts us by email, then he/she is entitled to withdraw his/her consent to the storage of personal data at any time. In such an event, the corresponding conversation can no longer be continued

and all personal data stored in the course of the email communications will be erased.


VII.    Rights of the data subject


If your personal data are processed, then you are a data subject pursuant to the GDPR and, as such, have the following rights vis-à-vis the controller:
1.    Right of access by the data subject
Users have the right to obtain from the controller confirmation as to whether or not personal data concerning them are being processed by us. 
Where that is the case, users may demand that the controller provide them with the following information:
(1)    the purposes of the processing; 

(2)    the categories of personal data concerned;
(3)    the recipients or categories of recipient to whom the personal data have been or will be disclosed;
(4)    the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
(5)    the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing; 
(6)    the right to lodge a complaint with a supervisory authority;
(7)    where the personal data are not collected from the data subject, any available information as to their source;
(8)    the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
Users have the right to be informed about whether personal data concerning them are transferred to a third country or to an international organisation and, in this context, to be informed of the appropriate safeguards pursuant to Article 46 GDPR relating to the transfer.
2.    Right to rectification 
Users shall have the right to obtain from the controller the rectification or completion of inaccurate or incomplete personal data concerning them. The controller shall perform such correction without undue delay.
3.    Right to restriction of processing
Users shall have the right to obtain from the controller restriction of processing where one of the following applies:
(1)    the accuracy of the pertinent personal data is contested by the user for a period enabling the controller to verify the accuracy of the personal data;
(2)    the processing is unlawful and the user opposes the erasure of the personal data and requests the restriction of their use instead;
(3)    the controller no longer needs the personal data for the purposes of the processing, but they are required by the user for the establishment, exercise or defence of legal claims; or
(4)    the user has objected to processing pursuant to Article 21(1) GDPR pending the verification whether the legitimate grounds of the controller override those of the data subject.
Where processing of personal data concerning the user has been restricted, such personal data shall, with the exception of storage, only be processed with the data subject’s consent or for the establishment, exercise or defence of legal claims, or for the protection of the rights of another natural or legal person, or for reasons of important public interest of the Union or of a Member State.
Users who have obtained restriction of processing pursuant to the foregoing shall be informed by the controller before the restriction of processing is lifted.
4.    Right to erasure
a)    Obligation to erase
The user shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:
(1)    the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
(2)    the user withdraws consent on which the processing is based according to point (a) of Article 6(1), or point (a) of Article 9(2) GDPR, and where there is no other legal ground for the processing; 
(3)    the user objects to the processing pursuant to Article 21(1) GDPR and there are no overriding legitimate grounds for the processing, or the user objects to the processing pursuant to Article 21(2) GDPR; 
(4)    the personal data concerning the user have been unlawfully processed; 
(5)    the personal data concerning the user have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject; 
(6)    the personal data concerning the user have been collected in relation to the offer of information society services referred to in Article 8(1) GDPR.
b)    Information provided to third parties
Where the controller has made the personal data public and is obliged pursuant to Article 17(1) GDPR to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that the user has requested the erasure by such controllers of any links to, or copy or replication of, those personal data. 
c)    Exceptions
The right to erasure shall not apply to the extent that processing is necessary
(1)    for exercising the right of freedom of expression and information;
(2)    for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
(3)    for reasons of public interest in the area of public health in accordance with points (h) and (i) of Article 9(2) as well as Article 9(3) GDPR;
(4)    for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) GDPR in so far as the right referred to in paragraph 1 is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
(5)    for the establishment, exercise or defence of legal claims.
5.    Right to notification
If the user has asserted his/her right to rectify, erase or restrict data processing vis-à-vis the controller, then the controller is obliged to notify all recipients to whom personal data concerning the user have been disclosed of this rectification, erasure or processing restriction, unless such notification proves impossible or involves disproportionate effort.
The controller shall inform the user about those recipients if the data subject requests it.
6.    Right to data portability
Users shall have the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format. Users shall moreover have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where: 

(1)    the processing is based on consent pursuant to point (a) of Article 6(1) or point (a) of Article 9(2) GDPR or on a contract pursuant to point (b) of Article 6(1) GDPR; and
(2)    the processing is carried out by automated means.
In exercising this right to data portability, the user shall moreover have the right to have the personal data transmitted directly from one controller to another, where technically feasible. This shall be without prejudice to the freedoms and rights of other persons.
The right to data portability shall not apply to personal data processing that is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
7.    Right to object
Users shall have the right to object, on grounds relating to their particular situation, at any time to processing of personal data concerning them which is based on point (e) or (f) of Article 6(1) GDPR, including profiling based on those provisions. 
The controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the user or for the establishment, exercise or defence of legal claims.
Where personal data concerning the user are processed for direct marketing purposes, the user shall have the right to object at any time to processing of personal data concerning him or her for such marketing, which includes profiling to the extent that it is related to such direct marketing.
Where the user objects to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes.
In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, users may exercise their right to object by automated means using technical specifications.
8.    Right to withdraw consent provided under data protection law
Users shall have the right to withdraw their consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
9.    Automated individual decision-making, including profiling
Users shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning them or affects them in a similarly significant manner. This shall not apply if the decision: 
(1)    is necessary for entering into, or performance of, a contract between the respective user and a data controller;
(2)    is authorised by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard the user’s rights and freedoms and legitimate interests; or
(3)    is based on the user’s explicit consent.
The decisions referred to shall not be based on special categories of personal data referred to in Article 9(1) GDPR, unless point (a) or (g) of Article 9(2) GDPR applies and suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests are in place.
In the cases referred to in points (1) and (3), the data controller shall implement suitable measures to safeguard the user’s rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express his or her point of view and to contest the decision.
10.    Right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, users have the right to lodge a complaint with a supervisory authority, in particular in the Member State of his or her habitual residence, place of work or place of the alleged infringement if they consider that the processing of personal data relating to them infringes the GDPR. 
The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Article 78 GDPR.


VIII.    Forwarding data to third parties


1.     Forwarding personal data for order processing purposes
PAYONE payment services provider
Payments made via the SEPA direct debit system are made via “PAYONE”, a service of BS PAYONE GmbH “PAYONE”, Lyoner Straße 9, D-60528 Frankfurt/Main. PAYONE is certified according to the Payment Card Industry Data Security Standard (PCI DSS). Users’ account data are collected and processed by PAYONE; they are not stored by us.

The user’s payment data will only be transmitted to the aforementioned payment service provider where required for payment processing purposes. The corresponding legal basis is point (b) of Article 6(1) GDPR.
The use of the aforementioned payment service is subject to the terms and conditions and data privacy statement of the provider. The user will be informed of this separately before using the respective service.
The PAYONE data privacy statement can be accessed via the following link: https://www.bspayone.com/DE/de/privacy
 

2.    Google Maps
Our website and services use Google Maps maps via an API to visually display geographical information. Google Maps is a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. . The data processed in this regard includes users’ IP addresses and location data.  The legal basis for such processing is point (b) of Article 6(1) GDPR. This is because the IP address is required to provide users with the corresponding information. Our collaboration with Google in connection with such processing is governed by a joint responsibility arrangement as per Article 26 GDPR accessible via the following link https://privacy.google.com/intl/de/businesses/mapscontrollerterms/ . 
Google’s data privacy statement can be accessed via the following link: https://www.google.com/policies/privacy/. An opt-out setting is available via the following link https://www.google.com/settings/ads/. Users can access further useful information via the following link: https://support.google.com/accounts/answer/3024190.

 

3. Google Analytics
We use Google Analytics, a web analysis service from Google, on our website. Google Analytics uses cookies that are saved to your computer and allow us to analyse your use of the website. The information generated by the cookie about your use of the website is usually transmitted to and stored by Google on servers in the USA. We have activated IP anonymisation on our websites. This means that your IP address is shortened by Google within EU member states or in other EEA Agreement states before being transferred. Google will use this information for the purpose of evaluating your use of the website, to compile reports on website activity and to provide other services to us relating to website activity and internet usage. The IP address transferred from your as part of Google Analytics will not be connected with other data from Google. You can prevent cookies being saved by using the relevant browser software settings. In addition, you can prevent collection of data created by cookies (including your IP address) as well as the processing of this data via Google Analytics by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de. The use of alternative plug-ins or deactivating all cookies in your browser settings will also prevent analysis of your user behaviour.

Alternatively, you can opt-out of the use of your data under the following link. This will set an opt-out cookie which will prevent future collection of your data when visiting our website: Google Analytics deaktivieren.

Warning: Warning: if you delete your cookies, this will also delete the opt-out cookie which may then need to be reactivated.

The provider is Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Irland.

You can find more information on data protection at Google Inc. at: https://www.google.com/intl/de/policies/privacy/


4.    YouTube video platform
We incorporate videos from the video portal YouTube into our website. YouTube is a service provided by YouTube, LLC 901 Cherry Avenue, San Bruno, CA, 94066 USA, a company belonging to Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Whenever a user visits one of our websites containing a YouTube video clip, a direct connection is established between that user’s browser and a YouTube server in the US. YouTube then stores information about the user’s visit and IP address. Without the IP address, YouTube cannot send the content to the user’s browser. An IP address is therefore essential to displaying such content. According to the information provided by YouTube, the “- extended data protection mode -” that we use means that data (in particular, data concerning the websites visited by the user) are only transmitted to the YouTube server if the user watches the respective video. If the user is simultaneously logged in to YouTube as a member, then YouTube assigns the corresponding information to that user’s personal user account. The user can prevent this by logging out of his/her YouTube account before visiting our website. More information about YouTube’s data processing and privacy is provided in the Google data privacy statement accessible via the following link: https://www.google.de/intl/de/policies/privacy/. An opt-out setting is available via the following link https://adssettings.google.com/authenticated. To use it, the user must download and install the browser plug-in available via the link provided in the previous sentence. 
 

5.    Mailgun
We use the Mailgun service for our website. Mailgun is a service of Mailgun Technologies, Inc. 548 Market St. #43099
San Francisco, CA 94104, USA. Mailgun is used for all system emails (e.g. “Forgot password” or “Double opt-in”). When required, e.g. when a user clicks on the “Forgot password” button on our website, we send Mailgun the corresponding email address and the first and last name of the user concerned. 
The corresponding legal basis is point (b) of Article 6(1) GDPR. Our legitimate interest lies in the fulfilment of our contractual obligations arising from the contract of use concluded with the user, in this case to grant the user access to our platform even if he/she has forgotten his/her password. We have concluded a corresponding “Order data processing contract” with Mailgun (https://app.hellosign.com/s/2dc49398) In this contract, Mailgun undertakes to protect the data of our users and to process it on our behalf only in accordance with their data protection regulations. For more information in this regard, please consult Mailgun’s privacy policy at https://www.mailgun.com/gdpr and https://www.mailgun.com/privacy-policy.

 

5.    Hotjar
We use the analysis software provided by Hotjar Ltd, Level 2, St Julian's Business Centre, 3, Elia Zammit Street, St Julian’s STJ 1000, Malta (“Hotjar”). This analysis software enables us to measure and evaluate user behaviour on our site (e.g. clicks, mouse movements, the time users spend on which pages, etc.). We therefore use Hotjar to better understand the needs of our users and to optimise our website. The analysis process involves the collection, and the subsequent transmission to and storage on servers located exclusively in Europe, of the following data:
•    The user’s email address, including his/her first and last name, provided this have been made available to us via our website
•    The user’s IP address (collected and stored in an anonymous format)
•    The device type and browser information
•    Geographical position (country only)
•    The preferred language for our website
The following additional data is logged on our server when Hotjar is used:
•    Referring domain
•    Visited pages
•    The country and preferred language for our website
•    Date and time of access to our site
Hotjar stores this information in a pseudonymised user profile.  Neither Hotjar nor we use the information to identify individual users or merge it with other data about individual users.
The corresponding legal basis is point (f) of Article 6(1) GDPR. We have moreover concluded a corresponding “Order data processing contract” as per Article 28(3) sentence 1 GDPR. Our users can view the cookies set by Hotjar and the storage period of the cookies under the following link: https://www.hotjar.com/legal/policies/cookie-information
For further information, user’s can peruse Hotjar’s data privacy statement at: https://www.hotjar.com/legal/policies/privacy and https://www.hotjar.com/legal/compliance/gdpr-commitment. 
You can prevent Hotjar from collecting the data by clicking on the following link and following the corresponding instructions: https://www.hotjar.com/opt-out.

 

IX.    Data security


To protect the user, the process of transmitting his/her personal data via the internet during the ordering process takes place via the “Secure Socket Layer” (SSL) transmission method. This transmission method is supported by most browsers. All information transmitted using this secure method is encrypted before it is sent. Users’ personal data is only processed in data centres and on computers that are protected by security technologies and comply with the applicable industry standards (in relation to firewalls, password protection, access controls, etc.). Access to the user’s customer account is only possible upon entering the user’s personal password. The user should always treat his access data confidentially and close the browser window when he/she has finished communicating with us. This is especially important if the user shares the computer with others.