Privacy Policy

I. Introduction

With the following information, we would like to provide you, the “data subject,” with an overview of how we process your personal data as well as your rights under data protection laws. In principle, it is possible to use our Internet pages without entering personal data. However, processing of personal data could become necessary if you want to use special services provided by our company through our website. If the processing of personal data is necessary and there is no legal basis for such processing, we will generally obtain consent from you.
The processing of personal data, such as your name, address, or email address, is always carried out in accordance with the General Data Protection Regulation (GDR), and in compliance with the country-specific data protection regulations applicable to L-mobile solutions GmbH & Co. KG. In this Privacy Policy, we would like to provide you with information regarding the scope and purpose of the personal data we collect, use and process.
As the controller, we have implemented numerous technical and organizational measures to ensure protection of personal data processed through this website as completely as possible. Despite this, Internet-based data transfer can have security gaps, meaning that absolute protection cannot be guaranteed. For this reason, you are free to submit personal data to us by alternative means, such as by telephone or mail.

II. Name and address of the controller

Within the meaning of the GDPR, the controller is:

L-mobile solutions GmbH & Co. KG
Im Horben 7, 71560 Sulzbach an der Murr, Germany
Tel.: +49 (0) 7193 93 12 – 0
Fax: +49 (0) 7193 93 12 – 12
Email: info[at]l-mobile.com

III. Data protection officer

You can reach the data protection officer as follows:
Michael Weinmann
Tel.: +49 (0)173 763 29 62
Email: michael.weinmann[at]dsb-office.de
You can contact our data protection officer directly at any time with all questions and suggestions regarding data protection.

IV. Definitions

This Privacy Policy is based on the terms used by the European Legislature in the adoption of the General Data Protection Regulation (GDPR). Our Privacy Policy is intended to be easy to read and understand for the public as well as for our customers and business partners. To ensure this, we would like to explain the terminology used in advance.
We use the following terms, among others, in this Privacy Policy:

A. Personal data

Personal data means any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

B. Data subject

A data subject is any identified or identifiable natural person whose personal data are processed by the controller (our company).

C. Processing

Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or other form of provision, alignment or combination, restriction, erasure or destruction.

D. Restriction of processing

Restriction of processing means the marking of stored personal data with the aim of limiting their processing in the future.

E. Profiling

Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or movements.

F. Pseudonymization

Pseudonymization means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.

G. Processor

Processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

H. Recipient

Recipient means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients.

I. Third party

Third party means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data.

J. Consent

Consent of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

V. Legal basis of processing

Article 6(1)(a) GDPR (in conjunction with Section 15[3] “Telemediengesetz,” German Telemedia Act [TMG]) serves as the legal basis for our company regarding processing operations in which we obtain consent for a specific processing purpose.
If the processing of personal data is necessary for the performance of a contract to which you are a party, as is the case, for example, with processing operations that are necessary for a delivery of goods or the provision of another service or consideration, the processing is based on Article 6(1)(b) GDPR. The same applies to processing operations that are necessary for the implementation of pre-contractual measures, for example in cases of inquiries about our products or services.
If our company is subject to a legal obligation that requires the processing of personal data, such as for the fulfillment of tax obligations, the processing is based on Article 6(1)(c) GDPR.
In rare cases, the processing of personal data might become necessary to protect vital interests of the data subject or another natural person. This would be the case, for example, if a visitor were to be injured on our premises and as a result his or her name, age, health insurance data or other vital information needed to be passed on to a medical doctor, hospital or other third party. In that case, the processing would be based on Article 6(1)(d) GDPR.
Ultimately, processing operations could be based on Article 6(1)(f) GDPR. Processing operations not covered by any of the aforementioned legal bases are based on this legal basis if the processing is necessary to protect a legitimate interest of our company or a third party, provided that the interests, fundamental rights and freedoms of the data subject are not overridden. We are permitted to carry out such processing operations in particular because they have been specifically mentioned by the European legislature. In this respect, it took the view that a legitimate interest could be assumed if you are a customer of our company (Recital 47 Sentence 2 GDPR).

VI. Transfer of data to third parties

Your personal data will not be transferred to third parties for purposes other than those listed below.
We will only share your personal information with third parties if:

1. you have given your express consent to this in accordance with Article 6(1) Paragraph 1(a) GDPR,
2. the disclosure is permissible under Article 6(1) p. 1 lit. f DS-GVO to protect our legitimate interests and there is no reason to assume that you have an overriding interest worthy of protection in the non-disclosure of your data,
3. a legal obligation exists for the disclosure in accordance with Article 6(1) Sentence 1(c) GDPR, and
4. this is legally permissible and necessary according to Article 6(1) Sentence 1(b) GDPR for the processing of contractual relationships with you.
In order to protect your data and to allow us to transfer data to third countries (outside the EU/EEA) if necessary, we have concluded commissioned processing agreements based on the European Commission’s standard contractual clauses.

If the standard contractual clauses are not sufficient to establish an adequate level of security, your consent pursuant to Article 49 (1) a) of the GDPR may serve as the legal basis for the transfer to third countries. This sometimes does not apply in the case of a data transfer to third countries for which the European Commission has issued an adequacy decision pursuant to Article 45 of the GDPR.

VII. Technology

A. SSL/TLS encryption

This site uses SSL or TLS encryption to ensure the security of data processing and to protect the transmission of confidential content, such as orders, login data or contact requests that you send to us as the operator. You can recognize an encrypted connection by the fact that there is a “https://” instead of a “http://” in the address line of the browser and by the lock symbol in your browser line.
We use this technology to protect your transmitted data.

B. Data collection when visiting the website

When you use our website for information purposes only, in other words, if you do not register or otherwise transmit information to us, we only collect the data that your browser transmits to our server (in “server log files”). Our website collects a series of general data and information each time you or an automated system access a page. This general data and information is stored in the server’s log files. The following can be collected
1. browser types and versions used,
2. the operating system used by the accessing system,
3. the website from which an accessing system reaches our website (referrer),
4. the sub-websites that are accessed via an accessing system on our website,
5. the date and time when the website is accessed,
6. an abbreviated Internet protocol address (anonymized IP address),
7. the Internet service provider of the accessing system.

When using this general data and information, we do not draw any conclusions about you as an individual. Instead, this information is needed to
1. deliver the contents of our website correctly,
2. optimize the content of our website and the advertising for it,
3. ensure the permanent operability of our IT systems and the technology of our website, and
4. provide law enforcement authorities with the information necessary for prosecution in the event of a cyberattack.
The data and information collected will therefore be used by us exclusively for statistical purposes and with the aim of increasing the data protection and data security of our company to ensure an optimal level of protection for the personal data we process. The anonymous data in the server log files are stored separately from any personal data provided by a data subject.
The legal basis for the data processing is Article 6(1) Sentence 1(f) GDPR. Our legitimate interest follows from the data collection purposes listed above.

VIII. Cookies

A. General information about cookies

We use cookies on our website. These are small files that your browser creates automatically and that are stored on your IT system (laptop, tablet, smartphone, or similar) when you visit our site.
The cookie stores information related to the specific end device used. However, this does not mean that we thereby obtain direct knowledge of your identity.
The use of cookies serves to make the use of our website more pleasant for you. For example, we use session cookies to recognize that you have already visited individual pages of our website. These are automatically deleted after you leave our site.
In addition, we also use temporary cookies to optimize user-friendliness. These are stored on your end device for a certain specified period of time. If you visit our site again to use our services, it is automatically recognized that you have visited us before as well as which entries and settings you have made so that you do not have to enter them again.
We also use cookies to statistically record the use of our website and to evaluate it for the purpose of optimizing our services for you. These cookies allow us to automatically recognize that you have already visited our site when you return. These cookies are automatically deleted after a defined period of time.

B. Legal basis for the use of cookies

The data processed by cookies, which are required for the proper functioning of the website, are thus necessary to protect our legitimate interests as well as those of third parties in accordance with Article 6(1) Sentence 1(f) GDPR.
For all other cookies, you must have given your consent via our opt-in cookie banner within the meaning of Article 6(1)(a) GDPR.

C. Compliance GDPR/CCPA (Consent Management Tool)

We use the consent management tool “Complianz GDPR/CCPA Cookie Consent” (Complianz) from Complianz B.V., Kalmarweg 14-5, 9723 JG Groningen,
Netherlands. This service allows us to obtain and manage the consent of website users for data processing.

Complianz uses cookies to collect data generated by end users who use our website. When an end user provides consent, Complianz automatically logs the following data:

browser information,
date and time of access,
device information,
the URL of the visited page,
banner language,
consent ID,
the consent status of the end user, which serves as proof of consent.

The consent status is also stored in the end user’s browser so that the website can automatically read and follow the end user’s consent in all subsequent page requests and future end user sessions for up to 12 months. The consent data (consent and revocation of consent) is stored for three years. The retention period corresponds to the regular limitation period pursuant to Section 195 of the German Civil Code (BGB). The data will then be deleted immediately.

The functionality of the website is not guaranteed without the described processing. There is no possibility for the user to object as long as there is a legal obligation to obtain the user’s consent to certain data processing operations (Article 7 (1), 6 (1) p. 1 (c) GDPR).

Complianz is a recipient of your personal data and acts as a processor for us. The data processing takes place exclusively in the European Union.

Detailed information on the use of Complianz can be found at: https://complianz.io/legal/.

IX. Contents of our website

A. Registration as a user

You have the option of registering on our website by providing personal data.
Which personal data will be transmitted to us in the process is determined by the respective entry form used for registration. The personal data you enter is collected and stored exclusively for internal use by us and for our own purposes. We may arrange for the transfer to one or more order processors, for example a parcel service provider, who will also use the personal data exclusively for an internal use attributable to us.
When you register on our website, the IP address assigned by your Internet service provider (ISP), as well as the date and the time of registration will be collected. We collect this data because it is the only way to prevent misuse of our services and, if necessary, to investigate crimes that have been committed. In this respect, retention of this data is required for our security. We generally do not pass on this data to third parties unless there is a legal obligation to do so or the data is passed on for the purpose of criminal prosecution.
Your registration with voluntary provision of personal data also allows us to provide you with content or services that, due to their nature, can only be offered to registered users. Registered persons are free to change the personal data provided during registration at any time or to have it completely deleted from our database.
We will provide you with information about which personal data is stored about you at any time upon request. Furthermore, we will correct or delete personal data at your request, insofar as this does not conflict with any statutory retention obligations. Our data protection officer, who is named in this Privacy Policy, and all other employees are available to the data subject as contact points in this context.
The purpose of processing your data is to ensure comfortable and easy use of our website. This constitutes a legitimate interest within the meaning of Article 6(1)(f) GDPR.

B. Data processing when opening a customer account and for contract fulfillment

In accordance with Article 6(1)(b) GDPR, personal data is collected and processed if you provide it to us for the performance of a contract or when opening a customer account. The respective entry forms show which data is collected. You can have your customer account deleted at any time by sending a message to the aforementioned address of the person responsible. We store and use the data you provide for the purpose of fulfilling the contract. After fulfillment of the contract or deletion of your customer account, your data will be blocked taking into account retention periods under tax and commercial law and deleted after expiry of these periods, unless you have expressly consented to further use of your data or a legally permitted further use of data has been reserved on our part, about which we inform you accordingly below.

C. Data processing for order processing

Personal data collected by us will be disclosed to the shipping company commissioned with the delivery as part of the contract performance, insofar as this is necessary for the delivery of the goods. We will forward your payment data to the commissioned bank within the framework of payment processing, insofar as this is required for payment processing. We explicitly inform you below if payment service providers are used. The legal basis for transfer of the data in this case is Article 6(1)(b) GDPR.

D. Conclusion of contracts in the online store, at a retailer and the shipment of goods

We only transfer personal data to third parties if this is necessary in the context of fulfilling the contract, for example to the companies entrusted with the delivery of the goods or the bank entrusted with the processing of payments. No other data will be disclosed, or only if you have expressly consented to the disclosure of such data. Your data will not be disclosed to third parties without your express consent, for example for advertising purposes.
The basis for the data processing is Article 6(1)(b) GDPR, which permits the processing of data for the performance of a contract or pre-contractual actions.

E. Contact/contact form

Personal data is collected when contacting us (for example, via the contact form or email). Which data is collected in the case of a contact form is evident from the respective contact form. This data is stored and used exclusively for the purpose of responding to your request or for contacting you and the associated technical administration. The legal basis for processing of the data is our legitimate interest in responding to your request in accordance with Article 6(1)(f) GDPR. If you are contacting us with the intention of concluding a contract, the additional legal basis for the processing is Article 6(1)(b) GDPR. Your data will be deleted after your request has been processed. This is the case if the circumstances indicate that the matter in question has been conclusively clarified and provided that there are no statutory retention obligations to the contrary.

F. Our application center

We operate an application center to support you in the application process. For this purpose, we use a service provided by Personio GmbH & Co. KG, a company based in Germany, that offers personnel administration and application management software. (https://www.personio.com/legal-notice/). The data transmitted as part of your application is transferred via TLS encryption and stored in a database. We have concluded an order processing contract with the service provider in accordance with Article 28 GDPR. Personio processes your data exclusively according to our instructions.

G. Privacy Policy on the use and application of LinkedIn

The controller has integrated components of the LinkedIn Corporation on this website. LinkedIn is an Internet-based social network that allows users to connect with existing business contacts and make new business contacts. Over 400 million registered people use LinkedIn in more than 200 countries. This currently makes LinkedIn the largest platform for business contacts and one of the most visited websites in the world.
The operating company of LinkedIn is LinkedIn Corporation, 2029 Stierlin Court Mountain View, CA 94043, USA. LinkedIn Ireland, Privacy Policy Issues, Wilton Plaza, Wilton Place, Dublin 2, Ireland, is responsible for privacy matters outside the United States.
Each time a user accesses a page on our website that is equipped with a LinkedIn component (LinkedIn plug-in), this component causes the browser used by the data subject to download a corresponding representation of the LinkedIn component. Further information about LinkedIn plug-ins can be found at https://developer.linkedin.com/plugins. As part of this technical procedure, LinkedIn will obtain knowledge about which specific sub-page of our website is visited by the data subject.
If the data subject is logged in to LinkedIn at the same time, LinkedIn will recognize which specific sub-page of our website the data subject is visiting each time the data subject accesses our website and for the entire duration of the respective visit to our website. This information is collected by the LinkedIn component and assigned by LinkedIn to the respective LinkedIn account of the person concerned. If the data subject activates a LinkedIn button integrated on our website, LinkedIn assigns this information to the personal LinkedIn user account of the data subject and stores this personal data.
LinkedIn will always receive information about the fact that the data subject has visited our website via the LinkedIn component if the data subject is logged into LinkedIn at the same time as accessing our website. This will occur regardless of whether the data subject clicks on the LinkedIn component or not. If the data subject does not want this information to be transmitted to LinkedIn, they can prevent the transmission by logging out of their LinkedIn account before accessing our website.
LinkedIn offers the option to unsubscribe from email messages, SMS messages, and targeted ads, as well as manage ad settings, at https://www.linkedin.com/psettings/guest-controls. LinkedIn also uses partners such as Quantcast, Google Analytics, BlueKai, DoubleClick, Nielsen, Comscore, Eloqua and Lotame, which may install cookies. Such cookies can be rejected at https://www.linkedin.com/legal/cookie-policy. The applicable LinkedIn Privacy Policy is available at https://www.linkedin.com/legal/privacy-policy. The LinkedIn Cookie Policy is available at https://www.linkedin.com/legal/cookie-policy.

H. Use and application of LinkedIn Insight Tag

We use the LinkedIn Insight Conversion Tool of LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA, which allows us to obtain information about the use of our website and to present you with advertising content that is tailored to your interests on other websites. For this purpose, a cookie with a validity of 120 days will be installed in your browser, which enables LinkedIn to recognize you when you visit a website. LinkedIn uses this data to generate anonymous reports for us on ad activity and information about how you interact with our website.
You can deactivate the LinkedIn Insight Conversion Tool and interest-based advertising by opting out at the following link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out
If you are a LinkedIn member, click the “Decline on LinkedIn” box for this purpose. Other visitors should click on “Decline.”
Further information on data protection at LinkedIn can be found here: https://www.linkedin.com/legal/privacy-policy#choices-oblig

I. Use of push notifications with CleverPush

You can sign up to receive our push notifications. We use the messaging service CleverPush, which is operated by CleverPush UG (limited liability), Tondernstr. 1, 22049 Hamburg, Germany (“CleverPush”), to send our push notifications.
You will receive regular information about new information center posts, videos or events, for example, via our push notifications.
To register, you must confirm your browser’s prompt to receive notifications. This process is documented and stored by CleverPush. This includes storing the time of login and your browser ID or device ID. The collection of this data is necessary so that we can trace the processes in the event of misuse and therefore serves our legal protection.
In order to show you the push notifications, CleverPush collects and processes your browser ID on our behalf, as well as your device ID in the case of mobile access.
By subscribing to our push notifications, you agree to receiving them. The legal basis for the processing of your data after registration for our push notifications is Article 6(1)(a) GDPR if you have given your consent.
CleverPush also statistically evaluates our push notifications. CleverPush can thus recognize if and when our push notifications were displayed and clicked by you.
You can revoke your consent to the storage and use of your personal data to receive our push notifications and the statistical collection described above at any time with effect for the future. For the purpose of revoking consent, you can change the setting provided for this purpose in your browser to receive push notifications. If you use our push notifications on a desktop PC with the Windows operating system, you can also unsubscribe from our push notifications by right-clicking on the respective push notification in the settings that will appear there.
Your data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. Accordingly, your data will be stored as long as the subscription to our push notifications is active.
See the following link for a detailed explanation of the cancellation process: https://cleverpush.com/en/faq/.

J. Podigee Podcast Hosting

We use the Podigee podcast hosting service provided by Podigee GmbH, Schlesische Strasse 20, 10997 Berlin, Germany. The podcasts are loaded from Podigee or transmitted via Podigee.

The use of this service is based on our legitimate interests in accordance with Article 6(1)(f) GDPR, that is, our interest in the secure and efficient provision, analysis, and optimization of our podcast services.

Podigee processes IP addresses and device information to enable podcast downloads/playbacks and to gather statistical data, such as view counts. This data is anonymized or pseudonymized before being stored in the Podigee database, unless it is necessary for the provision of the podcasts.

For more information and how to opt-out, please see the Podigee privacy policy: https://www.podigee.com/en/about/privacy.

K. Perspective Mobile Funnels

Provision of our website
We use an external service provider for the provision of our website: Perspective Software GmbH, Mailbox 659770, D-96035 Bamberg (hereinafter “Perspective”). Perspective itself stores your data exclusively on European servers. However, there is a possibility that your data may be accessible to entities in the United States of America, since Perspective uses sub-processors located in the United States. Based on the determination by the European Union Commission that United States data protection laws do not ensure an adequate level of protection for personal data collected from data subjects in the European Union, Perspective provides additional measures and safeguards for data transfers to the United States in accordance with the requirements of the GDPR to ensure an adequate level of protection. This includes, for example, the conclusion of standard contractual clauses between Perspective and sub-processors.

I. Description and scope of data processing

Perspective processes your data on our behalf so that we can provide you with our online services. For this purpose, Perspective automatically transmits your IP address to deliver the content and functionality of our online services to your browser or device.

The following data may be collected:

Information about the browser type and version used
The operating system of your computer
The Internet service provider you use
The IP address of your device
Date and time of your access to the funnel
Websites from which you came to our website (“referrer”)

II. Legal basis for data processing

Perspective stores the data mentioned under I. in log files. This is done to ensure

a smooth connection to the website,
a comfortable user experience with our website,
the evaluation of system security and stability, and
for other administrative purposes.

The temporary storage of the IP address by the system is also necessary to enable delivery of the website to your computer. For this purpose, the IP address of your computer must remain stored for the duration of the session.

These purposes are also our legitimate interest in data processing. The legal basis for the data processing is thus Article 6 (1) p. 1 (f) GDPR.

III. Duration of processing

The personal data processed by Perspective will be deleted as soon as it is no longer necessary to achieve the purpose for which it was collected.

In other words, data which is being collected for the provision of the website will be deleted when the respective session has ended.
Your IP address will be deleted in the log files after 7 days at the latest.

IV. Data subject rights

You have the right to receive information about the origin, recipient, and purpose of your stored personal data free of charge at any time. You also have a right to request the correction, blocking, or deletion of this data. You can contact us at any time at the address given in the imprint for this purpose and for further questions on the subject of data protection. Furthermore, you have the right to lodge a complaint with the competent supervisory authority in the event of violations of the GDPR.

Because the data processing is based on Article 6 (1) p. 1 (f) GDPR, you have the right to object to the processing of your personal data at any time for reasons arising from your particular situation. If you object, we will no longer process your personal data concerned unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights, and freedoms or the processing serves the purpose of asserting, exercising, or defending legal claims (objection under Article 21 (1) GDPR). Since the collection of data for the provision of the website and the storage of data in log files is absolutely necessary for the operation of our website, there should be no option for you to object in most cases.

You also have the right to request the restriction of the processing of your personal data under certain circumstances. The right to restrict processing exists in the following cases:

If you dispute the accuracy of the personal data we hold about you, we will usually need time to verify this. For the duration of the review, you have the right to request the restriction of the processing of your personal data.

If the processing of your personal data happened/happens unlawfully, you can request the restriction of the data processing instead of the deletion.

If we no longer need your personal data, but you need it to exercise, defend, or enforce legal claims, you have the right to request restriction of the processing of your personal data instead of deletion.

If you have lodged an objection pursuant to Article 21 (1) GDPR, a review must be carried out to weigh up your interests against ours. As long as it has not yet been determined whose interests prevail, you have the right to request the restriction of the processing of your personal data.

If you have restricted the processing of your personal data, this data (apart from its storage) may only be processed with your consent or for the assertion, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of an important public interest of the European Union or a Member State.

Perspective contact and request management

We use an external service provider for the provision of contact, inquiry or application forms: Perspective Software GmbH, Mailbox 659770, D-96035 Bamberg (hereinafter “Perspective”). Perspective itself stores your data exclusively on European servers. However, there is a possibility that your data may be accessible to entities in the United States of America, since Perspective uses sub-processors located in the United States. Based on the determination by the European Union Commission that United States data protection laws do not ensure an adequate level of protection for personal data collected from data subjects in the European Union, Perspective provides additional measures and safeguards for data transfers to the United States in accordance with the requirements of the GDPR to ensure an adequate level of protection. This includes, for example, the conclusion of standard contractual clauses between Perspective and sub-processors.

I. Description and scope of data processing

When using Perspective’s contact, inquiry or application forms, the following data is transmitted to Perspective’s servers:

Date and time of access
Websites from which you came to our website (“referrer”)
Context information (such as button clicks on the pages, selections made on the pages)
Contents of all filled-in text fields (for example, contact data, such as your name or address, or other personal data, depending on the question shown in the specific text field)
Files uploaded by you

II. Purpose and legal basis of data processing

The purpose of this data processing is to ensure the communication you initiated.

The processing of your data from contact, inquiry or application forms is therefore initially based on your consent. The legal basis is Article 6 (1) p. 1 (a) GDPR. If a contract is initiated via an inquiry form, the legal basis is also Article 6 (1) p. 1 (b) GDPR. The legal basis for the processing of data in an application form may be Article 88 GDPR in conjunction with 26 of the German Federal Data Protection Act (BDSG) in addition to Article 6 (1) sentence 1 (f) GDPR.

III. Duration of processing

‍Your personal data will be kept for as long as necessary to fulfill the purpose of the processing or until you withdraw your consent. Exceptions to this principle are any data that Perspective is required to retain due to legal obligations. These include, for example, the retention obligations under commercial and tax law. These retention periods are (currently) up to ten years.

IV. Data subject rights

You can revoke your consent to data processing at any time by informally notifying us (for example by email). The revocation shall not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.

You also have the right to request the restriction of the processing of your personal data under certain circumstances. The right to restrict processing exists in the following cases:

If the processing of your personal data happened/happens unlawfully, you can request the restriction of the data processing instead of the deletion.

X. Newsletter distribution

We will send you our newsletter or similar information on a regular basis by email to your specified email address based on your expressly granted consent.
You only need to provide your email address in order to receive the newsletter. When you register to receive our newsletter, the data you provide will be used exclusively for this purpose. Subscribers may also be informed by email about circumstances relevant to the service or registration (for example, changes to the newsletter offer or technical circumstances).
We will validate your email address for effective registration. To this end, we record your subscription to the newsletter. No other data is collected. The data will be used exclusively for sending the newsletter and will not be disclosed to third parties.
You can revoke your consent to the storage of your personal data and its use for the newsletter subscription at any time. There is a link in every newsletter for this purpose. If you no longer wish to receive the newsletter, you can revoke your consent to receiving the newsletter at any time with effect for the future by clicking on the revocation link in the newsletter emails or by sending an email to praxis-info@l-mobile.com.

A. CleverReach

This website uses CleverReach for the distribution of newsletters. The provider is CleverReach GmbH & Co. KG, Mühlenstr. 43, 26180 Rastede, Germany. CleverReach is a service that can be used to organize and analyze newsletter distribution. The data you enter for the purpose of receiving the newsletter (for example email address) will be stored on the CleverReach servers in Germany or Ireland.
Our newsletters sent with CleverReach allow us to analyze the behavior of newsletter recipients. For example, we can analyze how many recipients have opened the newsletter message and how often which link in the newsletter has been clicked. Furthermore, conversion tracking can be used to analyze whether a predefined action (such as purchasing a product on our website) has taken place after the link in the newsletter has been clicked. For more information about data analysis through CleverReach newsletters, please visit: https://www.cleverreach.com/en-de/newsletter-tool/newsletter-reporting/.
The data processing is based on your consent (Article 6[1][a] GDPR). You can revoke this consent at any time by unsubscribing from the newsletter. The legality of the data processing operations already carried out remains unaffected by the revocation.
If you do not want CleverReach to analyze your data, you must unsubscribe from the newsletter. We provide a link for this purpose in every newsletter message. Moreover, you can also unsubscribe from the newsletter directly on the website.
You can revoke the consent you have given at any time. You can also prevent the processing at any time by unsubscribing from the newsletter. You can also prevent the storage of cookies by selecting the appropriate settings on your web browser. You can also prevent the storage and disclosure of personal data by deactivating JavaScript in your web browser or installing a JavaScript blocker (such as https://noscript.net or https://www.ghostery.com). We would like to point out that as a result of these measures, you may no longer be able to use all the functions of our website.
The data you provide for the purpose of receiving the newsletter will be stored by us until you unsubscribe from the newsletter and will be deleted from our servers as well as from the servers of CleverReach after you unsubscribe from the newsletter. Data stored by us for other purposes (such as email addresses for the member area) remain unaffected by this.
For more details, please see the CleverReach Privacy Policy at: https://www.cleverreach.com/en-de/privacy-policy/.

XI. Our activities in social networks

In order to be able to communicate with you in social networks and inform you about our services, we are represented there with our own pages. If you visit one of our social media pages, we are jointly responsible with the provider of the respective social media platform within the meaning of Article 26 GDPR with regard to the processing operations triggered thereby that concern personal data.
We are not the original provider of these pages, but only use them within the scope of the possibilities offered to us by the respective providers.
Therefore, as a precaution, we point out that your data may also be processed outside the European Union or the European Economic Area. Use may therefore include data protection risks for you, because it may be more difficult to protect your rights, such as rights to information, deletion, objection, etc., and the processing in the social networks is often carried out directly for advertising purposes or for the analysis of user behavior by the providers, without our being able to influence this. If usage profiles are created by the provider, cookies are often used or the usage behavior is directly assigned to your own member profile of the social networks (if you are logged in here).
The described personal data processing operations are carried out in accordance with Article 6(1)(f) GDPR based on our legitimate interest and the legitimate interest of the respective provider in order to be able to communicate with you in a timely manner or to inform you about our services. If you need to give your consent to data processing as a user with the respective providers, the legal basis is Article 6(1)(a) GDPR in conjunction with Article 7 GDPR.
Since we do not have access to the providers’ databases, we would like to draw your attention to the fact that it is best to assert your rights (such as right to information, correction, deletion, etc.) directly with the respective provider. We have listed further information regarding the processing of your data in the social networks and the ability to make use of your right of objection or revocation (opt-out) below under the respective social network provider used by us:

A. Facebook

(Co-) controller for data processing in Europe:
Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland
Privacy Policy (Data Policy):
https://www.facebook.com/about/privacy
Opt-out and advertising settings:
https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen
and:
https://de-de.facebook.com/about/privacy/

B. Instagram

(Co-) controller for data processing in Germany:
Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland
Privacy Policy (Data Policy):
http://instagram.com/legal/privacy/
Opt-out and advertising settings:
https://www.instagram.com/accounts/privacy_and_security/

C. LinkedIn

(Co-) controller for data processing in Europe:
LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland
Privacy Policy:
https://www.linkedin.com/legal/privacy-policy
Opt-out and advertising settings:
https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out

D. XING

(Co-) controller for data processing in Germany:
XING AG, Dammtorstrasse 29-32, 20354 Hamburg, Germany
Privacy Policy:
https://privacy.xing.com/de/datenschutzerklaerung
Information requests for XING members:
https://www.xing.com/settings/privacy/data/disclosure

XII. Web analytics

A. Meta Pixel (formerly Facebook Pixel) Custom Audience

This website uses the “Facebook Pixel” of Meta Platforms, Inc, 1 Hacker Way, Menlo Park, CA 94025, USA (“Meta”). If explicit consent is given, users’ behavior can be tracked after they have seen or clicked on a Facebook ad. This procedure is used to evaluate the effectiveness of Facebook ads for statistical and market research purposes and can contribute to optimizing future advertising measures.
The data collected is anonymous for us and therefore does not allow us to draw conclusions about the identity of the users. However, the data is stored and processed by Meta, so that a connection to the respective user profile is possible and Meta can use the data for its own advertising purposes in accordance with the Facebook Data Usage Policy (https://www.facebook.com/about/privacy/). Meta and its partners are thus enabled to place advertisements on and outside of Facebook. A cookie may also be stored on your computer for these purposes.
These processing operations are carried out exclusively when explicit consent is given in accordance with Article 6(1)(a) GDPR.
This US company is certified under the EU-US Data Privacy Framework. An adequacy decision in accordance with Article 45 GDPR is hereby in place, so that a transfer of personal data may also take place without further guarantees or additional measures.

B. Google Analytics Universal

We use Google Analytics, a web analytics service provided by Google Ireland Limited, on our websites. (https://www.google.de/intl/de/about/), Gordon House, Barrow Street, Dublin 4, Irland (“Google”). Pseudonymized usage profiles are created and cookies are used in this context (see item “Cookies”). The information generated by the cookie about your use of this website such as
1. the browser type/version,
2. the operating system used,
3. the referrer URL (the previously visited page),
4. the host name of the accessing computer (IP address) and
5. time of the server request,
are transferred to a Google server in the USA and stored there. The information is used to evaluate use of the website, compile reports on website activity, and provide other services relating to website activity and Internet usage for market research purposes, as well as to tailor the design of this website to users’ needs. This information may also be transferred to third parties if this is required by law or if third parties process this data on our behalf. Under no circumstances will your IP address be merged with other data from Google. The IP addresses are anonymized so that an identification is not possible (IP masking).
You may refuse the installation of cookies by selecting the appropriate settings on your browser software. However, we would like to draw your attention to the fact that in this case it may not be possible to use all the functions of this website to their full extent.
These processing operations are carried out exclusively when explicit consent is given in accordance with Article 6(1)(a) GDPR.
You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) and the processing of this data by Google by downloading and installing a browser add-on (https://tools.google.com/dlpage/gaoptout?hl=en).
The parent company Google LLC is certified as a US company under the EU-US Data Privacy Framework. An adequacy decision in accordance with Article 45 GDPR is hereby in place, so that a transfer of personal data may also take place without further guarantees or additional measures.
You can view the Google Analytics privacy policy at: https://support.google.com/analytics/answer/6004245?hl=de.

C. Google Analytics Remarketing

We have integrated Google Remarketing services on this website. Google Remarketing is a function of Google AdWords that enables a company to display advertisements to Internet users who have previously visited the company’s website. The integration of Google Remarketing thus allows a company to create user-related advertising and consequently to display interest-relevant ads to the Internet user.
Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, is the operator of the Google Remarketing services.
The purpose of Google Remarketing is the display of interest-relevant advertising. Google Remarketing allows us to display ads that are tailored to the individual needs and interests of Internet users via the Google advertising network or have them displayed on other websites.
Google Remarketing will install a cookie on the IT system of the data subject. By installing the cookie, Google is able to recognize the visitor to our website when they subsequently visit websites that are also members of the Google advertising network. Each time you visit a website on which the Google Remarketing service has been integrated, your Internet browser automatically identifies itself to Google. As part of this technical process, Google obtains knowledge about personal data, such as your IP address or surfing behavior, which Google uses, among other things, to display interest-relevant advertising.
The cookie is used to store personal information, such as the web pages you visit. Each time you visit our website, personal data, including your IP address, is transmitted to Google in the United States of America. This personal data is stored by Google in the United States of America. Google may share this personal data collected by means of the technical process with third parties.
You can prevent the installation of cookies by our website, as already described above, at any time by choosing the appropriate setting on your Internet browser and thus permanently object to the installation of cookies. Such an Internet browser setting would also prevent Google from installing a cookie on your IT system. In addition, a cookie already installed by Google Analytics can be deleted at any time by the Internet browser or other software programs.
You also have the option to object to interest-based advertising by Google. For this purpose, you must go to the link https://adssettings.google.com/anonymous?hl=en in your Internet browser and enter the desired settings there.
These processing operations are carried out exclusively when explicit consent is given in accordance with Article 6(1)(a) GDPR.

The parent company Google LLC is certified as a US company under the EU-US Data Privacy Framework. An adequacy decision in accordance with Article 45 GDPR is hereby in place, so that a transfer of personal data may also take place without further guarantees or additional measures.

More information and the applicable Google privacy policy can be found at https://policies.google.com/privacy?hl=en&gl=de.

D. Hubspot

We use HubSpot features on this website. The provider is HubSpot, Inc, 25 First Street, Cambridge, MA 02141, USA.
HubSpot tracks visitors to our website using browser cookies. Every time you access our website, HubSpot checks whether a HubSpot tracking cookie is set. If such a cookie is not already installed on your browser, a HubSpot cookie will be placed on your browser (provided you give your consent), which will record all of our web pages that you access later on.
The following should be noted regarding HubSpot’s handling of tracking cookies:

Your visit to our websites will only be tracked using the HubSpot cookie if you have given your consent to the setting of the HubSpot cookie or all tracking cookies.
If you fill out and submit one of the forms on our websites (such as a contact form) and have given your consent to the setting of the HubSpot cookie, HubSpot will associate your previous page views resulting from the tracking cookie with the form you submitted.
If you have already been in contact with us, your email address submitted via the form will be assigned to the information already stored by us.
If you delete all your cookies or specifically the HubSpot cookies, you will be considered a new visitor on our web pages and a new cookie will be set. However, HubSpot automatically duplicates all form submissions received from the same email address, even if different browser cookies have been assigned to those submissions.
Since cookies are set only once on a browser, submissions from two people sharing a single computer are assigned to one and the same contact entry. This cookie deduplication ensures that when a contact submits forms to your website from different email addresses, all submissions are associated with a single contact record in HubSpot.
HubSpot assigns page views to a contact when the contact clicks a link in a tracked marketing email that continues to a page where the HubSpot tracking code is installed.

These processing operations are carried out exclusively when explicit consent is given in accordance with Article 6(1)(a) GDPR. Your data will be stored until you withdraw your consent.
You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases, or in general and activate the automatic deletion of cookies when closing the browser. The functionality of this website may be limited if cookies are disabled.
The transfer of your personal data to the USA takes place on the basis of the standard contractual clauses. The company is certified in accordance with the EU-US Data Privacy Framework (DPF). The DPF is an agreement between the European Union and the U.S. that is intended to ensure compliance with European data protection standards for data processing in the U.S. Every company certified under the DPF undertakes to comply with these data protection standards. You can obtain more information about this from the provider at the following link: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt0000000TN8pAAG&status=Active
For more information on HubSpot, please visit: https://legal.hubspot.com/privacy-policy.

XIII. Advertising

XIV. Google Ads (previously AdWords)

Our website uses the functions of Google Ads. We use this to advertise this website in Google search results and on third-party websites. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). For this purpose, Google will install a cookie in the browser of your end device, which will automatically enable interest-based advertising by means of a pseudonymous cookie ID and based on the pages you visit.
These processing operations are carried out exclusively when explicit consent is given in accordance with Article 6(1)(a) GDPR.
Additional data will only be processed if you have consented to Google linking your web and app browsing history to your Google account and using information from your Google account to personalize ads you view on the web. In this case, Google will use your data together with Google Analytics data to create and define target group lists for cross-device remarketing if you are logged in to Google while visiting our website. Your personal data is temporarily linked by Google with Google Analytics data in order to form target groups.
You can permanently disable the installation of cookies for ad preferences by downloading and installing the browser plug-in available at the following link: https://www.google.com/settings/ads/onweb/.
Alternatively, you can obtain information from the Digital Advertising Alliance at the Internet address www.aboutads.info regarding the placement of cookies and configure your settings. Finally, you can set your browser so that you are informed about the placement of cookies and decide individually about their acceptance or exclude the acceptance of cookies for certain cases or in general. The functionality of our website may be limited if cookies are not accepted.
You can find more information and the privacy policy regarding advertising and Google here: https://www.google.com/policies/technologies/ads/

A. Google Ads with conversion tracking

We have integrated Google Ads on this website. Google Ads is an Internet advertising service that allows advertisers to place ads both in the Google search engine results and in the Google advertising network. Google Ads allows an advertiser to specify certain keywords in advance, by means of which an ad is only displayed in the Google search engine results when the user retrieves a keyword-relevant search result using the search engine. Ads are distributed in the Google advertising network by means of an automatic algorithm and taking into account the previously defined keywords on topic-relevant web pages.
Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, is the operator of the Google Ads services.
The purpose of Google Ads is to advertise our website by displaying interest-relevant advertisements on the websites of third-party companies and in the search engine results of the Google search engine as well as to display third-party advertisements on our website.
If you access our website via a Google ad, a conversion cookie will be stored on your IT system by Google. A conversion cookie expires after thirty days and is not used to identify you. The conversion cookie is used to track whether certain sub-pages, for example the shopping cart of an online store system, have been accessed on our website before the cookie expires. The conversion cookie allows both us and Google to track whether a user who arrived on our website via an AdWords ad generated a sale, that is, completed or discontinued a purchase of goods.
The data and information collected through the use of the conversion cookie are used by Google to compile visit statistics for our website. These visit statistics are in turn used by us to determine the total number of users who were referred to us through ads and thus to determine the success or failure of the respective ads and to optimize our ads for the future. Neither our company nor other Google Ads advertisers receive information from Google by means of which you could be identified.
Personal information, such as the web pages you visit, is stored by means of the conversion cookie. Each time you visit our website, personal data, including the IP address of the Internet connection you are using, is therefore transmitted to Google in the United States of America. This personal data is stored by Google in the United States of America. Google may share this personal data collected by means of the technical process with third parties.
You can prevent the installation of cookies by our website at any time by choosing the appropriate setting on your Internet browser and thus permanently object to the installation of cookies. Such an Internet browser setting would also prevent Google from installing a conversion cookie on your IT system. In addition, a cookie already installed by Google Ads can be deleted at any time by the Internet browser or other software programs.
You also have the option to object to interest-based advertising by Google. For this purpose, you must go to the link www.google.de/settings/ads in your Internet browser and enter the desired settings there.
These processing operations are carried out exclusively when explicit consent is given in accordance with Article 6(1)(a) GDPR.

More information and the applicable Google privacy policy can be found at https://policies.google.com/privacy?hl=en&gl=de.

XV. Plug-ins and other services

A. Google Maps

We use Google Maps (API) from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland on our website. Google Maps is a web service for displaying interactive maps to visually represent geographical information. For example, by using this service, our location can be shown to you and a possible journey to our location can be made easier.
Information about your use of our website (such as your IP address) is transmitted to Google servers in the U.S. and stored there when you access the sub-pages that the Google Maps map is integrated on. This occurs regardless of whether Google provides a user account through which you are logged in or whether no user account exists. If you are logged in to Google, your data is directly assigned to your account. If you do not want this to be associated with your Google profile, you must log out of your Google user account. Google stores your data (even for users who are not logged in) as usage profiles and evaluates them. You have the right to object to the creation of these user profiles. You need to contact Google to exercise this right.
If you do not agree with the future transmission of your data to Google as part of using Google Maps, you also have the option of completely disabling the Google Maps web service by turning off the JavaScript application in your browser. You will then not be able to use Google Maps and thus neither the map display on this website.
These processing operations are carried out exclusively when explicit consent is given in accordance with Article 6(1)(a) GDPR.

You can find Google’s Terms of Use at https://policies.google.com/terms?hl=en&gl=de, and the additional Terms of Use for Google Maps at https://www.google.com/intl/en_US/help/terms_maps/
For detailed information about data protection in connection with the use of Google Maps, please visit the Google website (“Google Privacy Policy”): https://policies.google.com/privacy?hl=en&gl=de

B. Google Tag Manager

This website uses Google Tag Manager, a non-cookie domain that does not collect personal data.
This tool allows the definition of “website tags” (i.e., keywords that are included in HTML elements) and their management via an interface. By using the Google Tag Manager, we can automatically track which button, link or personalized image you have actively clicked and can then record which contents of our website are of particular interest to you.
The tool also causes other tags to be triggered, which in turn may collect data. Google Tag Manager does not access this data. If you have deactivated such tracking at the domain or cookie level, this will continue to apply to all tracking tags created with Google Tag Manager.
These processing operations are carried out exclusively when explicit consent is given in accordance with Article 6(1)(a) GDPR.

C. YouTube (Videos)

We have integrated YouTube components on this website. YouTube is an Internet video portal that allows video publishers to post video clips free of charge as well as other users to view, rate, and comment on them, also free of charge. YouTube allows the publication of all kinds of videos, which is why complete film and TV shows, but also music videos, trailers or videos made by users themselves can be accessed via the Internet portal.
The operator of YouTube is YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, USA. YouTube, LLC is a subsidiary of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
Each time you access one of the individual pages of this website operated by us on which a YouTube component (YouTube video) has been integrated, the Internet browser on your IT system is automatically prompted by the respective YouTube component to download a representation of the corresponding YouTube component from YouTube. For more information about YouTube, please visit https://about.youtube/. As part of this technical process, YouTube and Google receive information about which specific sub-page of our website you visit.
If the data subject is logged into YouTube at the same time, YouTube recognizes which specific sub-page of our website you are visiting when you access a sub-page that contains a YouTube video. This information is collected by YouTube and Google and assigned to your YouTube account.
YouTube and Google always receive information via the YouTube component that you have visited our website if you are logged into YouTube at the same time as accessing our website. This happens regardless of whether you click a YouTube video or not. If you do not want this information to be transmitted to YouTube and Google, you can prevent the transmission by logging out of your YouTube account before accessing our website.
These processing operations are carried out exclusively when explicit consent is given in accordance with Article 6(1)(a) GDPR.

The privacy policy published by YouTube, which is available at https://policies.google.com/privacy?hl=en, provides information about the collection, processing, and use of personal data by YouTube and Google.

XVI. Processing of customer and supplier data

A. Nature and purpose of the processing:

In order to process sales orders and within the scope of procurement processes, we process the personal data of our customers and suppliers as well as the individual contact persons representing our customers/suppliers. We store the data in our ERP system and use it in all service fulfillment and procurement processes. Furthermore, we use the data to actively communicate with customers and to support suppliers, including an internal supplier evaluation.

B. Legal basis:

For the fulfillment of contractual obligations (Article 6[1][b] GDPR)
The processing of data is carried out for the performance of our contract
Due to legal requirements (Article 6[1][c] GDPR)
We are subject to various legal obligations that entail data processing. These include, for example:
• Tax laws as well as statutory accounting
• Complying with requests and requirements from regulatory or law enforcement authorities
• The fulfillment of control and reporting obligations under tax law
In addition, the disclosure of personal data may become necessary in the context of official/court measures for the purpose of gathering evidence, criminal prosecution or enforcement of civil claims.
Within the framework of the balancing of interests (Article 6[1][f] GDPR)
We will process your data beyond the actual performance of the contract to the extent required to protect our legitimate interests or those of third parties. Examples of such cases are:
• Processing in the CRM system to actively contact customers
• Supplier evaluation
• Assertion of legal claims and defense in legal disputes

C. Recipient:

Employees for contact with you and contractual cooperation (including the performance of pre-contractual measures). Your data may be shared with service providers who act as order processors for us, such as support or maintenance of EDP or IT applications and data destruction. All service providers are contractually bound and in particular obliged to treat your data confidentially.
Data will only be forwarded to recipients outside our company in compliance with the applicable data protection regulations. Recipients of personal data may be, for example:
• public agencies and institutions (such as financial or law enforcement authorities) in the event of a legal or regulatory obligation
• credit and financial service providers (processing of payment transactions)
• tax advisors or business, payroll tax or tax auditors (statutory audit mandate)

D. Retention period:

We process and store your personal data as long as this is necessary for the fulfillment of our contractual and legal obligations. If the data is no longer required for the fulfillment of contractual or legal obligations, it is regularly deleted.
Exceptions arise
• insofar as legal storage obligations must be fulfilled, such as the German Commercial Code (HGB) and the Fiscal Code of Germany (AO). The retention and documentation periods specified there are generally six to ten years;
• to preserve evidence within the scope of the statutory limitation provisions. According to Sections 195 et seq. of the German Civil Code (BGB), these limitation periods can be up to 30 years, with the regular limitation period being 3 years.
• other.
If the data processing is carried out in our legitimate interest or that of a third party, the personal data will be deleted as soon as this interest no longer exists. The aforementioned exceptions apply.

E. Third country transfer:

Your data will only be processed within the European Union and states within the European Economic Area (EEA).

F. Revocation of consent:

You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you that is carried out on the basis of Article 6(1)(f) GDPR (data processing based on a balance of interests). This also applies to profiling based on this provision within the meaning of Article 4(4) GDPR.
If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms, or the processing serves the purpose of asserting, exercising or defending legal claims.

G. Provision prescribed or required:

Within the framework of the contractual relationship, you must provide those personal data that are required for the commencement, performance and termination of the contractual relationship and for the fulfillment of the associated contractual obligations, or that we are legally obligated to collect. Without this data, we will usually not be able to conclude or perform the contract with you.

XVII. Data protection for applications and in the application process

A. Nature and purpose of the processing:

The controller collects and processes the personal data of applicants for the purpose of handling the application procedure. The data may also be processed electronically. This is particularly the case if an applicant sends corresponding application documents to the controller by electronic means, for example by email or via a web form located on the website. If the data controller concludes an employment contract with an applicant, the transmitted data will be stored in compliance with the statutory provisions for the purpose of processing the employment relationship.

B. Legal basis:

For the fulfillment of contractual obligations: Article 6(1)(b) GDPR in conjunction with Article 26 of the German Federal Data Protection Act (BDSG). The data is processed for the preparation of an employment contract. If we store your data in our talent pool, we do so with your consent (Article 6[1][a] GDPR).

C. Recipient:

HR employees for contact with you and contractual cooperation (including the fulfillment of pre-contractual measures) as well as managers involved in the decision-making process. We use a service for process control provided by Personio GmbH & Co. KG, a company based in Germany, which offers a personnel administration and application management software. (https://www.personio.com/legal-notice/). In accordance with the order processing agreement, Personio is bound by our instructions. Moreover, your data may be shared with service providers who act as order processors for us, such as support or maintenance of EDP or IT applications and data destruction. All service providers are contractually bound and in particular obliged to treat your data confidentially.
Data will only be forwarded to recipients outside our company in compliance with the applicable data protection regulations.

D. Retention period:

If the controller does not conclude an employment contract with the applicant, the application documents shall be automatically deleted six months after notification of the rejection decision, provided that no other legitimate interests of the controller prevent such deletion. Other legitimate interests in this sense could be, for example, a duty to provide evidence in proceedings under the German General Act on Equal Treatment (AGG).
In addition to this, we reserve the right to store your data for inclusion in our “talent pool” for up to 2 years after termination of the application process in order to identify any other interesting positions for you. This also applies, for example, to applications for apprenticeships or internships.
If you receive an offer of employment with us as part of the application process and accept it, we will store the personal data collected as part of the application process for at least the duration of the employment relationship.

E. Third country transfer:

Your data will only be processed within the European Union and states within the European Economic Area (EEA).

F. Revocation of consent:

You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you that is carried out on the basis of Article 6(1)(f) GDPR (data processing based on a balance of interests). This also applies to profiling based on this provision within the meaning of Article 4(4) GDPR.
If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms, or the processing serves the purpose of asserting, exercising or defending legal claims.

G. Provision prescribed or required:

As part of the application process, you must provide the personal data that is required for the initiation, execution, and termination of the contractual relationship as well as for fulfillment of the associated contractual obligations, or that we are required to collect by law. Without this data, we will generally not be able to give you adequate consideration in the decision-making process for filling a position.

XVIII. Data protection when conducting seminars

A. Nature and purpose of the processing:

In order to conduct seminars and other events, we process the personal data of participants and speakers. This includes in particular your address and contact details, event-specific information, your details about any food intolerances and other information that you have provided to us. For paid events it also includes your bank account information.

B. Legal basis:

For the fulfillment of contractual obligations (Article [6][1][b] GDPR); We process data in order to perform our contract. Due to legal requirements (Article [6][1][c] GDPR); We are subject to various legal obligations that entail data processing. These include, for example:
• Tax laws as well as statutory accounting
• Complying with requests and requirements from regulatory or law enforcement authorities
• The fulfillment of control and reporting obligations under tax law
In addition, the disclosure of personal data may become necessary in the context of official/court measures for the purpose of gathering evidence, criminal prosecution or enforcement of civil claims. Within the framework of the balancing of interests (Article 6[1][f] GDPR); We will process your data beyond the actual performance of the contract to the extent required to protect the legitimate interests of ourselves or third parties. Examples of such cases are: Enforcement of legal claims and defense in legal disputes; Processing in the CRM system; Based on your consent in accordance with Article 9(2)(a) GDPR. We process your information on allergies/food intolerances on the basis of your consent as part of the seminar registration.

C. Recipient:

D. Retention period:

We process and store your personal data as long as this is necessary for the fulfillment of our contractual and legal obligations. If the data is no longer required for the fulfillment of contractual or legal obligations, it is regularly deleted. Exceptions arise
• insofar as legal storage obligations must be fulfilled, such as the German Commercial Code (HGB) and the Fiscal Code of Germany (AO). The retention and documentation periods specified there are generally six to ten years;
• to preserve evidence within the scope of the statutory limitation provisions. According to Sections 195 et seq. of the German Civil Code (BGB), these limitation periods can be up to 30 years, with the regular limitation period being 3 years.
• Others, if applicable.
If the data processing is carried out in our legitimate interest or that of a third party, the personal data will be deleted as soon as this interest no longer exists. The aforementioned exceptions apply.

E. Third country transfer:

Your data will only be processed within the European Union and states within the European Economic Area (EEA).

F. Revocation of consent:

You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you that is carried out on the basis of Article 6(1)(f) GDPR (data processing based on a balance of interests). This also applies to profiling based on this provision within the meaning of Article 4(4) GDPR.
If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms, or the processing serves the purpose of asserting, exercising or defending legal claims.

G. Provision prescribed or required:

XIX. Data protection in online seminars or webinars and video conferences

We conduct seminars online. Please refer to the basic information in section “Data protection for seminars.” In the following, we will provide you with the additional information relevant for online seminars. In addition, we conduct one-on-one or small group meetings by means of videoconferencing.

A. Nature and purpose of the processing

In order to conduct online seminars/webinars or video conferences, we need to involve external service providers. For this purpose we use either
1 a) GotoWebinar, a service of LogMeIn, Inc, which is based in the USA, or
2 b) Microsoft TEAMS, a service of Microsoft Corporation, which is based in the USA.
3 c) Feedback, a service of Tweedback GmbH, Rostock.

If we want to record online seminars or video conferences, we will communicate this to you transparently and ask for consent where necessary. The app will also indicate that recording is in progress.
The “attention tracking” option available in “Online Meeting” tools is deactivated. Recordings of presentations and requests in chats can be made available to all participants as part of the seminar follow-up. We do not use automated decision-making within the meaning of Article 22 GDPR. The following personal data are subject to processing:
• User details: First name, last name, phone (optional), email address, profile picture (optional),
• Meeting metadata: Subject, description (optional), subscriber IP addresses, device/hardware information.
• For recordings (optional): MP4 file of all video, audio and presentation recordings, M4A file of all audio recordings, text file of online meeting chat.
• When connecting by telephone: Specification of incoming and outgoing call number, country name, start and end time. Additional connection data, such as the IP address of the device, may be stored.
Text, audio and video data: You may have the opportunity to use the chat, question or poll functions in an “online meeting.” In this respect, we process the text entries made by you in order to display them in the “Online Seminar” and log them as needed. To enable the display of video and the playback of audio, data from the microphone of your terminal device as well as from any video camera of the terminal device are processed accordingly for the duration of the meeting. You can turn off or mute the camera or microphone yourself at any time within the applications.
To participate in an “online meeting” you must at least provide information about your name in order to enter the “meeting room.”

B. Legal basis

For our employees Article 26 BDSG is the legal basis for data processing. For any data usage that is not required for data processing, but is nevertheless an elementary component when using “GoTo Webinar” or “Microsoft TEAMS,” the legal basis for data processing is Article 6(1)(f) GDPR. Our interest in these cases is in the effective delivery of online seminars.
The legal basis for data processing for other participants in online seminars (to the extent that the meetings are conducted in the context of contractual relationships) is Article 6(1)(b) GDPR.

C. Recipient and third country transfer

As a matter of principle, personal data processed in connection with participation in online seminars or video conferences will not be disclosed to third parties unless they are specifically intended for disclosure.
Other recipients: The providers of the platforms used will receive knowledge of the aforementioned data by necessity, to the extent that this is provided for in the context of our order processing agreement with the providers.
We have concluded the necessary contracts for commissioned processing with all the providers we use, which complies with the requirements of Article 28 GDPR.
For providers in third countries, an appropriate level of data protection is guaranteed by the conclusion of the “EU standard contractual clauses.” End-to-end encryption is used to protect your data as far as technically possible.

D. Retention period and deletion

We generally delete personal data when there is no need for further retention. A need may exist in particular if the data is still needed in order to fulfill contractual services, to check and grant or reject warranty claims or, if applicable, guarantee claims. In the case of statutory retention obligations, deletion is only considered after expiry of the respective retention obligation.

E. Provision prescribed or required

Participation in online seminars or video conferences is only possible if the data required for this purpose can be processed.

F. Notes on GoTo Webinar

If you access the providers’ websites, the respective provider is responsible for data processing. However, accessing the website is only necessary to download the software for the use of “GoTo Webinar.”
You can also use “GoTo Webinar” if you enter the respective meeting ID and, if necessary, further access data for the webinar directly in the app. A download link will be sent as part of the invitation when using “GoTo Webinar.” All access data are stored there.
Regarding the processing at LogMeIn, Inc, please see the privacy policy at https://www.goto.com/company/legal/privacy.

G: Notes on Tweedback

You can use Tweedback anonymously if you do not register with your personal email address. Please see the provider’s privacy policy https://tweedback.de/p/privacy (German only) for information regarding the processing of your data by Tweedback GmbH.

XX. Your rights as a data subject

A. Right to confirmation

You have the right to request confirmation from us as to whether personal data concerning you is being processed.

B. Right of access—Article 15 GDPR

You have the right to receive information from us concerning the personal data stored about you at any time and free of charge, as well as a copy of this data in accordance with the statutory provisions.

C. Right to rectification—Article 16 GDPR

You have the right to request that inaccurate personal data concerning you be rectified. Furthermore, you have the right to request completion of incomplete personal data, taking into account the purposes of the processing.

D. Erasure—Article 17 GDPR

You have the right to demand that we promptly erase the personal data concerning you, provided that one of the reasons provided for by law applies and insofar as the processing or storage is not necessary.

E. Restriction of processing—Article 18 GDPR

You have the right to demand that we restrict processing if one of the legal requirements is met.

F. Data portability—Article 20 GDPR

You have the right to receive the personal data concerning you, which has been provided to us by you, in a structured, standard, and machine-readable format. You also have the right to transfer this data to another controller to whom the personal data has been provided without hindrance from us, provided that the processing is based on consent in accordance with Article 6(1)(a) GDPR or Article 9(2)(a) GDPR, or on a contract in accordance with Article 6(1)(b) GDPR and the processing is carried out with the aid of automated procedures, unless the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us.
Furthermore, when exercising your right to data portability in accordance with Article 20(1) GDPR, you have the right to have personal data transferred directly from one controller to another controller, to the extent that this is technically feasible and provided that this does not adversely affect the rights and freedoms of other individuals.

G. Objection—Article 21 GDPR

You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you that is carried out on the basis of Article 6(1)(e) (data processing in the public interest) or (f) (data processing on the basis of a balance of interests) GDPR.
This also applies to profiling based on these provisions within the meaning of Article 4(4) GDPR.
If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms, or the processing serves the purpose of asserting, exercising or defending legal claims.
In individual cases, we process personal data in order to conduct direct advertising. You may object to the processing of personal data for the purpose of such advertising at any time. This also applies to profiling, to the extent that it is associated with such direct advertising. If you object to our processing for direct marketing purposes, we will no longer process the personal data for these purposes.
In addition, on grounds relating to your particular situation, you have the right to object to the processing of personal data concerning you that is carried out by us for scientific or historical research purposes or for statistical purposes in accordance with Article 89(1) GDPR, unless such processing is necessary for the performance of a task carried out in the public interest.
You are free to exercise your right to object in connection with the use of information society services, notwithstanding Directive 2002/58/EC, by means of automated procedures using technical specifications.

H. Revocation of consent under data protection law

You have the right to revoke consent to the processing of personal data at any time with effect for the future.
I. Complaint lodged with a supervisory authority
You have the right to lodge a complaint about our processing of personal data with a supervisory authority responsible for data protection. Your responsible supervisory authority depends on the state of your residence, your work, or the alleged violation. A list of supervisory authorities (for the non-public sector) with address can be found at: https://www.bfdi.bund.de/EN/Service/Anschriften/Laender/Laender-node.html

XXI. Routine storage, deletion, and blocking of personal data

We process and store your personal data only for the period necessary to achieve the purpose of its retention or to the extent that this has been provided for by the legal provisions that our company is subject to.
If the purpose of the data storage no longer applies or if a prescribed retention period expires, the personal data will be routinely blocked or deleted in accordance with the statutory provisions.

XXII. Duration of the retention of personal data

The criterion for the duration of the retention of personal data is the respective statutory retention period. After expiry of the time limit, the corresponding data is routinely deleted provided that it is no longer required for the fulfillment or initiation of the contract.

XXIII. Updating and modification of the Privacy Policy

This Privacy Policy is currently valid and was last updated in August 2023.
It may become necessary to amend this Privacy Policy as a result of the further development of our Internet pages and services or due to changes in legal or regulatory requirements. You can access and print the current Privacy Policy at any time on the website at “https://l-mobile.com/en/privacy-policy/.”
This Privacy Policy was created with the support of the data protection software: audatis MANAGER and supplemented by Mr. Michael Weinmann.