Data Privacy

The following data protection declaration provides you with a detailed overview of how your personal data is processed when you visit our website www.lenyx-group.com.

This website is operated by Lenyx Logistik und Service GmbH (hereinafter referred to as Lenyx Group).

The following data protection declaration provides you with a detailed overview of how your personal data is processed when you visit our website www.lenyx-group.com.

This website is operated by the Lenyx Logistik und Service GmbH (hereinafter jointly referred to as Lenyx Group).

Data Protection Declaration for Website Users

§ 1 Contact details of the persons responsible and the data protection officer

1.1 General information on joint responsibility

With regard to the operation of the website www.lenyx-group.com, the companies of the Lenyx Group are joint controllers within the meaning of Article 26 of the GDPR. They jointly determine the purposes and means of processing the personal data of the users of the jointly operated website.

If you, as a data subject, wish to assert rights pursuant to § 17 and § 18 of this data protection declaration, the joint contact point for your concerns is

Lenyx Logistik und Service GmbH
Alter Hof 5
80331 Munich, German
Tel: +49 89 599 1827 0
E-Mail: info@lenyx-group.com
Website: www.lenyx-group.com

Lenyx Logistik und Service GmbH is responsible in particular for complying with the present information obligations under Articles 13 and 14 of the GDPR.

Notwithstanding the above, you as a data subject may of course assert your rights against any of the data controllers.
The purposes pursued by each of the data controllers in the context of their respective business activities are listed in section 1.2.

1.2 Name and address of the responsible persons

The persons responsible within the meaning of the EU General Data Protection Regulation (GDPR) and other national data protection laws of the member states as well as other data protection regulations for the operation of these websites as well as the processing of personal data of the visitors of the websites caused thereby is Lenyx Logistik und Service GmbH.

Lenyx Logistik und Service GmbH
Alter Hof 5
80331 Munich, Germany
Tel: +49 89 599 1827 0
E-Mail: info@lenyx-group.com
Website: www.lenyx-group.com

If you have any questions about your personal data, please contact: info@lenyx-group.com

1.3 Contact data protection officer

You can contact our data protection officer at: info@lenyx-group.com

§ 2 General information on the collection of personal data

In principle, the collection, processing and use of personal data for the use of our website is limited to the necessary extent and the necessary data. Personal data is all data that can be related to you personally, e.g. name, address, e-mail addresses, user behavior. In addition, we use the widespread SSL procedure (Secure Socket Layer) on our website in conjunction with the highest level of encryption supported by your web browser. As a rule, this is 256-bit encryption. If your browser does not support 256-bit encryption, we use 128-bit v3 technology instead. You can tell whether an individual page of our website is transmitted in encrypted form by the closed display of the key or lock symbol in the lower status bar of your browser.

§ 3 Purposes and legal bases of the processing of your personal data and further information on specific data processing

3.1 Processing of your data when visiting our website
3.1.1 Description and scope of data processing

Each time you visit our website, our system automatically collects data and information from the computer system of the calling computer (personal data transmitted by your browser to our server). This is also the case if you do not register or otherwise transmit information to us. The following data is collected:

IP address of the user
Date and time of the request or access
Time zone difference to Greenwich Mean Time (GMT)
Content of the request (specific page)
Access status/HTTP status code
Amount of data transferred in each case
Website from which the request comes (from which the user’s system accesses our website)
Website that is called up by the user’s system via our website
Information about the type of browser and the version used
Operating system and its interface
Language and version of the browser software

3.1.2 Purposes of data processing

The processing of the aforementioned data, in particular the IP address by the system, is necessary and required to enable delivery of the website to your computer. Further purposes are to ensure system security and system stability.

3.1.3 Legal basis for data processing

The legal basis for the temporary storage of data is Art. 6 para. 1 lit. f GDPR. Our legitimate interest follows from the purposes for data collection listed above. In no case do we use the collected data for the purpose of drawing conclusions about your person.

3.1.4 Duration of storage

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of the collection of data for the provision of the website, this is regularly the case when the respective session has ended.

3.1.5 Possibility of objection and elimination

The collection of data for the provision of the website and the storage of the data in log files is absolutely necessary for the operation of the website. Consequently, there is regularly no possibility of objection on your part.

3.2 Data protection when using the contact form
3.2.1 Description and scope of data processing

On our website, we offer every visitor the opportunity to contact us via a contact form by providing personal data.
The following data is compulsorily collected from you when contacting us via the contact form:

IP address
Date and time of the message
Your name
e-mail address
Subject of message
message

In addition, you can provide further voluntary information:

Information in a file attachment

Whether and to what extent you provide us with additional personal data in the file attachment and we process it cannot be controlled by us at first. However, unless necessary, we ask you not to send us any personal data in the file attachments.

3.2.2 Purposes of data processing

The processing of your data is solely for the purpose of handling and responding to your inquiry. The specification of your e-mail address is necessary in order to be able to contact you. Your name is used to personalize your inquiry or reply and for internal allocation within our company.

3.2.3 Legal basis for data processing

If you have given your consent, the legal basis for processing your data is Art. 6 Para. 1 S. 1 lit. a GDPR. If the inquiry already serves the fulfillment of a contract to which you are a party or the implementation of pre-contractual measures, the additional legal basis for the processing of the data is Art. 6 para. 1 sentence 1 lit. b GDPR. In order to allocate your inquiry to our company, a further legal basis is the protection of our legitimate interests, Art. 6 Para. 1 lit. f GDPR; our legitimate interests follow from the purposes described, whereby we assume that your interests do not outweigh ours.

3.2.4 Duration of storage; possibility of objection and elimination

The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. This is particularly the case if your inquiry has been finally processed and, if applicable, answered. If the purpose of contacting you is already the implementation of a contract to which you are a party or the implementation of a pre-contractual measure, then the data will be deleted when it is no longer necessary for the implementation of the contract. It may also be necessary to store personal data in order to comply with contractual or legal obligations or to protect our legitimate interests. If the processing of your data is based on your consent, you have the option of revoking this consent. By clicking on the corresponding checkbox (opt-in) before transmitting your entered data to us, you consent to the processing of your data in accordance with this data protection declaration. If the data is also required for the fulfillment of a contract or for the implementation of pre-contractual measures, premature deletion of the data is only possible insofar as contractual or legal obligations do not prevent deletion.

3.3 Use of Cookies

When you visit and use our website, cookies are stored on your computer. Cookies are text files that are stored in the internet browser or by the internet browser on the user’s computer system. When a user calls up a website, a cookie may be stored on the user’s operating system. This cookie contains a characteristic string of characters that enables the browser to be uniquely identified when the website is called up again.
Some of them are essential, i.e. they are technically required for the operation of our website. Other cookies are used for statistical purposes or to analyze access to our website or for marketing purposes or to offer you the use of external media. Both temporary/session cookies and longer stored cookies (so-called permanent cookies) are used. Temporary cookies are deleted as soon as you close your browser. Permanent cookies remain for a longer period of time, but can be deleted manually at any time. Some of the cookies are placed by third parties.

The legal basis for data processing when using essential cookies is Art. 6 Para. 1, S. 1 lit. f GDPR or Art. 25 Para. 2 No. 2 TTDSG, when using all other cookies the legal basis is your consent according to Art. 6 Para. 1, S. 1 lit. a GDPR or § 25 Para. 1 TTDSG. If we do not process your data on the basis of your explicit consent, your personal data will only be processed to the extent that this is necessary to protect our legitimate interests or the legitimate interests of a third party and your interests or fundamental rights and freedoms, which require the protection of personal data, do not take precedence.

Detailed information about the use of the respective cookies, in particular about their purpose, the respective function duration and the extent to which they are placed by third parties or third parties have access to the data collected via the cookies, can be found in our „Cookie Settings“ in addition to the information provided in our data protection declaration. Here you will also find detailed information on the legal basis for the respective data processing, depending on the category of cookies used.

You can consent to the use of the respective categories of cookies individually; you can also change your consent at any time under the „Cookie Settings“ or revoke it with respect to us.

§ 4 Hosting of the websites (SiteGround)

4.1 Description and scope of data processing

These websites are hosted by the web hosting service Site Ground. The service provider is the Spanish company SiteGround Spain S.L., Calle de Prim 19, 28004 Madrid, Spain (hereinafter “SiteGround”). Web hosting is the provision of storage capacity and the hosting of websites on the web server of the web hosting service.

The personal data collected on our website is stored on the servers of the hosting provider. This may include but is not limited to

IP addresses
contact details
Meta and communication data
contract data
website traffic

and other data generated via a website and presented in the context of this privacy policy.

We have concluded an order processing agreement with the hosting provider, which ensures that the data collected in this way is processed exclusively in accordance with our instructions and in compliance with the GDPR and the TTDSG. We have located our hosting servers exclusively in the Federal Republic of Germany to ensure that your personal data is only processed in a country with a high level of data security. In the case of data processing by SiteGround, however, it cannot be completely ruled out that personal data may be transferred to the USA and the United Kingdom, as SiteGround operates affiliated companies there within the group of companies. In this case, we have agreed with SiteGround within the framework of the concluded order processing contract that the requirements of the GDPR for a transfer to so-called third countries must be complied with (see below).

4.2 Purposes of data processing

The storage of the above-mentioned data, in particular the IP address, by our systems is only carried out temporarily for the duration of the session and is necessary to ensure the proper operation and presentation of the websites. We also use SiteGround to display our websites in a way that allows you to access our website without problems. We also want to secure our website against the influence of unauthorised third parties and improve it regularly.

4.3 Legal basis
4.3.1 Legal basis for data processing

The use of SiteGround is in our interest to ensure a stable and appealing presentation and accessibility of our website for you. This constitutes a legitimate business interest within the meaning of Art. 6 (1) p. 1 lit. f) GDPR.

4.3.2 Legal basis in the event of data transfer to a third country

As described, in the case of data processing by SiteGround, it cannot be completely ruled out that personal data will be transferred to the USA and the United Kingdom, as SiteGround operates affiliated companies there within the group of companies. In each case, Your personal data will be transferred to the USA and the United Kingdom on the basis of the available adequacy decision described at
https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_de
Subject to legal or contractual permissions, personal data may only be processed in a third country if the special prerequisites of Art. 44 et seq. GDPR are met. Accordingly, data may be transferred in particular if the European Commission has determined by way of a decision within the meaning of Article 45 (1) and (3) of the GDPR that an adequate level of data protection is provided in the third country concerned. By means of such so-called adequacy decisions, the European Commission certifies a level of data protection in third countries that is comparable to the recognized standard in the European Economic Area (a list of these countries and a copy of the adequacy decisions can be found here: https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_de.
Insofar as a data transfer takes place between the USA or the United Kingdom and the EU, it should be noted that such an adequacy decision exists for the USA and the United Kingdom. The data protection agreement (USA) and the adequacy decision (United Kingdom) can be found at Adequacy decision EU-US Data Privacy Framework_en.pdf (europa.eu) sowie EUR-Lex – L:2021:360:TOC – EN – EUR-Lex (europa.eu). The decisions state that the US and the UK will ensure an adequate level of protection – comparable to that of the European Union – for personal data.
US companies can become certified under the new data protection agreement by committing to comply with specified data protection requirements, including, for example, obligations to delete personal data when it is no longer necessary for the purpose for which it was collected and to ensure the continuity of protection when personal data is disclosed to third parties. A list of all certified US companies can be found at https://www.dataprivacyframework.gov/s/participant-search.

SiteGround (SG Hosting Inc.) is certified under the new US data protection agreement.

The agreement introduces binding safeguards. It provides that access by US intelligence agencies to EU data will be limited to what is necessary and proportionate and that a Data Protection Review Court (DPRC) will be established to which EU data subjects will have access. For example, if the DPRC finds that the new safeguards have been breached in the collection of the data, it can order the deletion of the data. The safeguards in the area of government access to data complement the obligations that US companies importing data from the EU must comply with.
Data subjects have several remedies if their data is not handled properly by US companies. These include free independent dispute resolution mechanisms and an arbitration board.

In addition, the data protection agreement provides certain safeguards regarding access by US authorities to data transferred within the data protection agreement, in particular for access for law enforcement and national security purposes. Access to data is limited to what is necessary and proportionate to protect national security.

EU data subjects have access to an independent and impartial redress mechanism, including referral to a data protection review tribunal, in relation to the collection and use of their data by US intelligence agencies. This tribunal independently investigates and resolves complaints, including by ordering binding remedies.

4.4 Duration of storage

Your personal data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended.

4.5 Further information

Further information on the purpose and scope of the data collection and its processing, as well as further information on your rights in this regard and setting options for protecting your privacy, can be obtained at the above address and at https://de.siteground.com/privacy.htm?tid=331668599105.

§ 5 Integration of YouTube videos

5.1 Description and scope of data processing

We have integrated YouTube videos into our online offer, which are stored on http://www.YouTube.de or http://www.YouTube.com and can be played directly from our website. The service provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter “Google”).

When you visit our website, Google receives the information that you have accessed the corresponding sub-page of our website. In addition, the data that (as described above) is collected for technical reasons each time you visit our website will be passed on to Google.

The data transfer takes place regardless of whether Google provides a user account via which you are logged in or whether no user account exists. If you are logged in to YouTube, your data will be directly assigned to your account. If you do not wish your data to be associated with your YouTube profile, you must log out of YouTube before activating the button. Google stores your data as usage profiles and uses them for the purposes of advertising, market research and/or designing its website to meet your needs. Such an evaluation is carried out in particular (even for users who are not logged in) to provide needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, and you must contact Google to exercise this right.

5.2 Purposes of data processing

The data processing, in particular the data transfer to Google, is carried out for the purpose of simplifying the use of our media content and increasing the attractiveness of our website. By integrating YouTube films, we give you the opportunity to interact with the social network YouTube and other users of this network, so that we can improve our offer and make it more interesting for you as a user.

5.3 Legal basis for data processing
5.3.1 Legal basis for storing and reading information in terminal equipment

Google can analyze and evaluate the user behavior of the data subject via so-called “tracking”. Tracking is data processing for the purpose of tracking the individual behavior of users on websites (usually across websites). Tracking is technically possible by identifying users through the use of so-called cookies, web bugs, JavaScripts or browser fingerprinting.

According to § 25 para. 1 p. 1 TTDSG in conjunction with. Art. 6 para. 1 p. 1 lit. a) GDPR, the storage and readout of information on or from an end device, irrespective of the personal reference of the information, generally requires the consent of the person concerned. This includes, for example, the reading of browser information such as screen resolution, operating system versions or installed fonts by means of a JavaScript code, from which a unique and long-lasting (hash) value is formed and transmitted to a server (see above “browser fingerprinting”). Furthermore, this includes the setting or placement of so-called “cookies” (see section 3.3 on the term “cookie”), unless the use of the cookie is absolutely necessary for the operation of the website. Furthermore, the technical reading of cookies that have already been set requires the consent of the person concerned.

Google uses the above technologies to analyze and evaluate the user behavior of the data subject to the extent described in section 4.1.
Your personal data for the analysis and evaluation of your user behavior to the extent described in section 4.1 and for the purposes described in section 4.2 will only be processed if you have given us your explicit and voluntary consent in accordance with Art. 6 para. 1 sentence 1 lit. a) GDPR.
You can revoke your consent at any time with effect for the future (see § 18).

5.3.2 Legal basis for the transfer of personal data to a third country

Your personal data will be transferred to the USA on the basis of an adequacy decision available at
https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_de
Subject to legal or contractual permissions, personal data may in principle only be processed in a third country if the special prerequisites of Art. 44 et seq. GDPR are met. Accordingly, data may be transferred in particular if the European Commission has determined by way of a decision within the meaning of Article 45 (1) and (3) of the GDPR that an adequate level of data protection is provided in the third country concerned. The European Commission certifies third countries by means of such so-called adequacy decisions a level of data protection that is comparable to the recognized standard in the European Economic Area (a list of these countries, as well as a copy of the adequacy decisions, can be found here: https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_de.

Insofar as a data transfer takes place between the USA and the EU, it should be noted that such an adequacy decision exists for the USA. The European Commission adopted its adequacy decision for the new EU-US data protection agreement on 10 July 2023. The data protection agreement and the adequacy decision can be found at Adequacy decision EU-US Data Privacy Framework_en.pdf (europa.eu). The decision states that the US will ensure an adequate level of protection – comparable to that of the European Union – for personal data transferred from the EU to US companies within the scope of the new data protection agreement.

US companies can become certified under the new data protection agreement by committing to comply with specified data protection requirements, including, for example, obligations to delete personal data when it is no longer necessary for the purpose for which it was collected and to ensure continued protection when personal data is transferred to third parties. A list of all certified US companies can be found at https://www.dataprivacyframework.gov/s/participant-search.

Google is certified under the new data protection agreement.

Data subjects have several remedies if their data is not handled properly by US companies. These include free independent dispute resolution mechanisms and an arbitration board.

5.4 Duration of storage, possibility of objection and removal at YouTube (company of the Google/Alphabet group of companies)

We have no influence on the data collected and the data processing procedures, nor are we aware of the full extent of the data collection, the purposes of the processing or the storage periods. We also have no information on the deletion of the collected data by Google. Google may store your personal data as a user profile and use it for advertising, market research and/or to tailor its website to your needs. Such an evaluation is carried out in particular (also for users who are not logged in) for the display of needs-based advertising and in order to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, and to exercise this right you must contact Google. For further information on the purpose and scope of data collection and processing by Google, please refer to the provider’s privacy policy. There you will also find further information on your rights in this regard and possible settings for the protection of your privacy.

5.5 Further information

Further information on the purpose and scope of the data collection and its processing, as well as further information on your rights in this regard and on how to protect your privacy, can be obtained from: Google Ireland Limited Gordon House, Barrow Street Dublin 4 and at https://policies.google.com/privacy?hl=en

§ 6 Services of Borlabs GmbH

6.1 Description and scope of data processing

We use the so-called Borlabs cookie on our website. Borlabs Cookie is a WordPress plugin that allows us to obtain permission to set cookies. For this purpose, we display a pop-up on our website that asks users for their consent via opt-in. The plug-in is provided by Borlabs GmbH, Rübenkamp 32, 22305 Hamburg Germany.

The following information is stored in the Borlabs cookie:

Cookie duration
Cookie version
Domain and path of the WordPress website
Consents
UID (randomly generated ID)

The aforementioned information is not transmitted to Borlabs GmbH. The data is stored on our servers.

If you wish to withdraw your consent, simply delete the cookie in your browser. When you re-enter/reload the website, you will be asked again for your cookie consent.

Alternatively, you can adjust your consent at any time in the „Cookie Settings“.

6.2 Legal basis

The Borlabs cookie is absolutely necessary to operate our website. The legal basis is our legitimate interests pursuant to Art. 6 para. 1 p. 1 lit. f) GDPR for the purposes stated in section 5.1.

6.3 Storage period

The Borlabs cookie has a duration of one year.

6.4 Further information

You can find further information at: https://de.borlabs.io/borlabs-cookie/

§ 7 Services of Personio GmbH

7.1 Description and scope of data processing

We use the services of Personio GmbH & Co. KG, Rundfunkplatz 4, 80335 Munich, Germany, which offers personnel administration and applicant management software. We have concluded an order processing agreement with Personio.

When using our job board for internal positions, your IP address is stored anonymously. Further personal data will only be processed after the application as part of the applicant management process. Further information on this process can be found in our data protection information for applicants.

7.2 Legal basis

The legal basis for the processing of your data is Art. 6 para. 1 p. 1 lit. b GDPR The data processing is necessary for the presentation of our internal positions and thus for the initiation of a contractual relationship between you and us and for the fulfillment of the obligations resulting therefrom.

7.3 Storage period

We will delete or block your personal data as soon as the purpose of the storage no longer applies; blocking in this context means any removal of the reference of the data to your person. Data may also be stored if this has been provided for by the European or national legislator in regulations, laws or other provisions to which we are subject. The data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or fulfillment of a contract.

7.4 Further information

You can find further information at: https://www.personio.com/privacy-policy/

§ 8 Integration of Microsoft Teams

8.1 Description, scope and purpose of data processing

For communication with our customers, we use, among other things, the conference tool Microsoft Teams. The provider is Microsoft Corporation, One Micro-soft Way, Redmond, WA, 98052-6399, USA (“Microsoft”).

Microsoft collects all data that you provide/use for the use of the tools (e-mail address and/or your telephone number). Furthermore, Microsoft processes the duration of the conference, the beginning and end (time) of participation in the conference, the number of participants and other “contextual information” in connection with the communication process (metadata). Furthermore, Microsoft processes all technical data that is required for the handling of online communication. This includes, in particular, IP addresses, MAC addresses, device IDs, device type, operating system type and version, client version, camera type, microphone or loudspeaker and the type of connection. If content is exchanged, uploaded or otherwise made available within Microsoft Teams, it will also be stored on Microsoft’s servers. Such content includes but is not limited to, cloud recordings, chat/social messages, voicemails, uploaded photos and videos, files, whiteboards and other information shared while using Microsoft Teams. Please note that we do not have full control over the data processing operations of the tools used.

8.2 Description, scope and purpose of data processing
8.2.1 Legal basis for the use of Microsoft Teams

When using Microsoft Teams, we process your personal data on the basis of Art. 6 (1) p. 1 lit. f) GDPR. We have a legitimate interest in conducting communications with you directly and effectively using an online conference tool. This also serves to optimize our business processes.
If we process your data via Microsoft Teams beyond the scope described in section 7.1, e.g. record and store conversations, this will only be done if you have been expressly informed of this beforehand and only if you explicitly consent to the storage in accordance with the supplementary data protection information. By default, we do not record any conversations using Microsoft Teams.

8.2.2 Legal basis for the transfer of personal data to a third country

Your personal data will be transferred to a third country on the basis of the adequacy decision available at
https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_de
Subject to legal or contractual permissions, personal data may in principle only be processed in a third country if the special prerequisites of Art. 44 et seq. GDPR are met. Accordingly, data may be transferred in particular if the European Commission has determined by way of a decision within the meaning of Article 45 (1) and (3) of the GDPR that an adequate level of data protection is provided in the third country concerned. By means of such so-called adequacy decisions, the European Commission certifies a level of data protection in third countries that is comparable to the recognized standard in the European Economic Area (a list of these countries, as well as a copy of the adequacy decisions, can be found here: https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_de.
Insofar as a data transfer takes place between the USA and the EU, it should be noted that such an adequacy decision exists for the USA. The European Commission adopted its adequacy decision for the new EU-US data protection agreement on 10 July 2023. The data protection agreement and the adequacy decision can be found at Adequacy decision EU-US Data Privacy Framework_en.pdf (europa.eu). The decision states that the US will provide an adequate level of protection – comparable to that of the European Union – for personal data transferred from the EU to US companies within the scope of the new data protection agreement.

Microsoft is certified under the new privacy agreement.

8.3 Storage period

The data collected directly by us via the video and conference tools is deleted from our systems as soon as you request us to delete it, revoke your consent to store it or the purpose for storing the data no longer applies. Stored cookies remain on your terminal device until you delete them. Mandatory legal retention periods remain unaffected. We have no influence on the storage period of your data that is stored by Microsoft for its own purposes.

8.4 Further information

Further information on the purpose and scope of the data collection and its processing, as well as further information on your rights in this regard and the settings you can make to protect your privacy, can be obtained from Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA, as well as at https://privacy.microsoft.com/de-de/privacystatement and https://www.microsoftvolumelicensing.com/Downloader.aspx?DocumentId=18986.

§ 9 Newsletter integration using Brevo

9.1 Description and scope of data processing

For the dispatch of our electronic newsletter, we use the e-mail dispatch service Brevo, a service of Sendinblue GmbH, Köpenicker Straße 126, 10179 Berlin.

For the registration, we process the following of your personal data:

Mandatory: e-mail address
Voluntary: First name, last name

The e-mail address is mandatory for sending the electronic newsletter. The processing of your further data serves the personalization of these contacts as well as the specialization of the offers and information and is voluntary.

9.2 Purposes of data processing

We process your e-mail address in order to contact you for the purpose of sending you our electronic newsletter, to inform you about current events and, if applicable, current developments and to maintain our contractual relationship with you. In addition, we use this data for advertising messages by e-mail and, if we have received your e-mail address in connection with our products and services, for advertising measures about our own similar products and services.

9.3 Legal basis for data processing

In order to send you our newsletter, we will always obtain your explicit declaration of consent. For this purpose, we use the so-called double opt-in procedure. After you have registered for the newsletter, we will send you an e-mail to the e-mail address you have provided, in which we ask you to confirm that you wish to receive the newsletter. If you do not confirm your registration within 48 hours, your information will be blocked and automatically deleted after one month. In addition, we store your IP addresses used and the times of registration and confirmation. The purpose of this procedure is to prove your registration and to be able to clarify a possible misuse of your personal data.

If we do not already process your data on the basis of your explicit consent only in exceptional cases, your personal data will only be processed to the extent that this is necessary to protect our legitimate interests or the legitimate interests of a third party and does not override your interests or fundamental rights and freedoms which require the protection of personal data (Art. 6 para. 1 sentence 1 lit. f GDPR).

9.4 Storage period

We will delete your data as soon as we no longer need it for the purposes described. We will store your personal data for advertising and information purposes, i.e. sending you information and offers about services, or for the duration of your subscription.

For more information on data processing, please refer to the company’s privacy policy at https://www.brevo.com/legal/privacypolicy/.

9.5 Possibility of objection and removal

You can revoke your consent at any time and thus unsubscribe from receiving information about current and future products, services or other information about us. You can declare your revocation by clicking on the link provided in every newsletter e-mail, by sending an e-mail to info@lenyx-group.com or by sending a message to our contact details provided. If you object to the use of your data, we will no longer send you promotional communications.

§ 10 Integration of OpenStreetMap

10.1 Description and scope of data processing

This site uses the OpenStreetMap mapping service via an API interface for map sections to locate our sites. The provider is the OpenStreetMap Foundation, St John’s Innovation Centre, Cowley Road, Cambridge, CB4 0WE, United Kingdom.

To use the functions of OpenStreetMap, it is necessary to store your IP address, data on your browser, device type and operating system, as well as the date and period of use. This information is usually transferred to a server of OpenStreetMap in the United Kingdom (Great Britain and Northern Ireland) and in the Netherlands and stored there. The provider of this site has no influence on this data transmission.

10.2 Purpose of data processing

The use of OpenStreetMap is in the interest of an attractive presentation of our online offers and an easy location of the places indicated by us on the website.

10.3 Consent to the transfer of personal data to a third country

Subject to legal or contractual permissions, personal data may in principle only be processed in a third country if the special prerequisites of Art. 44 et seq. GDPR are met. Accordingly, data may be transferred in particular if the European Commission has determined by way of a decision within the meaning of Article 45 (1) and (3) of the GDPR that an adequate level of data protection is provided in the third country concerned. By means of such so-called adequacy decisions, the European Commission certifies a level of data protection in third countries that is comparable to the recognized standard in the European Economic Area (a list of these countries, as well as a copy of the adequacy decisions, can be found here: https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_de.

Insofar as a data transfer takes place between the USA and the EU, it should be noted that such an adequacy decision exists for the USA. The European Commission adopted its adequacy decision for the new EU-US data protection agreement on 10 July 2023. The data protection agreement and the adequacy decision can be found at Adequacy decision EU-US Data Privacy Framework_en.pdf (europa.eu) . The decision states that the US will ensure an adequate level of protection – comparable to that of the European Union – for personal data transferred from the EU to US companies within the scope of the new data protection agreement.

US companies can become certified under the new data protection agreement by committing to comply with specified data protection requirements, including, for example, the obligations to delete personal data when it is no longer necessary for the purpose for which it was collected and to ensure the continuity of protection when personal data is transferred to third parties. A list of all certified US companies can be found at https://www.dataprivacyframework.gov/s/participant-search.

To our knowledge (02.08.2023), the provider is not certified under the new data protection agreement.
In this respect, the data transfer is based on your express and voluntary consent.

By consenting to the collection of data by OpenStreetMap, you expressly agree to the data transfer described here.

This consent can be revoked at any time. A revocation does not affect the legality of the processing carried out on the basis of the consent until the revocation.

10.4 Legal basis for data processing

The legal basis is your explicit and voluntary consent in accordance with Art. 6 para. 1, p. 1 lit. a) DS-GVO to the processing of your personal data for darting purposes using OpenStreetMap.

10.5 Further information

Further information on the purpose and scope of the data collection and its processing, as well as further information on your rights in this regard and possible settings for the protection of your privacy, can be obtained from: OpenStreetMap Foundation, St John’s Innovation Centre, Cowley Road, Cambridge, CB4 0WE, United Kingdom, at https://wiki.osmfoundation.org/wiki/Privacy_Policy.

§ 11 Web analysis through Matomo

11.1 Description and scope of data processing

We use Matomo on this website, a website analysis software offered by InnoCraft Ltd, 7 Waterloo Quay PO625, 6140 Wellington, New Zealand. A representative for the EU is ePrivacy Holding GmbH, Große Bleichen 21, 20354 Hamburg, Germany.
Cookies are set through the use of Matomo.

Furthermore, in order to analyze the website

Your IP address and
information such as timestamps,
visited web pages and
your language settings

are processed.

The information collected in this way is stored on a server of our hosting provider.

We have concluded a data processing contract with the hosting provider, which ensures that the data collected is processed according to our instructions and in compliance with the GDPR and the TTDSG.

Matomo is used with the extension “_anonymizeIp()”. This means that IP addresses are processed in abbreviated form and personal references can thus be ruled out. If the data collected about you is personally identifiable, this is immediately excluded and the personally identifiable data is immediately deleted. The IP address transmitted by your browser within the scope of Matomo is not merged with other data collected by us.
The EU Commission has issued an adequacy decision for New Zealand.

11.2 Purposes of data processing

We use Matomo to analyze our website and to improve it regularly. The statistics obtained enable us in particular to make our offer more interesting for you.

11.3 Legal basis for storing and reading information in terminal equipment

Using Matomo, we can analyze and evaluate the user behavior of the person concerned via so-called “tracking”. Tracking is data processing for tracking the individual behavior of users on websites (usually across websites). Tracking is technically possible by identifying users through the use of so-called cookies, web bugs, JavaScripts or browser fingerprinting.

According to § 25 para. 1 p. 1 TTDSG in conjunction with. Art. 6 para. 1 p. 1 lit. a) GDPR, the storage and readout of information on or from an end device, irrespective of the personal reference of the information, generally requires the consent of the person concerned. This includes, for example, the reading of browser information such as screen resolution, operating system versions or installed fonts by means of a JavaScript code, from which a unique and long-lasting (hash) value is formed and transmitted to a server (see above “browser fingerprinting”). Furthermore, this includes the setting or placement of so-called “cookies”, insofar as the use of the cookie is not absolutely necessary for the operation of the website. Furthermore, the technical reading of cookies that have already been set requires the consent of the person concerned.

We can and will only use Matomo to analyze and evaluate your user behavior to the extent and for the purposes described above if you have given us your explicit and voluntary consent in accordance with Art. 6 para. 1 p. 1 lit. a) GDPR in conjunction with. § 25 1 p. 1 TTDSG.
You can revoke your consent at any time with effect for the future.

11.4 Further information

Further information on the purpose and scope of the data collection and its processing, as well as further information on your rights in this regard and on how to protect your privacy, can be obtained from InnoCraft Ltd (150 Willis St, 6011 Wellington, New Zealand) at https://matomo.org/matomo-cloud-privacy-policy/

§ 12 Disclosure of your data to third parties

Except as set out above, we do not disclose personal data to any company, organization or person outside our company, except in one of the following circumstances:

12.1 With your consent

Insofar as already described in detail above, but in individual cases also beyond this, we pass on personal data to companies, organizations or persons outside our company if we have received your consent to do so (Art. 6 Para. 1, Sentence 1 lit. a, if applicable in conjunction with Art. 9 Para. 2 lit. a GDPR).

12.2 Processing by other bodies

We make personal data available to other companies that are associated with us in a group of companies, as well as to our third party business partners, other trustworthy companies or persons who process it on our behalf. This is done on the basis of our instructions and in accordance with our data protection statement and other appropriate confidentiality and security measures.

12.3 For legal reasons

We will disclose personal data to companies, organizations or persons outside our company if we can reasonably assume that access to this data or its use, storage or disclosure is necessary, in particular, to comply with applicable laws, regulations or legal procedures or to comply with an enforceable official order; the legal basis in this respect is Art. 6 Para. 1, S. 1 lit. c in conjunction with Art. 9 Para. 2 lit. b GDPR. Art. 9 para. 2 lit. b GDPR.

12.4 Transfer of your data to a third country or an international organization

Unless expressly stated in this data protection declaration, your personal data will not be transferred to third countries (countries outside the EU or the EEA) or international organizations. However, within the framework of the jointly-used IT systems for the operation of the website, we also transfer your data to – as described in detail – Aristo AG, which is based in Switzerland. Switzerland has an appropriate level of data protection. This was determined by the EU Commission by means of an adequacy decision (pursuant to Article 45 of the GDPR).

§ 13 Automated decision-making

Unless expressly described otherwise above, automated decision-making does not take place.

§ 14 Your rights

You have the right:

In accordance with Art. 15 GDPR, to request information about your personal data processed by us. In particular, you can request information about the processing purposes, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right of complaint, the origin of your data if it has not been collected by us, as well as about the existence of automated decision-making, including profiling, and, if applicable, meaningful information about its details;
in accordance with Art. 16 GDPR, to request the correction of incorrect or incomplete personal data stored by us without delay;
to request the erasure of your personal data stored by us in accordance with Art. 17 GDPR, unless the processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the assertion, exercise or defense of legal claims;
in accordance with Art. 18 GDPR, to request the restriction of the processing of your personal data, insofar as the accuracy of the data is disputed by you, the processing is unlawful, but you object to its erasure and we no longer require the data, but you need it for the assertion, exercise or defense of legal claims or you have objected to the processing in accordance with Art. 21 GDPR;
pursuant to Art. 20 GDPR, to receive your personal data that you have provided to us in a structured, common and machine-readable format or to request that it be transferred to another controller;
to revoke your consent at any time in accordance with Art. 7 (3) GDPR. This means that we may no longer process the data based on this consent in the future; and
complain to a supervisory authority in accordance with Art. 77 GDPR. As a rule, you can contact the supervisory authority of your usual place of residence or workplace or our company headquarters.

§ 15 Objection to or revocation of the processing of your data

If you have given your consent to the processing of your data, you may revoke this consent at any time in accordance with Art. 7 (3) GDPR. Such a revocation affects the permissibility of the processing of your personal data after you have expressed it to us.

Insofar as the processing of your personal data is based on our legitimate interests pursuant to Art. 6 (1) sentence 1 lit. f GDPR, you have the right to object to the processing pursuant to Art. 21 GDPR. This is the case if the processing is not necessary, in particular, for the fulfillment of a contract with you, which is shown by us in each case in the description of the functions. When exercising such an objection, we ask you to explain the reasons why we should not process your personal data as we have done. In the event of your justified objection, we will review the situation and either discontinue or adjust the data processing or show you our compelling legitimate grounds on the basis of which we will continue the processing.

Of course, you can object to the processing of your personal data for advertising and data analysis purposes at any time. You can inform us of your objection to advertising using the contact details above.