Privacy Policy

Please note that the German version of this privacy policy is the original and is authoritative in case of any interpretation issues. Translations are provided for informational purposes only and are not legally binding. Data protection information The protection of your personal data is very important to us, so we would like to list here all the information about the processing and storage of your data when you visit our website and in our companies.

In order to be able to use all functions and services on our site, it is necessary to collect your personal data. However, processing and storage only takes place in accordance with the legal guidelines and requirements of the General Data Protection Regulation (GDPR) and the Telecommunications Act (TKG 2021).

Responsible body

LIGRE GmbH & Co. KG
Innstraße 2, 6342 Niederndorf, Austria

Further information can be found in Legal Notices.

All employees are obliged to maintain confidentiality and to handle your data properly and enter it correctly into our data processing systems.

If you have any questions about the protection of your personal data, you can contact us at any time datenschutz.gronbach@scaleline-ltd.com contact.

COLLECTION AND PROCESSING OF PERSONAL DATA ON THIS WEBSITE

Note: In order to protect your data as comprehensively as possible from unwanted access, we take so-called technical and organizational measures and use an encryption process on our website. Your data is transmitted over the Internet from your computer to our computer and vice versa using so-called TLS encryption. TLS stands for “Transport Layer Security” and is an encryption protocol for data transmission on the Internet. You can usually recognize “TLS” by the lock icon in your browser’s status bar being closed and the address starting with https://.

1. COLLECTION OF ACCESS AND LOG DATA 

This website automatically collects and stores server log file information that your browser transmits to us.

It is about

• IP address of the user,
• Date and time of access,
• Kind of request,
• Customer information such as type and version,
• The user's operating system (device, OS version of the device),
• Referrer information (i.e. the source of access)

The legal basis for this data processing is the legitimate interest according to Art. 6 Para. 1 lit. f) GDPR. The legitimate interest lies in being able to identify indications of illegal use of our website (e.g. defense against hacker attacks) and in ensuring that the connection is established smoothly.

We have concluded a data processing agreement in accordance with Art. 28 GDPR with the provider of this website, Host Europe GmbH, based in Germany. This is a contract required by data protection law that guarantees that Host Europe GmbH only processes the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR. In addition, we have concluded a data processing agreement in accordance with Art. 28 GDPR with the web agency tzn digital ventures GmbH, based in Munich, Germany.

The data collected is stored in server log files, which your browser automatically sends to us in encrypted form. We only save the server log files in the event of attacks on our server infrastructure or other legal violations. This longer storage period is based on our legitimate interest in accordance with Art. 6 Para. 1 lit. f) GDPR and only serves to preserve evidence.

2. ENQUIRIES VIA THE CONTACT FORM, EMAIL AND PHONE

We will of course treat any information about you that you provide to us on a voluntary basis as confidential. We will only use the personal data you provide to process and respond to your request. The legal basis for data processing is our legitimate interest in accordance with Article 6 Paragraph 1 Letter f) GDPR. This arises from our interest in answering inquiries from our customers, business partners and interested parties and in promoting and maintaining customer satisfaction. A further legal basis for natural persons is the initiation or fulfillment of a contract in accordance with Article 6 Paragraph 1 Letter b) GDPR.

All personal data that you send to us with your enquiry will be deleted or anonymised by us from our CRM system HubSpot no later than 2 years after the final response to you, unless a contract is concluded. The retention period of 2 years is due to the fact that you may occasionally contact us again about the same matter after a reply and refer to the previous correspondence. In our experience, we have found that after 2 years there are no more queries in response to our replies. Further information on HubSpot can be found under Data processing of customers in the context of contract fulfilment and customer service.

3. USING HCAPTCHA

To protect contact forms and other data entries on our website, we use the hCaptcha service ("hCaptcha") from the US-based company Intuition Machines Inc. hCaptcha checks the behavior of people on our website and determines whether it is a human or an automated program. According to the provider, this analysis begins automatically as soon as our website is accessed. As part of this analysis, information such as the IP address, time spent on our website and mouse movements are evaluated and transmitted to the provider exclusively for security purposes.

The legal basis for the analysis is our legitimate interest in accordance with Art. 6 (1) (f) GDPR. Our legitimate interest lies in protecting ourselves from spam. Data transfers to the provider in the USA are subject to the Data Privacy Framework (adequacy decision for the USA). Furthermore, there is a contract for order processing with the provider in accordance with Art. 28 GDPR.

4. SENDING NEWSLETTERS

You can register for our newsletter on our website. Our newsletters contain offers or promotions. If you subscribe to the newsletter, we collect and store the data that you enter in the input mask. You are only required to provide your email address. All other information, such as title, first name and last name, is provided on a voluntary basis. After submitting the registration form, you will receive an email from us with a confirmation link. As soon as you click on the link contained therein, you give us your consent to receive our newsletter and have successfully registered for it. This will be communicated to you by another email. You also give us your consent to process your email address and, if necessary, your other data. This ensures that no stranger or unauthorized person registers for our newsletter (compliance with the double opt-in procedure).

You can stop receiving the newsletter at any time by clicking on the “Unsubscribe” link at the end of each newsletter. If you revoke your consent, your data will be deleted immediately; we will store proof of the revocation for a further three years so that we can fulfill our accountability obligations in accordance with Article 5 Para. 2 GDPR. This storage is based on our legitimate interest in accordance with Article 6 Paragraph 1 Letter f) GDPR. The legal basis for the confirmation email is our legitimate interest in accordance with Article 6 Paragraph 1 Letter f) GDPR, which is based on being able to prove that you have given your consent. The burden of proof for the person responsible is set out in Article 5 Para. 2 GDPR.

The legal basis for sending the newsletter is your consent in accordance with Article 6 Paragraph 1 Letter a) GDPR and Section 174 Paragraph 3 TKG 2021.

We exclude the transfer of data to third parties. The newsletter is sent by our processor HubSpot through the company HubSpot, Inc, based in the USA and . There is an adequacy decision for the USA and HubSpot Inc. has a valid certification according to the Data Privacy Framework, which here can be viewed.

The success of newsletters is measured using a so-called "web beacon", a small file that sends information to the server when the newsletter is opened. Technical data such as browser type, system information, IP address and retrieval time are recorded. This data helps to technically improve the service and to analyse the reading behaviour of the target group, for example based on the location (determined by the IP address) or access times.

We also statistically record whether and when newsletters are opened and which links are clicked on. Although this information can technically be assigned to individual recipients, it is neither our aim nor that of the mailing service provider to observe individual users. Instead, these analyses are used to tailor the content to the reading habits of users and to send different content depending on their interests.

<b> A separate revocation of the performance measurement is not possible; if you do not agree, the entire newsletter subscription must be cancelled.</b>

5. Sending of e-mail advertising as part of the existing customer privilege

Regardless of whether you register for the newsletter, we regularly send our existing customers product recommendations by email, provided that the legal requirements in accordance with Section 174 Paragraph 4 TKG are met, in which they might still be interested based on your recent purchases of goods or services from us .

The newsletter is sent by our processor HubSpot through the company HubSpot, Inc. based in the USA. There is an adequacy decision for the USA and HubSpot Inc. has a valid certification according to the Data Privacy Framework, which here can be viewed.

The legal basis for this is our legitimate interest in informing our existing customers about additional goods or services in accordance with Article 6 Paragraph 1 Letter f) GDPR in conjunction with Section 174 Paragraph 4 TKG 2021. We strictly adhere to the legal requirements and regularly check the Section 7 E-Commerce Law List.

You can object at any time (Art. 21 GDPR) by unsubscribing from our email list. You will find a corresponding unsubscribe link in every email.

The success of newsletters is measured using a so-called "web beacon", a small file that sends information to the server when the newsletter is opened. Technical data such as browser type, system information, IP address and retrieval time are recorded. This data helps to technically improve the service and to analyse the reading behaviour of the target group, for example based on the location (determined by the IP address) or access times.

We also statistically record whether and when newsletters are opened and which links are clicked on. Although this information can technically be assigned to individual recipients, it is neither our aim nor that of the mailing service provider to observe individual users. Instead, these analyses are used to tailor the content to the reading habits of users and to send different content depending on their interests.
<b> A separate revocation of the performance measurement is not possible; if you do not agree, the entire newsletter subscription must be cancelled.</b>

6. ORGANIZING COMPETITIONS

You can take part in competitions on our website, via our newsletter or via other options. Unless otherwise specified in the respective competition or you have given us further express consent, the personal data you provide to us as part of your participation in the competition will be used exclusively for the administration of the competition (e.g. determining the winner, notifying the winner, sending the prize).
The legal basis for data processing in the context of competitions is the fulfillment of the contract in accordance with Art. 6 (1) (b) GDPR. If a declaration of consent is given in the context of a competition, Art. 6 (1) (a) GDPR is the legal basis for data processing based on the consent. If you have given your consent in the context of a competition, you have the option of revoking this consent at any time with effect for the future.
Data will only be passed on to third parties if this is necessary for the processing of the competition (e.g. sending the prize via a logistics company).
After the competition has ended and the winners have been announced, the participants' personal data will be deleted. If non-cash prizes are offered, we will store the winners' personal data for the duration of the respective statutory warranty period in order to arrange for repairs or replacements in the event of a defect.

7. INTEGRATION OF THE TRUSTBADGE WIDGET

Integration of the Trusted Shops Trustbadge / other widgets

Trusted Shops widgets are integrated into this website to display the Trusted Shops services (e.g. trustmark, collected reviews) and to offer Trusted Shops products to buyers after an order. This serves to safeguard our legitimate interests in optimising marketing by enabling secure shopping in accordance with Art. 6 (1) (f) GDPR, which are overriding in the process of balancing of interests. The Trustbadge and the services advertised with it are offered by Trusted Shops SE, Subbelrather Str. 1C, 15 Cologne (‘Trusted Shops’), with whom we are jointly responsible for data protection in accordance with Art. 50823 GDPR. We will inform you about the essential contents of the contract in accordance with Art. 26 (26) GDPR in the following as part of this data protection notice.

In the context of the joint responsibility between us and Trusted Shops, please contact Trusted Shops using the contact options provided in the  data protection informationif you have any data protection questions and to assert your rights. Irrespective of this, you can always contact the person in charge of your choice. Your enquiry will then be forwarded to the other person in charge for answering, if necessary.

Data processing when integrating the Trustbadge / other widgets

The Trustbadge is provided by a US-based CDN (Content Delivery Network) provider. An adequate level of data protection is ensured in each case by an adequacy decision of the EU Commission, which can be found for the USA here Service providers from the USA that are used are usually certified under the EU-U.S. Data Privacy Framework (DPF). Further information can be found here. If service providers used are not certified under the DPF, standard contractual clauses have been concluded as an appropriate safeguard.

When the trust badge is accessed, the web server automatically stores a so-called server log file, which also contains your IP address, the date and time of access, the amount of data transferred and the requesting provider (access data) and documents the retrieval. The IP address is anonymised immediately after collection so that the stored data cannot be assigned to you personally. The anonymised data is used in particular for statistical purposes and for error analysis.

Data processing after order completion

If you have given your consent, the Trustbadge accesses order information stored in your terminal equipment (order total, order number, purchased product if applicable) and your e-mail address after the order has been completed, and your e-mail address is hashed using a cryptological one-way function. The hash value is then transmitted to Trusted Shops with the order information in accordance with Art. 6 para. 1 sentence 1 lit. a DSGVO. This is to check whether you are already registered for Trusted Shops services. If this is the case, further processing will be carried out in accordance with the contractual agreementbetween you and Trusted Shops. If you have not yet registered for the services or do not give your consent to automatic detection via the trust badge, you will then have the opportunity to register manually for the services or to take out protection as part of your existing user contract.

For this purpose, the trust badge accesses the following information, which is stored in the end device you are using, after your order has been completed: order amount, order number and email address. This is necessary for us to offer you buyer protection. The data is only transmitted to Trusted Shops when you actively decide to take out buyer protection by clicking on the corresponding button in the so-called Trustcard. If you decide to use the services, further processing is based on the contractual agreement with Trusted Shops in accordance with Art. 6 (1) point b GDPR in order to complete your registration for buyer protection and to secure the order, as well as to be able to send you evaluation invitations by email if necessary.

Trusted Shops uses service providers in the areas of hosting, monitoring and logging. The legal basis is Art. 6 (1) (f) GDPR for the purpose of ensuring trouble-free operation. In this context, processing may take place in third countries (USA and Israel).
An appropriate level of data protection is ensured by an adequacy decision of the EU Commission, which for the USA here and for Israel here Service providers from the USA are usually certified under the EU-US Data Privacy Framework. For further information, please contact here. If service providers used are not certified under the DPF, standard contractual clauses have been concluded as a suitable guarantee.

8. USE OF WEB ANALYSIS TOOLS AND COOKIES

We use cookies to make our website easier and better to use. Cookies are small pieces of text information that can be stored on your computer or smartphone when you visit a website via the browser. This serves to recognize the website visitor. Cookies can also provide us with information about how you use our website so that we can continually improve the design of the website.

Cookies themselves do not contain any personal data about users; they only serve to clearly identify what our customers find interesting and useful on our website. We also use so-called “web beacons” (small graphic images, also known as “pixel tags” or “clear GIFs”) on our website. They are used together with cookies to track general user behavior on the website.

The legal basis for the processing of personal data using cookies and other technologies is your consent in accordance with Art. 6 Para. 1 lit. a) GDPR, which you give us via the so-called “consent banner” as soon as you visit our website for the first time call.

We sit Cookies for the following purposes:

• Technically necessary: ​​These are cookies and similar methods without which you cannot use our services, for example to display our website correctly or use the functions you want.
• Statistics: These techniques allow us to compile anonymous statistics about the use of our services. This allows us, for example, to determine how we can better adapt our website to the habits of our users.
• Marketing: This allows us to show you advertising content that is tailored to you and based on the analysis of your usage behavior. Your usage behavior can also be tracked across different websites, browsers or devices using a user ID (unique identifier).

The data processed by necessary cookies is necessary for the purposes listed below to protect our legitimate interests and those of third parties in accordance with Article 6 Paragraph 1 Letter f) GDPR.

Any use of cookies that is not absolutely technically necessary represents data processing that is only permitted with your express and active consent in accordance with Art. 6 Para. 1 lit. a) GDPR. You can use our so-called “Cookie Consent Tool” to set which cookie categories you would like to agree to when you visit our website.

Link to the cookie settings: [cookie_settings]

Once saved, you can delete cookies at any time using your web browser settings. You can also adjust your web browser settings so that cookies are not stored. Then not all functions of our website may be available.

Cookie list: [cookie_audit style=”winter” columns=”cookie,duration,description”]

As part of data processing (with the help of cookies and similar techniques for processing usage data), we may use specialized service providers, particularly from the online marketing sector. They process your data on our behalf as processors, are each carefully selected and contractually obliged in accordance with Article 28 GDPR. All of the above-mentioned providers work for us as processors.

Consent management via REAL COOKIE BANNER

We use the cookie consent technology from Real Cookie Banner of the company devowl.io GmbH, based in Germany, to obtain your consent under data protection law to store certain cookies on your device or to use certain technologies and to document this in compliance with data protection regulations.

Borlabs uses technically necessary cookies to store your consent to data protection.

The Real Cookie Banner is used to obtain the legally required consent for the use of cookies. The legal basis for this is our legitimate interest in accordance with Art. 6 Para. 1 lit. f) GDPR. Our legitimate interest lies in the legally secure documentation and verifiability of consent (Art. 6 Para. 1 lit. c) GDPR), in order to fulfill our accountability obligations in accordance with Art. 5 Para. 2 GDPR.

GOOGLE DAY MANAGER

Use of Google Analytics

This website uses if you give your consent within the meaning of Article 6 Paragraph 1 Letter a) GDPR and Article 49 Paragraph 1 Letter a) GDPR, Google Analytics. This is a service provided by Google Ireland Limited (“Google”), a company incorporated and operated under Irish law (registration number: 368047) with its registered office at Gordon House, Barrow Street, Dublin 4, Ireland and Google LLC (USA). (“Google”) is provided.

Google Analytics uses so-called “cookies”. These are text files that are stored on your computer and enable the user's use of the website to be analyzed. The information acquired through the cookies about your usage behavior of this website is usually sent to a Google server USA transferred and stored there.   There is an adequacy decision for the USA so that the data transfer can take place without further measures. You can get Google certification here . view

We have set the setting to anonymize your IP address. The IP addressanonymization is carried out by Google, but within member states of the European Union or in other contracting states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there.

On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide the website operator with other services related to website activity and internet usage.

The anonymized IP address transmitted by your browser as part of Google Analytics is linked to other data about you, such as search history, personal accounts, usage data from other devices and any other data that Google has about you.

You can use the cookies that are set in connection with Google Analytics above view in the list.

You can revoke your consent at any time by making the appropriate settings directly via our banner. User and event data will be deleted after 14 months. The “Reset user data on new activity” function is activated. This means that if you visit again before the retention period expires, your data will not be deleted.

Google Signals

This website uses the “Google Signals” function to expand the statistical reports created with Google Analytics to include a cross-device evaluation of visitor flows.

When are Google Signals collected?

Google Signals are only applied to users who are signed in to a Google Account during sessions and have the Ads Personalized feature enabled in their Google Account.

What information do we receive from Google Signals?

Google Signals does not provide us with any deeper insights into specific people or ways to uniquely identify you or the device you use. We only receive general demographic information (gender, age group) and possible interests from Google.

How can I deactivate Google Signals?

If you want to disable this feature for yourself, you must do so proactively via the setting in your Google Account. The link takes you to the change options in your Google account: https://support.google.com/ads/answer/2662856.

Further information about Google Signals can be found directly on Google's information page at https://support.google.com/analytics/answer/7532985?hl=de.

Google Consent Mode V2

We use Google Consent Mode V2, also known as consent mode, in advanced mode. If you do not give your consent via the cookie banner (so-called consent management platform), no new cookies will be set. Instead of cookies, the implemented Google tags generate so-called Google pings. These Google pings result in a new ID being generated for each page view (including when navigating the website during one and the same session). According to Google, this ID cannot be linked to a person. Your personal data is processed based on your consent in accordance with Art. 6 Para. 1 lit. a) GDPR, which you give via our cookie banner and can revoke at any time.

hubspot

On this website we use the HubSpot service to carry out digital marketing measures, provided you give your consent in accordance with Article 6 Paragraph 1 Letter a). We use all information collected exclusively to optimize our marketing measures by analyzing our website. This allows us to continually optimize our website and make it more user-friendly. You can find all cookies associated with HubSpot, their purposes and how long they are stored in the cookie list.

For example, what data do we collect using HubSpot?

• The IP address
• Type of browser
• Duration of the visit
• Called pages
• Geographic location
• Time of first visit, time of last visit, time of current visit
• Session number

You can revoke your consent at any time by changing the settings in our cookie consent banner.

HubSpot uses Cloudflare as the CDN provider, and a technically necessary cookie (__cf_bm) is set in accordance with Art. 6 Para. 1 lit. b) GDPR.

However, we only use your IP address in an abbreviated version. This means that the user's IP address is shortened by HubSpot within member states of the European Union or in other contracting states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transferred to a HubSpot server in the USA and shortened there.

Google Ads

We use Google Ads after your consent in accordance with Article 6 Paragraph 1 Letter a) GDPR to show you advertising on the websites of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”) and other third-party providers to be able to.

Our purpose is to show you advertising that is of interest to you and to make our website more interesting for you. With conversion tracking we can determine how successful the individual advertising measures are. To do this, we use cookies that can be used to measure certain parameters for measuring reach, such as display of ads or clicks by users. If users reach our website via a Google ad, Google Ads stores a cookie on the corresponding device. We only receive aggregated evaluations of user behavior, on which basis we can determine which of the advertising measures used are particularly effective. We do not receive any further data from the use of advertising media.

Further information about cookies can be found in the cookie list above.

Further information about data protection from Google services can be found at: https://policies.google.com/privacy?hl=de

EMBEDDING VIDEOS

We embed videos on our websites that are not stored on our servers. Your consent is required to ensure that accessing our websites with embedded videos and maps does not automatically lead to third-party content being downloaded. Third-party content is only downloaded after you have clicked on the preview image or given your consent via the cookie consent banner. This provides the third-party provider with the information that you have accessed our site, as well as the usage data that is technically required in this context. We have no influence on further data processing by the third-party provider. By clicking on the preview image, you give us permission to load content from the third-party provider. The embedding is based on your consent in accordance with Art. 6 (1) point a GDPR, provided that you have given your consent by clicking on the preview image. An adequacy decision has been made for the USA, so that the data transfer can take place without further measures. You can view the certification of Google (YouTube) and Vimeo here . view

Provider of the video service:

Google Ireland Limited/Google LLC (USA) (“YouTube”)

Vimeo.com, Inc. 

Revocation of Consent

If you click on a preview image, the third-party content will be reloaded immediately. If you do not want this kind of reloading on other pages, please stop clicking on the preview images or revoke your consent for reloading via the cookie consent banner.

KLAVIYO

Furthermore, we use the service of Klaviyo Inc., located at 125 Summer Street, Boston, MA 02110, USA, for the purposes of personalization and evaluation of our newsletter and web activities, provided that you give your consent in accordance with Art. 6 (1) (a) GDPR. 

Data transfers to the USA are subject to the EU-US Data Privacy Framework. 

For more information about Klaviyo, please visit https://www.klaviyo.com/legal/privacy

CALENDLY

“Calendly” is an appointment booking tool that you can use to book an appointment with us directly. After booking, you will also receive an appointment confirmation and a reminder of the agreed appointment by email before the appointment. To simplify booking appointments with us, we use the “Calendly” software from the US-based provider Calendly LCC, with whom a contract for order processing has been concluded in accordance with Art. 28 GDPR. We do not pass on your data to third parties. Your data is also stored in our CRM.

The legal basis for data processing when booking via Calendly and for confirmation and reminder messages sent by email in this context is your consent in accordance with Art. 6 Paragraph 1 Letter a) of GDPR. The data transfer to Calendly and its subcontractors is based on so-called standard contractual clauses issued by the European Commission. A list of Calendly's subcontractors such as Stripe, Pendo, Usabilla and Heapanalytics can be found here.

The booked appointments will be deleted after 6 months.

STOREFINDER VIA GOOGLE MAPS

This website uses the mapping service Google Maps to visually display interactive maps in connection with the store finder. By using the store finder, you can view the locations of branches and sales outlets. Furthermore, to ensure that fonts are displayed consistently when using Google Maps, map web fonts provided by Google are loaded with your consent. Your browser then loads the required web fonts into your browser cache to display texts and fonts correctly. To do this, the browser you use must connect to Google's servers. This enables Google to know that our website has been accessed via your IP address. When you access a page of our website that contains Google Maps, your browser establishes a direct connection with Google's servers after you have given your active consent. The map content is transmitted by Google directly to your browser and integrated into the website by it. We therefore have no influence on the scope of the data collected by Google in this way. To the best of our knowledge, the following data is processed in addition to the IP address: date and time of the visit to the website in question and the internet address or URL of the website accessed. We have no influence on the further processing and use of the data by Google and therefore cannot assume any responsibility for this.

The legal basis for the use of Google Maps with the Google Fonts function is your voluntary consent according to Art. 6 Paragraph 1 Letter a) DSBO. Before the Google Maps function can be used, you must consent to its use by actively confirming it. Without your consent, the store finder cannot be used.  

Google Maps is a map service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. By using Google Maps, information about the use of this website, including your IP address, may also be transmitted to Google in the USA. Data transfers between Google Ireland Limited and Google LLC, based in California, USA, are subject to the EU-US Data Privacy Framework. You can view the certification of Google LLC here by entering “Google LLC” in the search field. 

Please note: If you do not want Google to collect, process or use data about you via our website, you can disable JavaScript in your browser settings. However, if you do this, you will not be able to use the map display.

For information on the purpose and scope of data collection and the further processing and use of the data by Google, as well as your rights in this regard and setting options for protecting your privacy, please refer to Google's privacy policy: https://www.google.com/intl/de_US/help/terms_maps.html

You can also find detailed information about data protection in connection with the use of Google Maps on the Google website (‘Google Privacy Policy’):  https://www.google.de/intl/de/policies/privacy/.

9. ORDERS AND RESERVATIONS VIA THE ONLINE SHOP

Storage time: We store your data until your user account is deleted. This does not affect the fulfillment of retention obligations such as the 7-year obligation of the Federal Tax Code.

Data processing from customers as part of contract fulfillment and customer services

1. Fulfillment of contractual obligations (Art. 6 Para. 1 lit. b) GDPR)

The purposes of data processing arise from the implementation of pre-contractual measures and the fulfillment of the obligations arising from the concluded contract.

To Contract processing, within the scope of warranty claims and service requests We process master data such as your first and last name, your billing address as well as your billing and payment data as well as the content of communication with you. We use your email address to carry out communication. We will of course treat personal data that you provide to us via contact form, telephone, email or social media confidentially. We only use your data for the intended purpose of processing your request.

The legal basis for the above-mentioned data processing for natural persons is the fulfillment of the contract in accordance with Article 6 Paragraph 1 Letter b) GDPR. In addition, our and your (legitimate) interest in this data processing lies in answering your inquiries, solving any problems that may arise and thus maintaining and promoting your satisfaction as a customer or user.

2. To fulfill legal obligations (Art. 6 Para. 1 lit. c) GDPR)

The purposes of data processing arise from legal requirements in individual cases. These legal obligations include, for example, the fulfillment of retention and identification obligations, for example within the framework of requirements for tax control and reporting obligations, and data processing in the context of inquiries from authorities. In this context, data may also be transferred to our appointed tax advisor. The retention period is usually 7 years to comply with tax law requirements. During this period, the data will be processed again solely in the event of an inspection by the tax authorities and in the event of customer inquiries.

3. To fulfill our legitimate interests (Art. 6 Para. 1 lit. f GDPR)

We process them Contact details of contact persons with customers, interested parties, suppliers and other business partners for communication by email, telephone and post. The legal basis for data processing is the legitimate interest according to Art. 6 Para. 1 f) GDPR. The legitimate interest arises from the interest in conducting or initiating the business relationship with customers, interested parties, suppliers and other business partners as well as personal contact with contact persons.

We generally exclude the transfer of data to third parties.

Personal data is stored for the purpose of conducting business relationships for as long as there is a legitimate interest in doing so. It may be necessary to process the personal data you provide beyond the actual fulfillment of the contract with business partners. The legitimate interests here include, in particular, the selection of suitable business partners, the fulfillment of compliance measures, the assertion of legal claims, the defense of liability claims, the prevention of criminal offenses and the settlement of damages resulting from the business relationship.

INQUIRIES OR CUSTOMER COMMUNICATION VIA DIRECT MESSAGES VIA WHATSAPP BUSINESS  

For direct and uncomplicated contact, we offer a chat via WhatsApp Business. The data processing in this context is based on the legal basis of contract fulfillment or contract initiation in accordance with Art. 6 Para. 1 lit. b) GDPR. 

When using WhatsApp, WhatsApp Ireland Limited is the recipient of your data and the processor in accordance with Art. 28 GDPR. WhatsApp is a product of the Meta Companies (formerly Facebook Inc.). As part of the messenger, data is also transmitted to third countries outside the European Union. WhatsApp LLC, based in Menlo Park, America, is certified according to the Data Privacy Framework. You can obtain certification according to the Data Privacy Framework here . view

Your data will be stored for the duration of the current contract and then deleted from WhatsApp. If no contract is concluded, we will delete the chat no later than 180 days after the final response has been given.

4. Who receives the personal data you provide?

As part of the contractual relationships, we may also commission processors or service providers who can gain access to your personal data. Compliance with data protection regulations is contractually ensured.

5. Data processing to document compliance with the GDPR

To the extent that your data is processed on the basis of consent in accordance with Article 6 Paragraph 1 Letter a) GDPR or Article 9 Paragraph 2 Letter a) GDPR, we process your data exclusively for a specific purpose and after separate information in order to be able to do so within the framework of the To be able to prove that you have consented to the data processing in question in accordance with Article 5 Paragraph 2 of the GDPR.

If you assert data subject rights under the GDPR against us, we will also process and store your data in order to be able to prove that we have complied with the GDPR when processing your request as part of the accountability obligation in accordance with Art. 5 Para. 2 GDPR.

If you assert your rights under the GDPR against us, your data may be transferred to our external data protection consultancy (SCALELINE data protection) come.

Data processing of partners and business customers

The following data protection information applies to you if you are a business partner of LIGRE are or are a legal representative, employee, partner or economic beneficiary of a business partner. Business partners are legal or natural persons who are in negotiations with LIGRE to establish a business relationship or are already a party to a corresponding business relationship LIGRE .

1. To fulfill contractual obligations (Article 6 paragraph 1 lit. b) GDPR)

If you are our business partner as a natural person (e.g. contractual partner), we generally process your data to carry out pre-contractual measures and to fulfill the obligations arising from the concluded contract. We process your partner code to assign orders based on your recommendation to fulfill the partner agreement and to determine and pay out partner rewards.

2. To fulfill a legal obligation (Article 6 Paragraph c) GDPR)

The processing of personal data in the context of a business partner may be necessary to fulfill legal requirements. The specific purposes of data processing arise from the relevant legal requirements. These legal obligations include, for example, the fulfillment of storage and identification obligations, e.g. within the framework of requirements to prevent money laundering, tax control and reporting obligations and data processing in the context of inquiries from authorities or during legal reviews in conjunction with the relevant mandatory laws.

3. To fulfill legitimate interests (Article 6 paragraph 1 lit. f) GDPR)

If you are an employee, legal representative (e.g. managing director or authorized representative), partner or economic beneficiary of one of our business partners, we collect and process the data you provide above in the context of the business partner relationship to fulfill our legitimate interests .

The legitimate interests here include, in particular, the selection of suitable business partners, research into potential business partners, facilitating communication and establishing contact (e.g. after handing over business cards or contact details at trade fairs), recording business transactions, negotiating with contact persons and processing within the framework of the digitalization process.

Other legitimate interests include invitations to events, maintaining the contractual relationship and contact as well as valuing the contractual partner through, for example, greetings or Christmas cards, asserting legal claims and avoiding legal disadvantages (e.g. in the event of (imminent) insolvency), averting dangers and liability claims and avoiding legal risks and economic disadvantages, detecting and processing potentially damaging emails, protecting our IT infrastructure, managing access authorizations to our systems, clarifying possible compliance violations through compliance investigations, preventing criminal offenses, regulating damages resulting from the business relationship, the efficient processing of the contract signing, the corresponding logging of the signature process for verification purposes as well as the validity check of the qualified electronic signature and other internal administrative purposes (e.g. user and contract management, project management and billing, process and workflow optimization).

4. Recipients/categories of recipients

Within our company, only those areas that need it to fulfill contractual or legal obligations or to fulfill legitimate interests have access to the data you provide.

As part of the contractual relationships, to fulfill legal obligations and to protect legitimate interests, contract processors, authorities or service providers also have access to your personal data. Compliance with data protection regulations is contractually ensured. The data can also be transmitted to companies within the GRONBACH group of companies in order to fulfill contractual obligations.

5. Retention period

The personal data will be kept for as long as necessary to fulfill the purposes mentioned above. Of particular relevance here are the legal retention obligations from the Corporate Code (UGB) and the Federal Tax Code (BAO), which provide for retention for up to 7 years. In individual cases, data may also be stored.

6. Obligation to provide

As part of our business relationship, you must provide the personal data that is necessary for the establishment, implementation and termination of a business relationship and for the fulfillment of the associated obligations, which we are legally obliged to collect or are entitled to collect based on legitimate interests. Without this data, we will generally not be able to enter into a business relationship with you.

Operating social media presences

We maintain the following social media presences:

Facebook: https://www.facebook.com/profile.php?id=61550921276933

Instagram: https://www.instagram.com/ligre_official

LinkedIn:  https://www.linkedin.com/company/ligre-company/

Instagram and Facebook are products of Meta Platforms Inc. (formerly Facebook Inc.): facebook.com/help/1561485474074139/?helpref=related

Data processing by us:

1. Maintaining the above-mentioned social media pages and placing ads (“advertising”)

The personal information entered on social media sites Data such as comments, videos, images, likes, public messages etc. are published by the respective social media platform. We reserve the right to delete content if this is necessary. If necessary, we share content on our site and contact you via the social media platform, for example via the messengers offered. In addition, we regularly place advertisements (“ads”) via our social media pages. The legal basis for this data processing is the legitimate interest according to Art. 6 Para. 1 lit. f) GDPR, which is in the interest of our public relations and communication.

1. Page Insights

The social media platforms provide anonymized statistics and insights that help us understand the types of actions people take on our site (so-called “Page Insights”). These Page Insights are created based on certain information about people who have visited our site.

The legal basis for this data processing is our legitimate interest in accordance with Article 6 Paragraph 1 Letter f) GDPR, which is based on obtaining information about the actions and visitors to our pages.

This processing of personal data is carried out by the social media platform and us so-called jointly responsible parties according to Art. 26 GDPR. If there is joint responsibility, a separate agreement must be concluded.

LinkedIn: https://legal.linkedin.com/pages-joint-controller-addendum

Instagram and Facebook: https://www.facebook.com/legal/terms/page_controller_addendum

If you would like to object to certain data processing over which we have influence (e.g. deletion of comments), please contact us using the contact details listed above.

Note: The provision of your data is neither required by law nor contractually or necessary for the conclusion of a contract. You are not obliged to provide your personal data. The consequence of non-provision is that you cannot communicate with us via our social media pages, interact with us or take part in the competition. To contact us, please use the email address above.

Data processing by the operator of the social media platform:

In addition to us, there is also the operator of the social media platforms themselves. From a data protection perspective, they are also viewed as another person responsible who carries out their own data processing. This means that the operator is also their own responsible body under the GDPR. However, we only have limited influence on data processing by the operator. Where we can influence (e.g. through parameterization), we work within our means to ensure data protection-compliant handling by the operator of the social media platform. In many places, however, we cannot influence the data processing by the operator of the social media platform and do not know exactly what data they process. The respective operator will inform you about the processing of personal data in its own data protection declaration:

Facebook: www.facebook.com/help/568137493302217

Instagram: help.instagram.com/519522125107875

LinkedIn:  https://de.linkedin.com/legal/privacy-policy?

As part of using the platform, your personal data is usually processed by the respective platform operator on servers in third countries, especially in the USA. The European Commission certifies that certain third countries have a so-called adequacy decision. This means that the legal situation regarding privacy protection in these countries is comparable to that in the EU or EEA. You can find more information about the current countries with an adequacy decision here. Certifications according to the adequacy decision for the USA, the Data Privacy Framework, exist for Meta Platforms Inc. (Facebook, Instagram) as well Google (YouTube). In all other cases, we conclude so-called standard contractual clauses with the platform operators for the transfer of personal data to third countries.

Note: The operator of the social media platform uses web tracking methods. Web tracking can also take place regardless of whether you are logged in or registered with the social media platform. As already stated, we unfortunately have little influence on the web tracking methods of the social media platform. For example, we can't turn this off. Please be aware of this: It cannot be ruled out that the provider of the social media platform uses your profile and behavioral data, for example to evaluate your habits or personal relationships and preferences, etc. We have no influence on the processing of your data by the social media platform provider.

Affected rights

Your rights as a data subject

You have the right under Article 15 Para. 1 GDPR to apply free of charge Access to receive information about the personal data stored about you. Furthermore, you have the right to if the legal requirements are met Right to rectification (Article 16 GDPR), Erasure (Art. 17 GDPR) and Restriction the processing (Art. 18 GDPR) of your personal data. If you have provided the processed data yourself, you have the right to data transfer in accordance with Art. 20 GDPR.

If the data processing is based on Article 6 Paragraph 1 e) or f) GDPR, you have the right to object in accordance with Article 21 GDPR. If you object to data processing, this will not be done in the future unless the person responsible can demonstrate compelling legitimate reasons for further processing that outweigh the interest of the person concerned in objecting.

In addition, it suits you a right to complain to a data protection supervisory authority to. The complaint can in particular be lodged with a supervisory authority in the EU member state of your place of residence, your place of work or the place of the alleged violation.

Contact details of the responsible data protection authority at www.dsb.gv.at or by email dsb@dsb.gv.at

No automated decision making

We do not carry out automatic decision-making or profiling.

Provision

Unless otherwise stated in the previous chapters, the provision of personal data is neither required by law nor contractually or necessary for the conclusion of a contract. Failure to provide your personal data may mean that we cannot, for example, respond to your inquiries.

This data protection notice was developed in collaboration with the consulting company SCALELINE Data protection created. The legal texts are subject to copyright.