Lobbe-Haveriemanagement

Data protection

I. General

1. scope of application

This data protection declaration applies to all business relationships with customers and suppliers, rental and lease relationships, employment relationships and all other business relationships. The declarations also apply to pre-contractual or business-like relationships.

2. contents

The European Union has regulated the rights and obligations of data subjects and companies that collect data in the General Data Protection Regulation (GDPR). Data subjects are all persons from whom personal data is collected.
According to Art. 13, 14 EU GDPR, collecting companies are obliged to provide information about the scope of collected data, the processing of this data and the rights of the data subjects.

3. scope of data collected

Depending on the type of business relationship, the scope of the data collected can vary greatly. Personal data is any data that can be personally related to the data subject. Personal data generally includes: Name, address, contact details, bank details, date of birth, but also any other data that may be collected.

4. data sources

Primary data sources are direct information provided by the data subject in correspondence, telephone calls or personal conversations. Depending on the type, these can be expanded by further research, especially in telephone directories, or also by payment transactions.

II. contact person

1. data protection officer

The contact details of the data protection officer are:
E-mail: datenschutz@lobbe.de

2. complaints body

In the event of potential violations of the law, a supervisory authority is available. The supervisory authority responsible for the data subject is that of their place of residence. A list of supervisory authorities can be found at:
http:/www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.

III. processing

1. purpose

The collection and processing of personal data is carried out for the performance of the contract with the data subject as well as for pre-contractual measures and for maintaining the business relationship with the data subject.

2. justification

The collected data is required for correspondence with business partners and the processing of the respective business relationship. The lawfulness of the collection follows from Art. 6 para. 1 EU-DSGVO, in particular from Art. 6 para. 1 lit. b) EU-DSGVO.

3. duration

In principle, the data is stored and processed for the duration of the business relationship. In addition, data may be stored for a longer period of time if this is justified to protect business interests. In particular, data may be stored for at least 6 years to comply with legal and statutory retention periods.

4. protective devices

Current technical measures for the protection of personal data are maintained. These measures are adapted to the state of the art on an ongoing basis by assessing the specific risk situation.

IV. Automated decision making

For the conclusion or performance of the contract between the data subject and the controller, automated processing is necessary in some areas to evaluate certain personal aspects relating to the data subject. This is in particular the case when services are ordered via a specific online portal. In these areas, programmed systems use personal data to make decisions as to whether or not services can be offered. The decisive factor is the location of the service/place of residence.

V. Rights

1. information

Pursuant to Art. 15 EU-DSGVO, data subjects may at any time request information about the scope of data stored about them.

2. deletion, rectification and restriction

Data subjects may request the deletion of their data under the conditions of Art. 17 EU-DSGVO, the correction of their data in accordance with Art. 16 EU-DSGVO and the restriction of the processing of their data in accordance with Art. 18 EU-DSGVO.

3. data transmission

Pursuant to Article 20 of the EU Data Protection Regulation, data subjects have the right to transfer data to another company, insofar as this is technically possible and business secrets remain unaffected.

4. revocation

Declaration of consent
If the processing of personal data is based on the consent given by the data subjects, the data subjects have the right to withdraw their consent at any time. The revocation of consent shall not affect the lawfulness of the processing of personal data carried out on the basis of the consent until the revocation.

VI. Transfer to third parties, order processing

Personal data will only be passed on to third parties in compliance with the statutory provisions. The transfer of personal data to processors employed by the responsible party (Art. 28 EU-DSGVO) for the purpose stated in point III. 1. is permissible.

VII. Collection of personal data when visiting the website

In the case of mere informational use of the websites without registration and without transmission of other information by the data subject, only the personal data transmitted by the browser to the server is collected. If the data subject wishes to view the websites, the following data, which are technically necessary for the controller to display the websites and to ensure stability and security, are collected (legal basis is Art. 6 para. 1 sentence 1 lit. f DSGVO):

- IP address
- date and time of the request
- time zone difference to Greenwich Mean Time (GMT)
- content of the request (specific page)
- access status/HTTP status code
- amount of data transferred in each case
- website from which the request came
- browser
- operating system and its interface
- language and version of the browser software.

Use of cookies
(1) In addition to the aforementioned data, cookies are stored on the computer of the person concerned when using the website. Cookies are small text files that are stored on the hard drive of the browser used by the data subject and through which certain information flows to the body that sets the cookie. Cookies cannot execute programs or transmit viruses to the computer of the person concerned. They serve to make the internet offer as a whole more user-friendly and effective.

(2) The websites use the following types of cookies, the scope and functionality of which are explained below:

- Transient cookies (a.)
- Persistent cookies (b.)
- Borlabs cookies (c.)

a.) Transient cookies are automatically deleted when the browser is closed. These include, in particular, session cookies. These store a so-called session ID, which can be used to assign various browser requests to the joint session. This means that the computer of the person concerned can be recognised when he or she returns to the website. The session cookies are deleted when the data subject logs out or closes the browser.

b.) Persistent cookies are automatically deleted after a predefined period of time, which may differ depending on the cookie. The data subject can delete the cookies at any time in the security settings of their browser.

c.) This website uses the Borlabs cookie, which sets technically necessary cookies (Borlabs cookie) to store the cookie consents of the data subject. The Borlabs cookie does not process any personal data. Only consents given by the data subject when entering the website are stored in the Borlabs cookie. If the data subject wishes to revoke this consent, he or she simply deletes the cookie in his or her browser. For the purpose of revising or revoking consent, there is a corresponding link "Manage cookie settings" on the website. When the data subject re-enters/reloads the website, they will be asked again for their cookie consent.

The data subject can configure his/her browser settings according to his/her wishes and, for example, refuse to accept third-party cookies or all cookies. So-called "third party cookies" are cookies that have been set by a third party, consequently not by the actual website on which one is currently located. By deactivating cookies, it may not be possible to use all the functions of the website.

Cookies are used to identify the data subject for subsequent visits if the data subjects have an account with the responsible parties. Otherwise, you would have to log in again for each visit.

The consent to the storage of the cookie given by the data subject for the use of the website can be adapted at any time. For the purpose of revising or revoking consent, a corresponding link "Manage cookie settings" can be found on the website.

The data subject can prevent the setting of cookies at any time by means of an appropriate setting in the internet browser used and thus permanently object to the setting of cookies. Furthermore, cookies that have already been set can be deleted at any time via the internet browser. This is possible in all common Internet browsers. If the data subject deactivates the setting of cookies in the Internet browser used, it may not be possible to use all the functions of our website without restrictions.

Furthermore, HTML5 storage objects are used, which are stored on the end device of the data subject. These objects store the required data independently of the browser used by the data subject and have no automatic expiry date. The data subject can prevent the use of HTML5 storage objects by setting their browser to private mode. In addition, it is recommended to manually delete the cookies and the browser history on a regular basis.

Further functions and offers of the websites
(1) In addition to the purely informational use of the websites, various services are offered which the data subject can use if interested. For this purpose, the data subject must usually provide further personal data which is used to provide the respective service and to which the aforementioned data processing principles apply.
(2) In some cases, external service providers are used to process personal data. These have been carefully selected and commissioned, are bound by the instructions of the collecting company and are regularly monitored.
(3) Furthermore, personal data may be passed on to third parties if participation in promotions, competitions, conclusion of contracts or similar services are offered by the collecting company together with partners. The data subject will receive more detailed information on this when providing his/her personal data or in the description of the offer.
(4) If the commissioned service providers or partners are based in a country outside the European Economic Area (EEA), the data subject will be informed of the consequences of this circumstance in the description of the offer.
Use of our webshop
(1) If the data subject wishes to place an order in the webshop, it is necessary for the conclusion of the contract that he/she provides his/her personal data, which is required for the processing of his/her order. Mandatory data required for the processing of contracts are marked separately, other data are voluntary. The data provided by the data subject will be processed for the purpose of handling their order. For this purpose, their payment data may be passed on to the house bank of the collecting company. The legal basis for this is Art. 6 para. 1 lit. b) DSGVO. The data subject can voluntarily create a customer account through which the collecting company can save their data for future purchases. When creating an account under "My account", the data provided by the data subject will be stored revocably. The data subject can always delete all further data, including the user account, in the customer area.
(2) Due to commercial and tax law requirements, the collecting company is obliged to store address, payment and order data for a period of ten years. However, after two years, a restriction of the processing is made in such a way that the data is only used to comply with the legal obligations.
(3) To prevent unauthorised access by third parties to personal data, in particular financial data, the ordering process is encrypted using TLS technology.
Data protection provisions when using external payment service providers
(1) The collecting company offers several payment methods for the use of the webshop and uses different payment service providers. Depending on which payment method the data subject chooses, different data will be transmitted to the respective payment service provider. The legal basis for the transmission is Art. 6 para. 1 lit. a) DSGVO. The payment service providers in question are listed below.

WP-Statistic
We use the analytics plugin WP Statistics on our website. This plugin was developed by VeronaLabs (address: Tatari 64, 10134 Tallinn, Estonia), a software company from Estonia. With this plugin, we get simple statistics on how you, as a user, use our website. WP-Statistics analyzes our website users by showing their browser, the search engine they use and the most visited content based on categories, tags and authors. These simple statistics help us make our website more interesting and better for you.
This plugin is an analytics software designed specifically for websites that use the WordPress content management system. WordPress helps us to easily edit our website even without programming skills. WP Statistics can collect data such as how long you stay on our website, which subpages you visit, how many visitors are on the website or from which website you came to us. WP Statistics does not set any cookies and the data collected only creates anonymous statistics about the use of our website. WP Statistics also anonymizes your IP address. You as a person cannot be identified.

Through WP Statistics, visitor data (called Visitos'Data) is collected when your web browser connects to our web server. This data is stored in our database on our server. This includes for example:
- the address (URL) of the accessed web page
- browser and browser version
- the operating system used
- the address (URL) of the previously visited page (referrer URL)
- the host name and IP address of the device from which access is made
- date and time
- country/city information
- number of visitors, coming from a search engine
- length of time spent on the website
- clicks on the website
- The data is not shared or sold.
All data is stored locally on our web server. The data is stored on our web server until it is no longer needed for the purposes listed above.

You have the right to information, correction or deletion and restriction of the processing of your personal data at any time. You can also revoke your consent to the processing of data at any time.

We have provided you with the most important information about data processing by WP Analytics. Due to the fact that the plugin does not use cookies and the data is stored locally in the web server for statistical analysis, your data is handled very carefully here. If you want to learn more about WP Analytics, you should take a look at their privacy policy at https://wp-statistics.com/privacy-and-policy/.

PayPal
If the data subject decides to use the PayPal payment method, the personal data will be transmitted to PayPal. The prerequisite for the use of PayPal is the opening of a PayPal account. With the use or opening of a PayPal account, name, address, telephone number and e-mail address, among other things, must be transmitted to PayPal. The legal basis for the transmission of the data is Article 6 (1) a) DSGVO (consent) and Article 6 (1) b) DSGVO (processing for the performance of a contract).
The operator of the PayPal payment service is:

PayPal (Europe) S.à r.l. et Cie, S.C.A.
22-24 Boulevard Royal
L-2449 Luxembourg
E-mail: impressum@paypal.com

With the PayPal payment option, the data subject consents to the transmission of personal data such as name, address, telephone number and email address to PayPal. Which further data is collected by PayPal can be found in the respective privacy policy of PayPal. This can be found at:
https://www.paypal.com/de/webapps/mpp/ua/privacy-full.

Newsletter
(1) With their consent, the data subject may subscribe to the newsletter of the collecting company, which informs the data subject about current interesting offers. The advertised goods and services are named in the declaration of consent.
(2) For the registration to the newsletter, the so-called double opt-in procedure is used. This means that after the registration by the data subject, an e-mail is sent to the specified e-mail address in which the data subject is asked to confirm that he or she wishes to receive the newsletter. If the data subject does not confirm their registration within 24 hours, their information will be blocked and automatically deleted after one month. In addition, their IP addresses and times of registration and confirmation are stored. The purpose of this procedure is to be able to prove the registration and, if necessary, to clarify a possible misuse of personal data.
(3) The only mandatory information for sending the newsletter is the e-mail address of the person concerned. The provision of further, separately marked data is voluntary and is used to be able to address the data subject personally. After their confirmation, their e-mail address is stored for the purpose of sending the newsletter. The legal basis is Art. 6 para. 1 lit. a) DSGVO.
(4) The data subject may revoke his/her consent to the sending of the newsletter at any time and unsubscribe from the newsletter. The data subject can declare the revocation by clicking on the link provided in each newsletter email, via this form on the website, by email to info@firma.de or by sending a message to the contact details provided in the imprint.
(5) The collecting company draws the data subject's attention to the fact that their user behaviour is evaluated when the newsletter is sent. For this evaluation, the e-mails sent contain so-called web beacons or tracking pixels, which are single-pixel image files stored on the website. For the evaluations, the data mentioned in point VII and the web beacons are linked with the e-mail address and an individual ID. The data is only collected pseudonymously, i.e. the IDs are not linked to further personal data, and direct personal reference is excluded. The data subject can object to this tracking at any time by clicking on the separate link provided in each email or by informing the collecting company via another contact channel. The information is stored for as long as the data subject subscribes to the newsletter. After unsubscribing, the data is stored purely statistically and anonymously.

Use of Google Analytics
(1) This website uses Google Analytics, a web analytics service provided by Google, Inc ("Google"). Google Analytics uses "cookies", which are text files placed on the data subject's computer, to help the website analyse how users use the site. The information generated by the cookie about the use of this website is usually transmitted to a Google server in the USA and stored there. However, in the event that IP anonymisation is activated on this website, the IP address of the data subject will be truncated beforehand by Google within Member States of the European Union or in other contracting states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator.
(2) The IP address transmitted by the data subject's browser as part of Google Analytics will not be merged with other Google data.
(3) The data subject may refuse the use of cookies by selecting the appropriate settings on his/her browser, however please note that if you do this you may not be able to use the full functionality of this website. The data subject may also prevent the collection by Google of data generated by the cookie and relating to their use of the website (including their IP address), and the processing of such data by Google, by downloading and installing the browser plug-in available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de.
(4) This website uses Google Analytics with the extension "_anonymizeIp()". This means that IP addresses are processed in a shortened form, which means that they cannot be linked to a specific person. Insofar as the data collected about the data subject is personally identifiable, this is immediately excluded and the personal data is deleted immediately.
(5) The collecting company uses Google Analytics to analyse and regularly improve the use of its website. The statistics obtained enable the collecting company to improve its offer and make it more interesting for the data subject as a user. The legal basis for the use of Google Analytics is Art. 6 para. 1 p. 1 lit. f DSGVO.
(6) Information from the third-party provider: Google Dublin, Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001.
Terms of use: http://www.google.com/analytics/terms/de.html,

Data protection overview:
http://www.google.com/intl/de/analytics/learn/privacy.html, as well as

the privacy policy:
http://www.google.de/intl/de/policies/privacy.

(7) This website also uses Google Analytics for a cross-device analysis of visitor flows, which is carried out via a user ID. The data subject can deactivate the cross-device analysis of their usage in their customer account under "My data", "Personal data".

Use of Wordfence
The collecting company uses a plug-in Wordfence. This is a security plug-in.
Further information can be found at: https://www.konvis.de/neuigkeiten/internetseiten/wordpress-wordfence-nutzung-und-dsvgo/.

Use of Google Fonts
The collecting company uses Google Fonts.
When using Google Fonts, a font is downloaded from a Google server. In the process, however, information is sent from the browser to the Google server, which presumably stores it.

Use of social media plug-ins
(1) The collecting company currently uses the following social media plug-ins: [Meta, Xing,]. It uses the so-called two-click solution. This means that when the data subject visits the page of the collecting company, no personal data is initially passed on to the providers of the plug-ins. The data subject recognises the provider of the plug-in by marking the box with its initial letter or logo. The data subject is given the opportunity to communicate directly with the provider of the plug-in via the button. Only if the data subject clicks on the marked box and thereby activates it, does the plug-in provider receive the information that the data subject has called up the corresponding website of the online offer. In addition, the data mentioned under point VII of this declaration is transmitted. In the case of Meta and Xing, according to the respective providers in Germany, the IP address is anonymised immediately after collection. By activating the plug-in, personal data is therefore transmitted from the data subject to the respective plug-in provider and stored there (in the case of US providers, in the USA). Since the plug-in provider collects the data in particular via cookies, it is recommended to delete all cookies via the security settings of the browser of the data subject before clicking on the greyed-out box.
(2) The collecting company has neither influence on the collected data and data processing operations, nor is the full extent of the data collection, the purposes of the processing, the storage periods known to the collecting company. The collecting company also has no information on the deletion of the collected data by the plug-in provider.
(3) The plug-in provider stores the data collected about the data subject as usage profiles and uses these for the purposes of advertising, market research and/or needs-based design of its website. Such an evaluation is carried out in particular (also for users who are not logged in) for the display of needs-based advertising and to inform other users of the social network about the activities of the data subject on the website of the collecting company. The data subject has a right to object to the creation of these user profiles, whereby the data subject must contact the respective plug-in provider to exercise this right. The plug-ins offer the data subject the opportunity to interact with the social networks and other users so that the collecting company can improve its offer and make it more interesting for the data subject as a user. The legal basis for the use of the plug-ins is Art. 6 para. 1 sentence 1 lit. f DSG-VO.
(4) The data transfer takes place regardless of whether the data subject has an account with the plug-in provider and is logged in there. If the data subject is logged in to the plug-in provider, their collected data will be directly assigned to their account with the plug-in provider. If the data subject presses the activated button and links to the page, for example, the plug-in provider also saves this information in their user account and shares it publicly with their contacts. It is recommended to log out regularly after using a social network, but especially before activating the button, as the data subject can thus avoid an assignment to his or her profile with the plug-in provider.
(5) The data subject can obtain further information on the purpose and scope of the data collection and its processing by the plug-in provider in the data protection declarations of these providers communicated below. There they will also receive further information on their rights in this regard and setting options for protecting their privacy.
(6) Addresses of the respective plug-in providers and URL with their data protection notices:
a. Meta Inc., 1601 S California Ave, Palo Alto, California 94304, USA; http://www.mets.com/policy.php; further information on data collection: http://www.meta.com/help/186325668085084, http://www.meta.com/about/privacy/your-info-on-other#applications and http://www.meta.com/about/privacy/your-info#everyoneinfo. .

b. Google Inc, 1600 Amphitheater Parkway, Mountainview, California 94043, USA; https://www.google.com/policies/privacy/partners/?hl=de.

c. Xing AG, Gänsemarkt 43, 20354 Hamburg, DE; http://www.xing.com/privacy.

Integration of Google Maps
(1) The Google Maps service is used on this website. This allows interactive maps to be displayed to the data subject directly on the website and enables the data subject to use the map function conveniently.
(2) By visiting the website, Google receives the information that the data subject has called up the corresponding sub-page of our website. In addition, the data mentioned under point VII of this declaration will be transmitted. This occurs regardless of whether Google provides a user account via which the data subject is logged in or whether no user account exists. If the data subject is logged in to Google, his/her data will be directly assigned to his/her account. If the data subject does not wish to have their data associated with their Google profile, they must log out before activating the button. Google stores their data as usage profiles and uses them for the purposes of advertising, market research and/or designing its website in line with requirements. Such evaluation is carried out in particular (even for users who are not logged in) to provide needs-based advertising and to inform other users of the social network about their activities on the website of the collecting company. The data subject has a right to object to the creation of these user profiles and must contact Google to exercise this right.
(3) The data subject can obtain further information on the purpose and scope of the data collection and its processing by the plug-in provider in the provider's data protection declarations. There they can also obtain further information on their rights in this regard and setting options for protecting their privacy: http://www.google.de/intl/de/policies/privacy.

Use of YouTube
For the presentation of videos, in particular to be able to present the company and its portfolio of services, the collecting company maintains an online presence on YouTube. The legal basis is Art. 6 para. 1 lit. f) DSGVO. The legitimate interest of the collecting company lies in optimising the functionality and improving the quality of its website. YouTube is a service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, a subsidiary of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA, hereinafter referred to as "YouTube".
In this respect, the collecting company points out that there is a possibility that data of the data subject will be processed outside the European Union, in particular in the USA. This may result in increased risks for the data subject in that, for example, subsequent access to the user data may be made more difficult. The collecting company also has no access to this user data. The access option lies exclusively with YouTube.
This connection is necessary in order to be able to display the respective video on the website of the collecting company via its Internet browser. In the course of this, YouTube will at least record and process the IP address of the data subject, the date and time and the website visited by the data subject.
If the data subject does not consent to this processing, he or she has the option of preventing the storage of cookies by making the appropriate settings. Details on this can be found above under the point "Cookies".
YouTube's data protection information at
https://policies.google.com/privacy

Linking social media via graphics
The collecting company also advertises presences on the social networks listed below on its website. The integration takes place via a linked graphic of the respective network. The use of this linked graphic prevents the automatic establishment of a connection to the respective server of the social network when a website with a social media advertisement is called up in order to display a graphic of the respective network itself. Only by clicking on the corresponding graphic is the data subject forwarded to the service of the respective social network.
After the data subject has been forwarded, information about the data subject is collected by the respective network. It cannot be ruled out that the data collected in this way will be processed in the USA.
This is initially data such as IP address, date, time and page visited. If the data subject is logged into his/her user account of the respective network during this time, the network operator may be able to assign the collected information of the specific visit of the data subject to the personal account of the data subject. If the data subject interacts via a "share" button of the respective network, this information may be stored and possibly published in the personal user account of the data subject. If the data subject wants to prevent the collected information from being directly assigned to his or her user account, he or she must log out before clicking on the graphic. In addition, it is possible to configure the respective user account accordingly.
The following social networks are integrated by linking:

YouTube
Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, a subsidiary of Google LLC, 1600 Amphi-theatre Parkway, Mountain View, CA 94043 USA
Privacy Policy: https://policies.google.com/privacy

Use of SalesViewer® technology
This website uses SalesViewer® technology from SalesViewer® GmbH to collect and store data for marketing, market research and optimisation purposes based on the legitimate interests of the collecting company (Art. 6 para.1 lit.f DSGVO).
For this purpose, a javascript-based code is used to collect company-related data and the corresponding use. The data collected with this technology is encrypted via a non-reversible one-way function (so-called hashing). The data is immediately pseudonymised and not used to personally identify the visitor to this website.
The data stored within the framework of Salesviewer will be deleted as soon as it is no longer required for its intended purpose and there are no legal obligations to retain data to prevent its deletion.
The collection and storage of data can be objected to at any time with future effect by the data subject clicking on a link to prevent future collection by Sales-Viewer® within this website. In doing so, an opt-out cookie is stored for this website. If the data subject deletes this cookie in this browser, the data subject must click this link again.

Processing of personal data in the USA
Google and Meta also process personal data in the USA in exceptional cases. The European Court of Justice has assessed the US as a country with an insufficient level of data protection according to EU standards. In cases where personal data are transferred to the US, there is a particular risk that personal data may be processed by US authorities for control and for monitoring purposes, possibly also without redress. If the data subject clicks on "Accept essential cookies only", personal data will not be transferred to the USA.

Technology upgrade
The above provisions apply mutatis mutandis to corresponding successor products and technologies.

VIII. Scope

This data protection declaration applies to all the companies listed in the Attachment 1 to this privacy policy that collect personal data (collecting companies).

January 2021