Privacy Policy

  1. Information about the Collection of Personal Data

1.1 This document contains information about the collection of personal data when using our website and/or when contacting us personally or via other media.
Personal data refers to all the data that can be linked to you personally, including name, mailing address, email addresses, or user behavior.

The controller as defined in Article 4(7) of the EU General Data Protection Regulation (GDPR) is:
Lawo AG
Am Oberwald 8
D-76437 Rastatt
Germany
Phone:
+49 7222 1002-0
Fax: +49 7222 1002-7101
E-mail: info(at)lawo.com (also refer to our Legal section).

Our data protection officer is Philipp Heindorff.
You can reach him at Email or at our mailing address to the attention of “Data Protection Officer”.

1.2 When you contact us by using one of our websites, by way of personal conversation, by business card, by telephone, by email or through one of our contact forms, we store the data you provide (especially your email address, name, address and phone number if provided) in order to respond to your questions.  In this case, the legal basis for processing is GDPR Article 6(1) point (a).  If the information is necessary for the performance of a contract to which you are party or in order to take steps prior to entering into a contract, the legal basis for processing also includes GDPR Article 6(1) point (b).

We will delete data collected in this context once we no longer need to store them, or we will restrict processing if required by data retention laws.

Please note that any transmission of data over the internet (e.g., when communicating by email) may be susceptible to security vulnerabilities.
To render complete, 100% protection of data from third-party access is impossible.

1.3 Like any constantly growing company, we also use external domestic and foreign service providers (e.g. for IT, logistics, telecommunications, sales and marketing) to handle our business transactions. These service providers only act on our instructions and are contractually obligated to comply with data protection regulations in accordance with Art. 28 GDPR. If personal data from you is passed on by us to our subsidiaries or vice versa (e.g. for advertising purposes), it is done on the basis of existing order processing relationships.

1.4 In the context of our business relationships, your personal data may be transferred or disclosed to third party companies. These may also be located outside the European Economic Area (EEA), i.e. in third countries. Such processing is carried out exclusively to fulfill contractual and business obligations and to maintain your business relationship with us. We will inform you about the respective details of the transfer below at the relevant points.

Some third countries are certified by the European Commission through a so-called adequacy protection statement to have data protection comparable to the EEA standard. However, in other third countries to which personal data may be transferred, there may not be a consistently high level of data protection due to a lack of legal provisions. If this is the case, we ensure that data protection is sufficiently guaranteed. This is possible through binding company regulations, standard contractual clauses of the European Commission for the protection of personal data, certificates or recognized codes of conduct. Please contact our data protection officer (see under 1.1). if you would like more information on this.

1.5 We use appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorized access by third parties (e.g. appropriate encryption for our website), taking into account the state of the art, implementation costs and the nature, scope, context and purpose of the processing, as well as the existing risks of a data breach (including its probability and impact) for the data subject. Our security measures are continuously improved in line with technical developments.

  1. Collection of Personal Data when Visiting our Website

2.1 When you visit our website for informational purposes, that is, if you don’t register or otherwise provide us with information, we will only collect the personal data that your browser transfers to our server.
If you view our website, we will collect the following data:

  • Name of your internet service provider
  • Website from which you linked to our website
  • Pages you visited on our website
  • Date and duration of your visit
  • IP address
  • Date and time of the request
  • Time zone difference from Greenwich Mean Time (GMT)
  • Content of the request (specific page)
  • Access status/HTTP status code
  • Data volume transferred
  • Referring website
  • Browser type including language and version used
  • Operating system and its interface
  • Websites accessed by the user’s system from our website

The data are stored in our system’s log files.  We do not store the data together with the user’s other personal data nor do we analyze the data for marketing purposes.

2.2 The applicable statute for the collection and storage of these data is GDPR Article 6(1) point (f).

2.3 The data are technically necessary for us to display our website to you and to ensure our web site’s stability and security.  The data are stored in log files to ensure that the website remains functional.  The data also helps us optimize the website and keep our IT systems secure.

These purposes constitute our legitimate interest in processing the data.

2.4 The data are erased as soon as they are no longer needed to achieve the purpose for which they were collected.  If the data are collected for the purpose of providing the website, they will be erased when the session is done.  If the data are stored in log files, they will be erased after no more than seven days.  They may also be stored for a longer period, however.  In this case, the IP addresses of the users will be erased or masked so that they can no longer be traced back to the requesting client.

2.5 We are required to collect the data used in providing our website and to store the data in log files in order to operate the website.  The user, in other words, cannot object to our collection and storage of the data.  If you do not want your data to be collected and stored, we recommend leaving the website.

  1. Collection of Other Personal Data in Cookies When Visiting our Website

3.1 In addition to the mentioned data above, which your browser communicates to our server, Cookies are also stored on your computer when you use our website.
Cookies are small text files that are associated with your browser, stored on your hard drive and used to provide certain information to the entity who placed the cookie on your computer (in this case: placed by us).
Cookies cannot execute programs or infect your computer with viruses.  Cookies are used to make our internet presence more effective and user-friendly and to analyze how users behave on our website.

When you access our website, an info banner will inform you that we use cookies and refer you to this Privacy Policy.

3.2 There are different types of cookies. Their purpose and operation are explained below.

There are “Session Cookies”. Session cookies are deleted automatically when you close the browser.  They store a “session ID” that is used to assign various requests from your browser to one particular session.  Session cookies allow us to recognize your computer if you return to our website.  They are deleted when you log out or close your browser.

Persistent cookies, by contrast, are automatically deleted after a specific period that may vary from one cookie to the next.  You can delete persistent cookies at any time by adjusting your browser’s security settings.

3.3 The legal basis for the processing of personal data with cookies is GDPR Article 6(1) point (f).  The legal basis for the processing of personal data with cookies for analytical purposes is GDPR Article 6(1) point (a) as long as you have consented to it.

3.4 Cookies are used to make it easier for users to use websites.  On our website, we use cookies that are technically necessary and cookies that enable us to analyze how users navigate our website. Cookies are used to enable certain website functions and to identify you if you return to our website or for other purposes such as storing a language setting or the contents of your shopping cart. Cookies are used to enable certain website functions and to identify you if you return to our website or for other purposes such as storing a language setting or the contents of a shopping cart.

Analytical cookies are used to improve the quality of our website and its content.  They tell us how our website is used and enable us to continually improve our offer.  When data are collected for the purpose of analyzing how users navigate our website, they are pseudonymized by special technology.  Pseudonymization makes it impossible to trace the data back to the requesting user.  These data are not stored together with users’ other personal data.

These purposes constitute our legitimate interest in processing personal data pursuant to GDPR Article 6(1) point (f).

Some of the cookies we use on our website come from third parties that help us analyze the impact of our website content and visitor interest, measure the power and performance of our website, or serve customized advertising and other content to our website or others. As part of our website, we use both first party cookies (only visible from the domain you are visiting) and third party cookies (visible across domains and set periodically by third parties).

The cookie-based data processing is carried out on the basis of your given consent pursuant to Art. 6 para.1 p.1 lit. a DS-GVO/GDPR (legal basis) or on the basis of Art.6 para.1 p.1 lit. f DS-GVO/GDPR (legal basis) to protect our legitimate interests. In particular, our legitimate interests are to provide you with a technically optimized and user-friendly website designed to meet your needs and to ensure the security of our system.

You can revoke the consent you have given us at any time, e.g. by deactivating the cookie-based tools/plugins listed in detail in the following overview. By making the appropriate settings, you can also object to processing based on legitimate interests.

In detail, the following cookie-based tools/plugins are used on this website:

– Google Analytics (see under 12.),

– Borlabs Cookie, which sets a technically necessary cookie (Borlabs cookie) to save your cookie settings. Borlabs Cookie does not collect any personal data. The Borlabs cookie stores the consent you gave when you accessed the website. If you wish to revoke these consents, simply delete the cookie from your browser. When you access / reload the website, you will be asked again for your cookie consent.

3.5 Cookies are stored on the user’s computer and are sent by their computer to our server.

That means you, the user, have full control over how cookies are used.  You can disable cookies or restrict how they are shared in your web browser settings.  Cookies already on your computer can be deleted  at any time.  The deletion may be performed either manually or automatically.  However, if you disable cookies for our website, you may not be able to use our website’s full functionality.

3.6 Wordfence

We have integrated Wordfence on our website. The provider is Defiant Inc, Defiant, Inc, 800 5th Ave Ste 4100, Seattle, WA 98104, USA (hereinafter Wordfence). Wordfence serves to protect our websites from unwanted access or malicious cyberattacks. For this purpose, our website establishes a permanent connection to Wordfence’s servers so that Wordfence can check its databases against the accesses made on our website and block them if necessary. The use of Wordfence is based on Art. 6 para. 1 lit. f of the GDPR. The website operator has a legitimate interest in protecting its website as effectively as possible against cyberattacks. If a corresponding consent has been requested, the processing is based exclusively on Art. 6 para. 1 lit. a of the GDPR; the consent can be revoked at any time. Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.wordfence.com/help/gerneral-data-protection-regulation/.

  1. Visit of access-protected websites

The user is required to register to be able to use certain functions on our websites. Certain information is required for registration purposes depending on the desired function (e.g. name of user, e-mail address). We need this information to set up and manage the user account, identify entitled users and to be able to offer the user the desired function. More details on registering and using the functions offered via access-protected websites are provided by the relevant terms of use of such websites. The legal basis for the processing of your data as described above is Article 6(1)(b) GDPR.

  1. Use of Our Download Section

5.1 You may use our Downloads section, which contains items such as software and manuals. We use cookies to collect and process a variety of personal data for this purpose. Information required for the performance of a contract is highlighted; the other information is voluntary.

In this case, the legal basis for processing is GDPR Article 6(1) point (a). If the information is necessary for the performance of a contract to which you are party or in order to take steps prior to entering into a contract, the legal basis for processing also includes GDPR Article 6(1) point (b).

5.2 You may voluntarily store a larger volume of information in order to enjoy better service. I In this case, the data which you provide along with your IP address and registration date and time will be stored until you revoke your consent. You are able to delete all the data at any time, including any customer account that you may have created for yourself.

5.3 The purpose of using these data is to provide services.

5.4 The data will be erased as soon as it is no longer required to achieve the purpose for which they was collected.  That means they are stored for as long as the service is used.  If the data are associated with a contract under which money or other valuable consideration changes hands, we are required by tax and accounting laws to retain your address, payment and order data for ten years.

  1. Registration for Our Other Newsletters

6.1 By giving your consent, you are able to subscribe to our newsletters. Our newsletters inform you of our current news, offers, products and services.  Upon request, we can also notify you of new updates for certain software or firmware.  The advertised goods and services are specified in the declaration of consent.

6.2 We use the double opt-in process for newsletter registration.  This method lets us verify that you own the email address you have provided and agree to receive the newsletter.  It consists of sending an email to your stated email address after registration in which we ask you to confirm that you do in fact want to receive the newsletter.  The address will only be actively added to the subscriber list if you confirm your registration.  If you do not confirm your registration, your information will be placed on a do not contact list and automatically erased after one month.

We use the data for the sole purpose of sending you requested information and offers.

The newsletter software we use is Sendinblue (former Newsletter2Go).  Your data will be transferred to Sendinblue GmbH (former Newsletter2Go GmbH).  Sendinblue (former Newsletter2Go) is prohibited from selling your data or using it for any purpose other than sending you newsletters that you have agreed to receive.  Sendinblue (former Newsletter2Go) is a German certified provider that we choose based on the requirements of the General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG).

More information is available here:   www.sendinblue.com/information-for-email-recipients/

6.3 The legal basis for the collection, storage and use of the data is GDPR Article 6(1) point (a).

6.4 Your email address is the only information that you have to provide in order to receive the newsletter.  Your name and gender are optional and will be used to address you personally.  Once you confirm the registration, we will store the data for the purpose of sending you the (personalized) newsletter.

The purpose of the double opt-in method is to verify your registration and identify potential misuse of your personal data.  We also store your IP addresses and the points in time when you register and confirm your subscription.

6.5 You can revoke your consent to the storage and use of your data and e-mail address for sending out the newsletter at any time. There are several ways to revoke your consent, including clicking the “Unsubscribe” link in the newsletter or sending a mail to Lawo AG, Dept. Newsletter, Am Oberwald 8, 76437 Rastatt, Germany.

6.6 The data are deleted as soon as they are no longer required to achieve the purpose for which they were collected.  In the case of our newsletter, they are stored as long as your newsletter subscription is active.

  1. Data Privacy for Job Applications and the Application Process

7.1 When a job application is submitted, we collect and process the personal data of applicants for the purpose of conducting the application process.  Data may be processed electronically.  That is the case in particular if you send us your application documents electronically, for example by email or via a web form on our website or with a similar method.

7.2 The legal basis for this data use is GDPR Article 6(1) point (a) and point (b).

7.3 If we hire you under an employment contract, we will save the data you have provided to us for the purpose of administering the employment relationship in conformity with the law.

If we do not hire you, the application documents will be deleted after the expiration period for lodging claims under the German General Act on Equal Treatment [Allgemeines Gleichbehandlungsgesetz (AGG)] unless there is a conflict with legitimate interests in retaining them.  Another legitimate interest includes the obligation to show proof in a lawsuit brought for a violation of the General Act on Equal Treatment.

  1. Our Online Presence in Social Media

8.1. Lawo maintains a presence in various social networks and platforms (e.g. Facebook, Twitter, etc.). We use them in order to communicate with customers and prospects and inform them of various activities and services.  Any use of these networks and platforms is subject exclusively to the terms, conditions and data processing policies of the respective operators, and not to ours.

It is common knowledge, that some legal details as to privacy protection in social media have not been legally cleared in a satisfying way, including the question, if such services are in conformity with European Standards of Data protection for social networks.

Every service provider on social networks offers a solution of their own regarding privacy protection. As a rule you are allowed to decide on your own by using and registering in the relevant social network on if and how far you want to share protected private information.  We are carefully observing the legal and technical developments and do our best to take care of the data protection for our users and customers.   In case there should be new and legally secured approaches, we will give our best to pick them up immediately.

Many social media such as Facebook, Google and YouTube are storing the data of their users (for example personal information, IP-Addresses etc.) according to their own relevant policies of data protection and also may be using them for business purposes.  You are able to inform yourself directly regarding the processing of data by the relevant social networks, by using the links we are providing for you or the network providers in question.

During the activities on such social media we are not able to influence the collection and processing of data, and of their future use.  We also are not able to identify, where, for how long and in which volume data may be stored, and if such networks will comply to existing obligations to delete data, and which analyses and links to data will be performed and to which third parties these data may be forwarded.

Until clear legal and technical requirements will be developed, you should verify especially careful, which personal data you want to entrust to social networks, if at all, for example connected to the use of our fan pages.

The purpose and size of the data elevation and the further processing and use of the data are explained by these companies, as well as your applicable rights and possibilities to determine your settings regarding the protection of your privacy. As to the detail, please refer to the data protection notes of:

  1. Use of Social Media Plug-Ins

9.1 We currently use Facebook, Twitter and LinkedIn plug-ins.  These plug-ins are configured to work with a “two-click system”.  In this system, your personal data is not automatically transferred to the plug-in providers the moment you access our website.  You can identify the plug-in provider by the initial letter or logo shown on the box.  We give you the option of communicating directly with the plug-in provider by clicking this button.  However, the provider is only notified that you have accessed this page on our website when you activate the associated field by clicking it.  The provider will then also receive the data described in Section 2 of this policy.  In Facebook’s case, its German subsidiary states that your IP address is anonymized immediately after being collected.  When you activate the plug-in, in other words, your personal data is transferred to and stored by the plug-in provider (which may be in the United States if the provider is a U.S. company).  Since the plug-in provider collects many of its data through cookies, we recommend to delete all the cookies in your browser’s security settings before clicking the grayed-out box.

9.2 From the moment on when you access these social media, we have no direct control over the data collected or the data processing operations nor do we know the full extent to which data are collected, the purposes for which they are processed, or how long they will be stored.  We also have no information on whether, when or how plug-in providers delete the data they collect.

9.3 Each plug-in provider stores data collected on you in user profiles that it uses for advertising, market research and/or to tailor its website to market needs.  Such analysis (which even includes users who are not logged in) is mainly done to show targeted advertising and tell other users in the social network about what you have done on our website.  You are entitled to object to the creation of user profiles by contacting the plug-in provider.  The plug-ins allow you to interact with social networks and other users so that we can improve our website and provide a more engaging user experience.  The legal basis for the use of plug-ins is GDPR Article 6(1) point (f).

9.4 Data are transferred whether or not you have an account with the plug-in provider and are logged into the provider’s social network.  If you are logged into the social network, the personal data that we have collected on you will be linked directly to your account with the plug-in provider. If you press the activated button and then, say, link to the page, the plug-in provider will store this information in your user account as well and publicly share it with your contacts.  We recommend that you regularly log out after using a social network but particularly before activating the button so that your activity is not associated with the user profile that the plug-in provider has created on you

9.5 To learn more about the purpose and extent to which the plug-in provider collects and processes data, please see the provider’s privacy policies, which we have linked to below.

The policies also contain more information on your rights and ways to adjust your settings to protect your privacy.

9.6 Here are the addresses of the plug-in providers as well as the links to their privacy policies:

  1. a) Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA;
    facebook.com/policy.php
    Further Information about the data collection:

www.facebook.com/help/186325668085084  , www.facebook.com/about/privacy/your-info-on-other ; and also http://www.facebook.com/about/privacy/your-info
#everyoneinfo .

Facebook is EU-US Privacy Shield certified*1), please refer to https://www.privacyshield.gov/EU-US-Framework.

  1. b) Twitter, Inc., 1355 Market St, Suite 900, San Francisco, California 94103, USA;
    com/privacy.
    Twitter is EU-US Privacy Shield certified *1), see https://www.privacyshield.gov/EU-US-Framework,
  2. c) LinkedIn Corporation, 2029 Stierlin Court, Mountain View, California 94043, USA;
    linkedin.com/legal/privacy-policy
    LinkedIn is EU-US Privacy Shield certified *1), www.privacyshield.gov/EU-US-Framework .
    We ask for a particular attentive check of your own decision on whether and which data in this context you want to provide at all.

9.7 Information on data processing in relation to the Facebook page (“Fan Page”):

On June 5, 2018, the ECJ ruled that Facebook and the operator of any Facebook page are jointly responsible for data processing under data protection law.  Three months later, on September 5, 2018, the “Datenschutzkonferenz” (the association of German supervisory authorities for data protection) issued a resolution covering this joint responsibility under data protection law.  According to the resolution, we are required to provide you with comprehensive information about the data processing activities that take place via and through the Facebook page, especially if you do not use Facebook yourself per se. However, currently we do not have access to any more information than Facebook makes available.

Facebook’s comprehensive privacy policy, including information about your rights as a data subject, can be found here.
Facebook: www.facebook.com/policy.php

10a. Embedding of YouTube videos


10a.1 Our website contains embedded YouTube videos that are stored at www.YouTube.com  and can be played without leaving our website.  All these are tied in an “extended data protection mode”, i.e. that no data regarding you are transferred to users of YouTube as long as you don’t play the videos. The data as specified in Paragraph 2 are only transferred when you play the videos.  We have no control over this transfer of data.

10a.2 When you visit the website and play a video, YouTube is notified that you have accessed a corresponding sub-website page containing the embedded video.  It also receives the data described in Section 2 of this policy.  This happens whether or not you have a YouTube account or are logged into a YouTube account.  If you are logged in with Google, your data will be linked to your account.  If you do not want these data to be linked to your YouTube profile, you will have to log out before activating the button.  YouTube stores your data in user profiles that it uses for advertising, market research and/or to tailor its website to market needs. . This analysis (which even includes users who are not logged in) is mainly done to show targeted advertising and notify other users in the social network about what you have done on our website.  You have a legal right to object to the creation of user profiles by contacting YouTube.

10a.3 Please see YouTube’s privacy policy for more information on the purposes and extent to which it collects and processes data.
The policy also contains more information on your rights and ways to adjust your settings to protect your privacy: policies.google.com/privacy.The policies also contain more information on your rights and ways to adjust your settings to protect your privacy:
policies.google.com/privacy

 10b.  Vimeo & Advise of Embedding Videos

If we don’t host our videos on our own, we may use the offer of the external video supplier Vimeo. With the help of videos, contents are transmitted visually better and are easier to understand.

Because of the integration of the videos, servers of the suppliers such as Vimeo may be called up, caused by technical reason. As to the use connected with data of the browser or the terminal, we refer to the respective data protection notes of Vimeo.
Because Vimeo is primarily itself responsible for the corresponding handling of data.
The privacy statement by Vimeo is located here: vimeo.com/privacy/

The legal basis for the integration of the Vimeo videos and – dependent on the individual choice of settings by the users – the transfer of person-related data for Vimeo Inc., for registered users of these internet pages is article 6, para. 1 lit. b) GDPR. The same applies to users who are in the process of contract initiation or watch videos for information purposes. For other users, the legal basis to transfer technically required data to Vimeo, is Art. 6, para 1 lit. F) GDPR.

As further protective measures, in principle, we embed videos of Vimeo as not traceable (“do not track”), so that in principle only person-related data which are not traceable can be transmitted to Vimeo.

  1. Embedding of Google Maps


11.1 Our website uses Google Maps. This allows us to show you interactive maps within our website and give you convenient access to map functions

11.2 When you visit the website and play a video, Google is notified that you have accessed a corresponding sub-website page containing the embedded video. It also receives the data described in Section 2 of this policy. This happens whether or not you have a Google account or are logged into a Google account.  If you are logged in with Google, your data will be linked to your account. If you do not want this data to be linked to your Google profile, you will have to log out before activating the button.  Google stores your data in user profiles that it uses for advertising, market research and/or to tailor its website to market needs.  This analysis (which even includes users who are not logged in) is mainly done to show targeted advertising and notify other users in the social network about what you have done on our website.  You have a legal right to object to the creation of user profiles by contacting Google.

You also have the possibility to easily deactivate the Google Maps service to prevent data transfer to Google:  To do this, deactivate JavaScript in your browser.  In this case you will not be able to use the map display.  By using the above-mentioned website and by not deactivating the JavaScript function, you expressly declare that you are aware of the data protection issues and that you agree to the processing of the data collected about you by Google in the manner and for the purpose described above.

11.3 To learn more about the purpose and extent to which the plug-in provider collects and processes data, please see the provider’s privacy policy.  The policy also contains more information on your rights and ways to adjust your settings to protect your privacy:  www.google.de/intl/de/policies/privacy  .

Google processes your person-related data also in the USA and is certified according to the EU-US Privacy Shield*1)

www.privacyshield.gov/EU-US-Framework

Adequate protection still then can be ensured because the corresponding decision 2010/87 of the EU Commission still provides effective mechanisms. This is still valid after the new decision which can ensure in the practice that the protection standard asked for by the European union right is adhered to as well. We employ improved organizational measures among others by order processing contracts formulated concurringly according to the sample contract forms or also by an exclusion of the assignment of protected data, or by reservation of individual user settings according to the choice of our customers and users, so that furthermore the data processing remains compatible with European Data Protection law.

  1. Use of Google Analytics

12.1 This website uses Google Analytics, a web analytics service provided by Google Inc. (“Google”).  Google Analytics uses “cookies,” which are text files placed on your computer to help the website analyze how you use the site.  The information generated by the cookie about your use of the website will generally be transmitted to and stored on a Google server in the United States.  If IP anonymization is activated on this website, Google will, however, truncate your IP address beforehand within the member states of the European Union or within other states party to the Agreement on the European Economic Area.  Only in exceptional cases will the full IP address be transmitted to a Google server in the United States and truncated there.  By request of this website’s operator, Google will use this information for the purposes of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage for the website operator.

Google will not associate the IP address transmitted by your browser as part of Google Analytics with any other data held by Google.

12.2 You may refuse to store cookies by changing your browser settings; please note, however, that you may not be able to use the full functionality of this website in this case.

You can also prevent the data generated by the cookie with regard to your use of the website (including your IP address) from being collected and processed by Google by downloading and installing the browser plug-in available at the following link:  tools.google.com/dlpage/gaoptout

12.3 This website uses Google Analytics with the extension “anonymizeIp()”.  This extension ensures that IP addresses are only processed in truncated form and so cannot be linked to a person.  The extension therefore prevents you from being identified by any of the data collected on you because it immediately deletes personal data.

12.4 We use Google Analytics to regularly analyze and improve the use of our website.

The analytical statistics allow us to improve our online presence and give you a more engaging user experience.  As tp the rare occasions when personal data are transferred to the United States, Google is EU-US Privacy Shield certified *1), see , www.privacyshield.gov/EU-US-Framework. *1). We do our best to implement the verdict of the EuGH of 7-16-2020 in the legal matter C 318 after which the Privacy Shield wasn’t in conformity with EU requirements regarding the protection of data privacy and therefore considered ineffective. The judgement explains ways to ensure that only safe ways of data transmission are chosen, in conformity with the protection of data privacy.

The legal basis for the use of Google Analytics is GDPR Article 6(1) point (f).

12.5 Third-party provider information:
Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001. Conditions for users:  www.google.com/analytics/terms/de.html  .

Overview on data protection: www.google.com/intl/de/analytics/learn/privacy.html , as well as the privacy policy by google: www.google.de/intl/de/policies/privacy   .

  1. Online Meetings, Telephone Conferences and Webinars


13.1 Data protection information regarding online meetings, telephone conferences and webinars by Lawo AG and affiliated companies.

This is to explain further detail regarding the processing of personal data in connection with our online meetings, telephone conferences and webinars.

13.2 Purpose of Processing Data

To conduct conference calls, online meetings, video conferences and/ or webinars (hereinafter referred to as: „Online-Meetings“).

we use “Microsoft Teams”, “GoToMeeting” and “GoToWebinar”.
“Microsoft Teams” (abbreviated MS Teams or Teams only) is a product of Microsoft Corporation, one Microsoft way, Redmond, WA 98052-6399, USA.

Microsoft Teams is a platform that combines chat, meetings, notes, and attachments.  The service is integrated with Office 365 Office Suite along with Microsoft Office and Skype.

“GoToMeeting” and “GoToWebinar” are services offered on the online platforms of the provider LogMeIn, Inc. and its affiliated companies (USA:  Grasshopper Group, LLC; Jive Communications, Inc.; LogMeIn Audio, LLC and LogMeIn USA, Inc. For Germany: LogMeIn Ireland Limited, Bloodstone Building block C, 70 Sir John Rogerson’s Quay, Dublin 2, Ireland. – together “LogMeIn”). In charge of Germany is the LogMeIn Ireland Limited, Bloodstone Building Block C, 70 Sir John Rogerson’s Quay, Dublin 2, Ireland.

GoToMeeting opens a personal, virtual meeting room, suitable for teleconferences, online meetings.
“GoToWebinar” allows presentations and sales demonstrations

13.3 Responsible

Responsible for data processing directly related to our own online meetings, video conferences and/or webinars is Lawo AG, including affiliated companies.

13.4 Limitations and Notes

If you access the websites of a specified service provider, not LAWO AG or affiliated companies, but the provider itself is responsible for the data processing that is carried out there, and we refer to the applicable data protection declaration of that particular provider.  The scope and range of the respective data protection can also be found in the relevant data protection declarations of the respective provider.

In the legal matter C 311/18, the European court of Justice has decided by verdict of 7-16-2020, among other points, that the Commission Implementing Decision (EU) 2016/1250 of July 12, 2016 pursuant to Directive 95/46/EC of the European Parliament and of the Council on the adequacy of the protection provided by the EU-US Privacy Shield is invalid.

Consequently, any possible data transfer to the US or to other third countries will now be based on the express consent of the participants and as a rule in the context of order processing contracts according to the EU Standard Clauses. Our contractual data protection agreements for video conferences or regarding any other data transfer on MS Teams or on LogMeIn have been revised and are adjusted, the case given.

This results in the following restrictions for our own data protection policy:

13.4.1 Limitations for Microsoft Teams
As far as you access the website of “Microsoft Teams”, the provider of “Microsoft Teams” will be responsible for the data processing and not LAWO AG or affiliated companies.  However, a visit to these websites is only required for the use of “Microsoft Teams” to download the software for the use of “Microsoft Teams”.

There exists a service contract with Microsoft when using Microsoft Teams which is published at the following link:
www.microsoft.com/de-de/servicesagreement

In addition, the current version of the Microsoft Teams and Microsoft Privacy Statement will apply.
https://www.microsoft.com/en-us/microsoft-365/microsoft-teams/download-app
https://privacy.microsoft.com/de-de/privacystatement

If you do not want to or cannot use the “Microsoft Teams” app, you can also use “Microsoft Teams” from your browser.  The service is then insofar provided via the website of “Microsoft Teams”.

13.4.2 Limitations with LogMeIn

If you access the website of “LogMeIn” within the scope of using “GoToMeeting” or “GoToWebinar,” the provider is responsible for the data processing and not Lawo AG or affiliated companies.
In the context of the use of products or online services of LogMeIn, we have concluded with the provider a contract for the processing of orders “Data processing Addendum (DPA)”.

Reference:

https://www.logmeininc.com/legal/service-descriptions

We also refer to the Data Protection Declaration of LogMeIn:

https://www.logmeininc.com/de/legal/privacy-shield

13.5 Which data are processed?

When using „Microsoft Teams“ or „GoToMeeting“ or „GoToWebinar“, different types of data will be processed. The scope of the data which are processed depends on the preferences you choose and the information you provide with data before or when you attend an “online meeting” or a conference call or presentation.

The following personal data are the subject of the processing:

User information: E.g. Display name (Display name), if applicable, email address, profile picture (optional), preferred language
Meeting metadata: For example Date, time, Meeting ID, Phone numbers, Location
Text, audio and video data:  You may have the option to use the chat function in an “online meeting”.  To this extent, the text you enter will be processed in order to display it in the “online meeting”.  To allow video to be viewed and audio to be played back, the data from the microphone of your terminal device and any video camera of the terminal device will be processed accordingly during the meeting.  You can turn off or mute the camera or microphone at any time using the “Microsoft Teams” applications.

13.6 Scope and Duration of Processing

We use the tools mentioned above to conduct “online meetings” and/or for purpose-oriented conferences and/or presentations.  We limit the processing of data to the purpose of the respective online meeting, conference or presentation.  The online events are not recorded by us and we expect  the same from all participants.

If we intend to record “online meetings” in whole or in part, we will inform you in advance in a transparent manner and – if necessary – ask for approval.  All participants in such online meetings, conferences or presentations are prohibited from recording or using the data without the permission and the permission of all other participants.

The chat content is logged by the respective software when used.  We may store the chat content for a period of one month.  If it is necessary for the purpose of logging results of an online meeting, we will log the chat content.  However, this will usually not be the case.

We don’t use any automated decision-making process in the sense of Art. 22 GDPR.

  1. Analysis by WiredMinds

Our website uses the pixel-counting technology of wiredminds GmbH ( www.wiredminds.de ) to analyze visitor behavior. In the process, data may be collected, processed and stored, from which usage profiles are created under a pseudonym. Where possible and reasonable, these usage profiles are completely anonymized. Cookies (CTCNTNM_) may be used for this purpose. The data collected, which may also include personal data, is transmitted to WiredMinds or collected directly by WiredMinds. Wiredminds may use information left behind by visits to the websites to create anonymized usage profiles. The data obtained in this way will not be used to personally identify the visitor to our website without the separately granted consent of the person concerned, and it will not be merged with personal data about the bearer of the pseudonym.

Insofar as IP addresses are collected, they are immediately anonymized by deleting the last number block.

You can object to the use of the data generated by the cookie and related to your use of the website (including your IP address) as well as to the processing of this data by WiredMinds by clicking on the following link:

Exclude from Tracking.

 

  1. Your Rights

14.1 You have the following rights with respect to your personal data:

  • Right of information, GDPR Article 15
  • Right to rectification and erasure, GDPR Article 16 and Article 17
  • Right to restriction of processing, GDPR Article 18
  • Right to data portability, GDPR Article 20.

15.2 You also have the right to file a complaint about our processing of your personal data with a data protection regulator (such as the State Commissioner for Data Protection and Freedom of Information for Baden-WĂĽrttemberg, www.baden-wuerttemberg.datenschutz.de).

15.3 You can revoke your consent to the processing of your data at any time, GDPR Article 7(3). Such a revocation will affect the lawfulness of the processing of your personal data from the moment you communicate it to us.

You can also object to your personal data being processed for advertising and data analysis purposes at any time.  You can communicate your objection to us at the following address:

Lawo AG
Abteilung Datenschutz
Am Oberwald 8
D-76437 Rastatt, Germany

15.4 Insofar as we base the processing of your personal data on the balance of interests, you may object to the processing, pursuant to Article 21 of the GDPR. This is the case if the processing is not necessary, in particular, for the performance of a contract with you, which is presented by us in each case in the following description of the functions. When exercising such an objection, we ask you to explain the reasons why we should not process your personal data as carried out by us. In the event of your justified objection, we will review the situation and either discontinue or adjust the data processing or explain to you our compelling legitimate grounds on the basis of which we will continue the processing.

*1) We have taken into account that the principles of the EU-U.S. and the Swiss-U.S. Privacy Shield frameworks recently have been found to be invalid, due to the judgment of the European court of Justice (ECJ) in the legal matter C 311/18 of July 16, 2020. It therefore cannot be any more serve as a permitted legal base for the protection of data privacy during the assignment of personal data to the USA and other countries of the Privacy Shield framework. The judgment, however, particularly still allows for example a data transmission for the order processing on the legal basis of the sample clauses of the EU, under the additional condition, that a corresponding protection standard can be guaranteed. As far as in this context of our activities personal data are processed, our internal audits of the transmission paths didn’t yield any relevant complaints regarding the protection of data privacy.

Last update: November 24th, 2023