Web data privacy policy of LPLUS GmbH

LPLUS GmbH , as the operator of this website, takes the protection of your personal data very seriously. We treat your data confidentially and in accordance with the statutory data protection regulations and this data privacy policy.

Information obligations when collecting personal data (Article 13 EU GDPR; § 25 Telecommunications Telemedia Data Protection Act (TTDSG))

We have been subject to the provisions of the European General Data Protection Regulation (EU GDPR) and the provisions of the new German Federal Data Protection Act (BDSG) since 25.05.2018. In addition, the Telecommunications Telemedia Data Protection Act (TTDSG) has been in force since 01.12.2021 with regard to the storage of information and access to information in end devices, e.g. by means of cookies. The Telecommunications Telemedia Data Protection Act (TTDSG) serves to protect privacy and confidentiality in the use of end devices as guaranteed by Article  7 of the Charter of Fundamental Rights, regardless of whether personal data are processed. In the following, we inform you in accordance with the requirements of Article 13  EU GDPR how we collect and process your personal data in the context of the use of our website in accordance with the law.  Furthermore, there is a description of which specific technologies we use to store information in end devices and to access information that has already been stored, § 25 TTDSG.

1. Scope, purpose and legal basis of data processing
    (Article 13 para. 1 lit. c) and d) EU GDPR)

a. Visiting our website

Our website is used to inform you about us and our activities. In connection with our website, we only process personal data to the extent necessary to provide, use and optimise our website and to protect our legitimate interests (Article 6 para. 1 sub-para. 1 lit. f) EU GDPR). In addition, we only process your data in connection with our website if you have expressly consented to this (Article 6 para. 1 sub-para. 1 lit. a) EU GDPR).

If there is an opportunity to enter personal data on our website, the visitor enters such data on an expressly voluntary basis.

b. Logging – Server log files

Computer-related data are logged and stored for the purposes of identifying and tracking unauthorised attempts to access our web server. No user profiles are created. There will be no disclosure to third parties, not even in excerpts. Depending on the access log used, the log data record (server log files) contains information with the following content:

  • Date: The date of the request.
  • Time: The time of the request (in Coordinated Universal Time (UTC)).
  • Client IP address (c-ip): The IP address (Internet Protocol) of the client that made the request.
  • Protocol status (sc-status): HTTP or FTP status code.
  • Bytes sent (sc-bytes): The number of bytes sent by the server.
  • Bytes received (cs-bytes): The number of bytes received by the server.
  • Host (cs-host): Host name, if applicable.
  • User agent (cs(UserAgent)): The browser type used by the client.
  • Reference (cs(Referer)): The site last visited by the user. This site provided a link to the current site.

The log data are stored on the legal basis of Article 6 para. 1 sub-para. 1 lit. f) EU GDPR. Our legitimate interest here lies in maintaining the security of our website. The data will ONLY be evaluated in the event of unauthorised access. The evaluation is carried out by employees of our company and, if necessary, commissioned external IT service providers.

c. Cookies

Our website uses cookies. Cookies are small text files that are stored on your device and stored by your browser. They do not cause any damage to your end device and do not contain any viruses. Cookies serve to make our website more user-friendly, more effective and more secure.

The cookies we use are only used for the technical delivery of the pages and are automatically deleted after the end of your visit.

Most browsers are configured to accept cookies automatically. You can configure your browser so that you are informed about the placement of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when the browser is closed. This makes the use of cookies transparent to you.

Technically necessary cookies, which are absolutely necessary for the operation or display of the website, are stored on the legal basis of § 25 para. 2 no. 2 TTDSG. The storage of such cookies takes place in the interest of a technically error-free and optimised provision of our website and is therefore also absolutely necessary in the interest of the end user.

d. Google Web Fonts

Our website uses so-called web fonts provided by Google LLC (“Google”) for the uniform display of fonts. When you call up the page, your browser establishes a connection to our web server. The Google fonts are stored locally there, so that no data are transferred to Google. Google Web Fonts are used in the interest of a uniform and appealing presentation of our online offerings. No personal data are processed through the use of the web fonts. If your browser does not support web fonts, then your computer will use a standard font.

e. Contact us

If you would like to contact us, please use the contact details provided. If you contact us by telephone, email, online contact form or by post, the personal data you provide (e.g. your name, your email address / telephone number / address, date / time of contact and the content of the message you send) are stored by us. The data will be used strictly for the purpose of processing your request. The legal basis for this data processing is Article 6 para. 1 sub-para. 1 lit. f) EU GDPR. Our legitimate interest here lies in processing your inquiries and other concerns as promptly and comprehensively as possible and to your satisfaction. The data will be deleted when the purpose for processing no longer applies, i.e., specifically after contact with you has ended. Mandatory statutory retention periods remain unaffected.

f. Job postings and application procedures

We process the personal data that you provide in your application to the extent that this is necessary for the decision to establish an employment relationship with us. The legal basis for this is Article 88 EU GDPR in conjunction with § 26 para. 1 clause. 1 var. 1 in conjunction with para. 8 clause 2 of the German Federal Data Protection Act (BDSG).

Your personal data will be treated confidentially and processed exclusively for the purpose of processing your application, i.e., for recruiting and drawing up an employment contract. In order to handle the application process, it is essential that employees in the human resources department, the respective department and, if applicable, the responsible committees, such as the representative for severely disabled employees, have access to your personal data.

If you give us your consent, we will process your personal data beyond the application for a specific position or a specific appointment date and will contact you about other positions that match your profile.

The general retention and deletion periods apply. We store your personal data for as long as this is necessary for the decision on your application and only retain it for longer if there is another legal reason for further storage. Another such legal reason can result in particular from tax and accounting obligations or from the defence against possible legal claims, in particular under the General Equal Treatment Act (AGG).

If you have not agreed to further data processing for other positions that may match your profile, we will delete your data no later than six months after the application process has been completed. If you have consented to being considered for other positions or have submitted an unsolicited application without time restrictions, we will store your personal data for a maximum period of three years, starting at the end of the year in which you gave us your consent or submitted your unsolicited application. If your application is successful, we will transfer your application documents to your personnel file.

2. Recipients / Categories of recipients of the personal data
(Article 13 para. 1 lit. e) and f) EU GDPR)

The exclusive recipient of the data associated with the use of the website is LPLUS GmbH. Your data will be treated confidentially and will not be passed on to third parties, neither to recipients within Germany or the European Union, nor to recipients in third countries. The data are not used commercially, and no profiling is carried out.

Under certain circumstances, however, we use external service providers who process personal data on our behalf. These are considered processors within the meaning of Article 28 of the EU GDPR. When data are passed on to these partners, an order processing contract is therefore always concluded in accordance with the legal requirements in order to ensure the control and protection of the data.

LPLUS GmbH will transmit personal data to institutions (authorities) entitled to receive information if it is obliged to do so by law or by court order.

3. Duration of storage and deletion of personal data
(Article 13 para. 2 lit. a) EU GDPR)

The duration of the storage of personal data depends on legal requirements and the purpose of the data storage. The following always applies: If the purpose of the data processing is no longer given, we will delete your data. The reasons for deleting personal data result from Article 17 of the EU GDPR. Accordingly, your data must be deleted if one of the following reasons applies:

  • Your personal data are no longer necessary for the purposes for which they were collected or otherwise processed.
  • You withdraw your consent, upon which the processing was based, and there is no other legal basis for the processing.
  • You object to the processing pursuant to Article 21 para. 1 and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Article 21 para. 2.
  • The personal data have been unlawfully processed.
  • The deletion of the personal data is necessary to fulfil a legal obligation under Union law or the law of the Member States to which LPlus GmbH is subject.

Exceptions, according to which your data do not have to be deleted, although one of the reasons listed apply, are also regulated in Article  17 EU GDPR.

4. Your rights as a data subject (Article 13 para. 2 lit. b) and c) EU GDPR)

The EU GDPR gives the data subject affected by the processing of personal data various options to check and influence the handling of their personal data themselves. You therefore have the following rights:

  • Right to information (Article 15 EU GDPR)
  • Right to rectification (Article 16 EU GDPR)
  • Right to deletion (Article 17 EU GDPR see above)
  • Right to have the processing restricted (Article 18 EU GDPR)
  • Right to data portability (Article 20 EU GDPR)
  • Right to revoke any consent that may have been given (Article 7 para. 3 EU GDPR)

You also have the right to object (Article 21 EU GDPR): You can object at any time to the processing of your personal data, based on Article  6 para. 1 lit. e) or f) EU GDPR, for reasons arising from your particular situation. We will then no longer process your personal data unless we can demonstrate compelling legitimate grounds for processing that outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims. If personal data are processed by us in order to operate direct advertising, you have the right to object at any time to the processing of your personal data for the purpose of such advertising.

If you would like to exercise any of the rights just described, please send an email to the address provided under item 5.

5. Data controller (Article 13 para. 1 lit. a) EU GDPR)

The data controller responsible for the processing of personal data on this website within the meaning of the EU GDPR is:

LPLUS GmbH
Gerold-Janssen-Strasse 5
28359 Bremen

Email: info@LPLUS.de
Website: https://lplus.de/

Represented by Managing Director, Susanne Ramsthal.

6. Our local external data protection officer (Article 13 para. 1 lit. b) EU GDPR)

The following person has been appointed as Data Protection Officer pursuant to  Article  37 EU GDPR:

Raluca Rinzescu
Certified Data Protection Officer (TÜV PersCert)
Concept Development Data Protection
CE21 – Gesellschaft für Kommunikationsberatung mbH
Bergfeldstrasse 11, 83607 Holzkirchen
Branch office NRW: Donnerbachweg 1, 53332 Bornheim

Email: ra.rinzescu@ce21.de
Tel.: +49 89 7167211-30; 017680486741
Fax: +49 2227 904541
www.ce21.de

7. Right to appeal to the competent supervisory authority
(Article 13 para. 2 lit. d), Article 77 EU GDPR)

In addition to the rights listed above, you also have the right to lodge a complaint with a data protection supervisory authority in any country in the European Union. Below you will find a list of all State data protection officers in the Federal States:
www.bfdi.bund.de/DE/Infothek/Anschriften_Links/AufsBehoerdFuerDenNichtOeffBereich/AufsichtsbehoerdenNichtOeffBereich_liste.htm

8. Security

a. Technical and organisational measures

LPLUS GmbH implements technical and organisational measures within the meaning of Article 32 EU GDPR, to protect the data you have provided from accidental or intentional manipulation, loss, destruction or access by unauthorised persons. Our security measures are continuously improved in line with technological developments. We have committed all employees to confidentiality. To ensure compliance with data protection regulations, our employees are also regularly trained by our data protection officer. It is also ensured that the regulations on data protection are also observed by the external service providers involved.

b. Email

If you send us an email, your email address will only be used to correspond with you. No encryption method is used. Email traffic takes place via the unsecured Internet. We would like to point out that the Internet harbours many dangers of attack and absolutely secure transmission cannot be guaranteed. It is impossible to completely protect the data from access by third parties. We therefore ask you not to send us any confidential or strictly confidential data by email.

c. TLS encryption (Transport Layer Security)

Our website uses TLS encryption for security reasons and to protect the transmission of confidential content, such as requests that you send to us as the site operator. You can recognise an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the padlock symbol in your browser line. If TLS encryption is activated, the data that you transmit to us cannot be read by third parties.

9. Links to other websites

Our website contains links to other websites. We have no influence whatsoever on their content or on the fact that their operators comply with the applicable data protection regulations. The purpose and scope of any data collection, further processing and use of the data by the respective third party who operates the website in question, as well as your rights in this regard and setting options for protecting your privacy, can be found in the data privacy policy of the third party. We also have no influence on the current and future design or the authorship of the content of the linked sites. We hereby declare that no illegal content was discernible on the linked pages at the time the link was established. We expressly distance ourselves from all content that may be relevant under criminal or liability law or that violates common decency. The provider of the page to which reference is made is solely liable for illegal, incorrect or incomplete content and for damage resulting from the use or non-use of other websites.

10. Definitions

The legislator requires that personal data be processed in a lawful manner, in good faith and in a transparent manner that is comprehensible to the data subject. Our privacy policy should therefore be legible and understandable for every interested person. We will therefore explain the terms used in order to achieve this.

We use the following terms, among others, in this data privacy policy:

Data subject
The data subject is any identified or identifiable natural person whose personal data are processed by us.

Processing
Processing is any process carried out with or without the help of automated processes or any such series of processes in connection with personal data, such as collecting, recording, organising, arranging, storing, adapting or changing, reading out, querying, using, disclosure by transmission, dissemination or any other form of making available, matching or linking, restricting, deleting or destroying data.

Restriction of the processing of your data
Restriction of the processing of your data is the identification of stored personal data in order to limit its processing in the future.

Profiling
Profiling is any kind of automated processing of personal data which involves the use of such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects relating to work performance, economic situation, health, personal preferences, interests, reliability, behaviour, location or relocation of said natural person.

Pseudonymisation
Pseudonymisation is the processing of personal data in such a way that the personal data can no longer be assigned to a specific data subject without the use of additional information, provided that this additional information is kept separately and is subject to technical and organisational measures that ensure that the personal data cannot be attributed to an identified or identifiable natural person.

Data controller or party responsible for data processing
The data controller or party responsible for data processing is the natural or legal person, public authority, institution or other body which, alone or in conjunction with others, decides on the purposes and means of processing personal data.

Data processor
A data processor is a natural or legal person, public authority, institution or other body that processes personal data on behalf of the data controller.

Recipient
The recipient is a natural or legal person, public authority, institution or other body to whom personal data are disclosed, whether or not they are third parties.

Third party
A third party is a natural or legal person, public authority, institution or other body other than the data subject, the data controller, the processor and the persons authorised to process the personal data under the direct responsibility of the controller or the processor.

Consent
Consent is any declaration of intent made voluntarily by the data subject for the specific case in an informed and unambiguous manner in the form of a declaration or other unambiguous affirmative action, in which the data subject indicates that they agree to the processing of their personal data.

11. Final provisions

Due to the further development of our website or the implementation of new technologies, it may become necessary to change this data privacy policy. We reserve the right to change this data privacy policy at any time with effect for the future. The version available at the time of your visit is always the applicable version.

Further information, for example on copyright, can be found in the legal notice.