Data protection information in accordance with Art. 13 GDPR
Name and address of the person responsible
The responsible body within the meaning of the General Data Protection Regulation (GDPR) and other data protection regulations is:
LeanMind GmbH
Stockholmer Platz 1
70173 Stuttgart
germany
Telephone: +49 711 34067844
email: kontakt@leanmind.de
Name and address of the data protection officer
The data protection officer of the person responsible is:
Stanislav Kovtun
Westfalendamm 282
44141 Dortmund
email: dsb@dostani-it.de
General information about data processing
Legal basis for processing personal data
In accordance with Article 13 GDPR, we inform you of the legal basis for our data processing. If the
The legal basis is not specifically stated in the data protection notice, the following applies:
The legal basis for obtaining consent is Art. 6 para. 1 lit. a in conjunction with Art. 7 GDPR. The legal basis for
Processing to fulfill our services and carry out contractual measures as well as to answer inquiries is
Art. 6 para. 1 lit. b GDPR. The legal basis for processing to fulfill our legal obligations is Art. 6 para. 1
lit. c DSGVO. If the processing of your data is necessary to protect a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the former interest, Article 6 (1) (f) GDPR serves as the legal basis for processing.
In the event that vital interests of the data subject or another natural person require the processing of personal data, Article 6 (1) (d) GDPR serves as the legal basis.
Data deletion and storage period
We comply with the principles of data minimization in accordance with Art. 5 para. 1 lit. c DSGVO and storage limitation in accordance with Art. 5 para. 1lit. e GDPR. We only store your personal data for as long as is necessary to achieve the purposes mentioned here or as required by law. After the respective purpose ceases to apply or after expiry of these retention periods, the corresponding data will be deleted as quickly as possible.
Note on data transfer to third countries
Our website also includes tools from companies based in third countries. If these tools are active, your personal data can be transmitted to the servers of the respective companies. The level of data protection in third countries generally does not comply with EU data protection law. There is therefore a risk that your data will be passed on to authorities in these countries. We have no influence on these processing activities.
external links
This website may contain links to third-party websites or to other websites under our responsibility. If you follow a link to one of the websites outside of our responsibility, please note that these websites have their own privacy information. We assume no responsibility or liability for these external websites and their data protection notices. Therefore, before using these websites, please check whether you agree with the data protection declarations there.
You can recognize external links either by the fact that they are displayed in a slightly different color from the rest of the text or underlined. Your cursor shows you external links when you move them over such a link. Only when you click on an external link will your personal data be transferred to the destination of the link. In particular, the operator of the other website receives your IP address, the time you clicked on the link, the page on which you clicked on the link, and further information, which can be found in the respective provider's privacy policy.
Please also note that individual links may lead to a transfer of data outside the European Economic Area. This could give foreign authorities access to your data. You may not have any legal remedies against these data accesses. If you do not want your personal data to be transferred to the link destination or even unsolicited access by foreign authorities, please do not click on any links.
Rights of the person concerned
As a data subject within the meaning of the GDPR, you have the opportunity to assert various rights. The rights of data subjects arising from the GDPR are the right to information (Article 15), the right to rectification (Article 16), the right to delete (Article 17), the right to restrict processing (Article 18), the right to object (Article 21), the right to lodge a complaint with a supervisory authority and the right to data portability (Article 20).
Right of withdrawal:
Some data processing can only take place with your express consent. You have the option to withdraw your consent at any time. However, this does not affect the lawfulness of data processing up to the time of withdrawal.
Right to object:
If processing is based on Art. 6 paragraph 1 lit. e or f DSGVO, you as the data subject may object to the processing of personal data concerning you at any time for reasons arising from your particular situation. You also have this right in the case of profiling based on these provisions within the meaning of Art. 4 Z 4 GDPR. If we cannot demonstrate a legitimate interest in processing which outweighs your interests, rights and freedoms or serves to assert, exercise or defend legal claims, we will refrain from processing your data following an objection. If the processing of personal data serves to carry out direct marketing, you also have the right to object at any time. The same applies to profiling, which is associated with direct advertising. Here, too, we will no longer process personal data as soon as you object.
Right to lodge a complaint with a supervisory authority:
If you believe that the processing of the relevant personal data violates the GDPR, without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular the member state of your place of residence, place of work or place of the alleged infringement.
Right to data portability:
If your data is processed automatically on the basis of consent or fulfilment of a contract, you have the right to receive this data in a structured, common and machine-readable format. You also have the right to request the transfer and provision of the data to another person responsible, insofar as this is technically feasible.
Right to information, correction and deletion:
You have the right to receive information about your processed personal data regarding the purpose of data processing, the categories, recipients and the duration of storage. If you have any questions about this topic or other topics relating to personal data, you can of course contact us using the contact options provided in the legal notice.
Right to restrict processing:
You can exercise the restriction of the processing of your personal data at any time. To do so, you must meet one of the following requirements:
· You dispute the accuracy of the personal data. For the duration of the verification of accuracy, you have the right to request that processing be restricted.
· If processing is carried out unlawfully, you can request that the use of the data be restricted as an alternative to deletion.
· Should we no longer need your personal data for processing purposes, but you need the data to assert, exercise or defend legal claims, you can request the restriction of processing as an alternative to deletion.
· If you object to processing in accordance with Article 21 (1) GDPR, a balance will be made between your interests and ours. Until this consideration has been made, you have the right to request that processing be restricted.
The result of a restriction of processing is that, apart from storage, personal data may only be processed with your consent or to assert, exercise or defend legal claims or to protect the rights of another natural or legal person or for reasons of important public interest of the Union or a Member State.
Provision of the website (web host)
Our website is hosted by:
Amazon.com Inc.
10 Terry Ave N, Seattle 98109, WA
USA
The server is located in Ireland.
When you visit our website, we automatically collect and store information in so-called server log files. Your browser automatically transmits this information to our server or to the server of our hosting company.
These are:
· IP address of the website visitor's device
· Device used
· Host name of the accessing computer
· Visitor's operating system
· Browser type and version
· Name of the retrieved file
· Time of server request
· Amount of data
· Information as to whether the retrieval of the data was successful
This data is not combined with other data sources. Instead of running this website on our own server, we can also have it run on the server of an external service provider (hosting company), which we have mentioned above in this case. The personal data collected by this website is then stored on the hosting company's servers. In addition to the above data, the web host also stores for us, for example, contact requests, contact details, names, website access data, meta and communication data, contract data and other data generated via a website.
The legal basis for processing this data is Article 6 (1) (f) GDPR. Our legitimate interest is the technically error-free presentation and optimization of this website. If the website is accessed to enter into contract negotiations with us or to conclude a contract, it serves as an additional legal basis (Art. 6 para. 1 lit. b GDPR). In the event that we have commissioned a hosting company, there is a contract for order processing with this service provider.
Use of local storage items, session storage items and cookies
Our website uses local storage items, session storage items and/or cookies. Local storage is a mechanism that allows data to be stored within the browser on your device. This data usually includes user preferences, such as the “day” or “night mode” of a website, and is retained until you manually delete the data. Session storage is very similar to local storage, whereas the storage period only lasts during the current session, i.e. until the current tab is closed. The session storage items are then deleted from your device. Cookies are information that a web server (server that provides web content) stores on your device in order to be able to identify this device. They are either temporarily deleted for the duration of a session (session cookies) and after the end of your visit to a website or stored permanently (permanent cookies) on your device until you delete them yourself or are automatically deleted by your web browser.
These objects can also be stored on your device by third-party companies when you enter our site (third-party requests). This enables us as the operator and you as a visitor to this website to use certain services from third parties that are installed on this website. Examples include processing payment services or displaying videos. These mechanisms have a wide range of uses. You can improve the functionality of a website, increase shopping cart function taxes, the security and convenience of website use, and carry out analyses of visitor flows and behavior. Depending on the individual functions, these must be classified under data protection law. If they are necessary for the operation of the website and to provide certain functions (shopping cart function) or are intended to optimize the website (e.g. cookies to measure visitor behavior), then they are used on the basis of Art. 6 para. 1 lit. f DSGVO. As a website operator, we have a legitimate interest in storing local storage items, session storage items and cookies to provide our services in a technically error-free and optimized manner. In all other cases, local storage items, session storage items and cookies will only be stored with your express consent (Art. 6 para. 1 lit. a GDPR). Insofar as local storage item, session storage or cookies are used by third-party companies or for analysis purposes, we will inform you separately as part of this data protection notice. Your required consent is requested and can be withdrawn at any time.
Using external services
External services are used on our website. External services are third-party services that are used on our website. This can be done for various reasons, such as to embed videos or to secure the website. When using these services, personal data is also passed on to the respective providers of these external services. If we have no legitimate interest in using these services, we obtain your consent as a visitor to our website, which can be withdrawn at any time, before using them (Art. 6 para. 1 lit. a GDPR).
Analytics
To analyze user behavior, we process personal data from website visitors. By evaluating the data obtained, we are able to compile information about the use of the individual components of our website. This allows us to increase the usability of our website. Using the analysis tools used, for example, user profiles could be created to display targeted or interest-based advertising messages, recognize our website visitors the next time they visit our website, measure their click/scroll behavior, their downloads, create heat maps, recognize page views, measure visit duration or bounce rates, and trace the origin of website visitors (city, country, from which page the visitor comes). With the help of analysis tools, our market research and marketing activities can be improved.
Processing only takes place if you consent to this data processing (via our consent banner on the website). The legal basis for this processing is consent (Art. 6 para. 1lit. a GDPR). Without your consent, data will not be processed in the manner described above. If you withdraw your consent (e.g. via the consent banner or other options provided on this website), we will stop this data processing. The lawfulness of the processing carried out up to the time of revocation remains unaffected.
Consent Management
In order to comply with data protection requirements, we use a consent management tool on our website. With this tool, we obtain the necessary consent to set cookies or use external services. The consents are saved. Processing is necessary to fulfill a legal obligation to which the person responsible (operator of the website) is subject. Article 6 (1) (c) GDPR is therefore used as the legal basis for processing.
Finsweet Cookie Consent
We use the Finsweet Cookie Consent service on our website. The provider of the service is Finsweet, 2774 Harbor Rd, Merrick, NewYork, 11566, USA. Since this service is hosted locally on the web server, there is no data transfer to third parties.
Content Delivery Network (CDN)
We use a content delivery network (CDN) to optimize the performance and availability of our website. For this purpose, this service provider, which provides this network, processes your IP address and information about when you visited our website. All further information about data processing by this service provider can be found in their privacy policy. We base this processing on a legitimate interest (Art. 6 para. 1 lit. f GDPR). Our legitimate interest in using a content delivery network is to be able to present our website as quickly, securely and reliably as possible.
Amazon CloudFront
We use the Amazon CloudFront service on our website. The provider of the service is Amazon Web Services EMEA S.à r.l.,38avenue John F. Kennedy L-1855, Luxembourg. Using the service may result in data transmission to a third country (USA). The provider is certified in accordance with the EU-U.S. Data Privacy Framework and therefore offers an appropriate level of data protection. Further information can be found in the provider's privacy policy at the following URL: https://aws.amazon.com/de/privacy/.CloudFlare
Google APIs CDN
We use the Google APIs CDN service on our website. The provider of the service is Google Ireland Limited, Gordon House, BarrowStreet, Dublin 4, Ireland. Using the service may result in data transmission to a third country (USA). The provider is certified in accordance with the EU-U.S.Data Privacy Framework and therefore offers an appropriate level of data protection. Further information can be found in the provider's privacy policy at the following URL: https://policies.google.com/privacy.
jsDelivr
We use the jsDelivr service on our website. The provider of the service is Volentio JSD Limited, Suite 2a1, Northside House, Mount Pleasant, Barnet, EN4 9EB, Great Britain. Using the service may result in data transfer to a third country (USA). Further information can be found in the provider's privacy policy at the following URL: https://www.jsdelivr.com/terms/privacy-policy.
HR systemsWe use software to better collect, store and manage information relating to personnel administration. HR systems store personal data, in particular name, address and salary data. Processing only takes place if you consent to this data processing (via our consent banner on the website). The legal basis for this processing is consent (Art. 6 para. 1lit. a GDPR). Without your consent, data will not be processed in the manner described above. If you withdraw your consent (e.g. via the consent banner or other options provided on this website), we will stop this data processing. The lawfulness of the processing carried out up to the time of revocation remains unaffected.
Personio HR system
We use the Personio HR System service on our website. The provider of the service is Personio GmbH, Rundfunkplatz 4.80335 Munich, Germany. Further information can be found in the provider's privacy policy at the following URL: https://www.personio.de/datenschutzerklaerung/.
Search Engine
To make content on our website easier to find, a search engine from a third-party provider was installed. Installing the search engine on the website results in the transfer of technical data such as the IP address to the third party. Processing only takes place if you consent to this data processing (via our consent banner on the website). The legal basis for this processing is consent (Art. 6 para. 1 lit. a GDPR). Without your consent, data will not be processed in the manner described above. If you withdraw your consent (e.g. via the consent banner or other options provided on this website), we will stop this data processing. The lawfulness of the processing carried out up to the time of withdrawal remains unaffected.
googleWe use the Google service on our website. The provider service is Google Ireland Limited, Gordon House, BarrowStreet, Dublin4, Ireland. Using the service may result in data transmission to a third country (USA). The provider is certified in accordance with EU-U.S.Data Privacy Framework and therefore offers an appropriate level of data protection. Further information can be found in the data protection information provider at the following URL: https://policies.google.com/privacy.
web fonts
To uniformly display fonts, this site uses so-called web fonts, which are provided by an external provider and loaded by the browser when the website is accessed. In doing so, the provider of the web font becomes aware that you have accessed our website from your IP address, as your browser creates a direct connection to the provider of the web font. Processing only takes place if you consent to this data processing (via our consent banner on the website). The legal basis for this processing is consent (Art. 6 para. 1lit. a GDPR). Without your consent, data will not be processed in the manner described above. If you withdraw your consent (e.g. via the consent banner or other options provided on this website), we will stop this data processing. The lawfulness of the processing carried out up to the time of revocation remains unaffected.
Google Fonts
We use the Google Fonts service on our website. The provider of the service is Google Ireland Limited, Gordon House, BarrowStreet, Dublin 4, Ireland. Using the service may result in data transmission to a third country (USA). The provider is certified in accordance with EU-U.S.Data Privacy Framework and therefore offers an appropriate level of data protection. Further information can be found in the data protection information provider at the following URL: https://policies.google.com/privacy.
promotionOur website uses tools that make it easier or easier to place advertisements and evaluate the success of placed ads. Personal data is processed for this purpose, in particular the IP address, access times and device information. Processing only takes place if you consent to this data processing (via our consent banner on the website). The legal basis for this processing is consent (Art. 6 para. 1 lit. a GDPR). Without your consent, data will not be processed in the manner described above. If you withdraw your consent (e.g. via the consent banner or other options provided on this website), we will stop this data processing. The lawfulness of the processing carried out up to the time of withdrawal remains unaffected.
Google Ads
We use the Google Ads service on our website. The provider of the service is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Using the service may result in data transmission to a third country (USA). The provider is certified in accordance with the EU-U.S. Data Privacy Framework and therefore offers an appropriate level of data protection. Further information can be found in the provider's privacy information at the following URL: https://policies.google.com/privacy.
Google AdSense
We use the Google AdSense service on our website. The provider of the service is Google Ireland Limited (GV), GordonHouse, BarrowStreet, Dublin 4, Ireland. Using the service may result in data transfer to a third country (USA). The provider is certified in accordance with the EU-U.S. Data Privacy Framework and therefore offers an appropriate level of data protection. Further information can be found in the provider's privacy policy at the following URL: https://policies.google.com/privacy.
contact form
On our website, it is possible to contact us using a contact form. In particular, your contact details are required to contact you via this form. As a legal basis, reference is made to processing for the purpose of contract performance or pre-contractual measures in accordance with Art. 6 para. 1lit. b GDPR. There may also be a legitimate interest to maintain business relationships or to answer your request for other reasons. In this case, the legal basis for processing your data would be Art. 6 para. 1 lit. f GDPR. The data will be deleted when we have finally answered your request and there are no other storage obligations to the contrary.
Contact by phone or email
In accordance with legal requirements, we have provided a telephone number and e-mail address on our website. The data transmitted in this way is automatically stored by us so that we can process appropriate inquiries or contact the person making the request. We will not share this data with third parties without consent. If you contact us by telephone or via our e-mail address for pre-contractual or contractual purposes, the processing of personal data is based on the legal basis of Article 6 (1) (b) GDPR. If you otherwise contact us, the processing of personal data by us is based on our legitimate interest in accordance with Article 6 (1) (f) GDPR.
Handling applicant data
It is possible to send us an application (e.g. by post, online application form or by e-mail). The personal data obtained as a result is stored and processed by us for the application process. The basis for processing is Art. 6 para. 1 lit. b DSGVO and Art. 6 para. 1 lit. a GDPR, provided consent has been given. Insofar as German law is applicable, Section 26 BDSG in particular is used as the legal basis for processing. You can withdraw your consent at any time. The lawfulness of the processing carried out up to the time of revocation remains unaffected. If an employment relationship results from the application, the data collected will be stored to process the employment relationship on the basis of Art. 6 para. 1 lit. b GDPR. Insofar as there is no employment relationship, the data will be stored on the basis of Article 6 (1) (f) GDPR for the duration of the legal claims, in particular due to discrimination in the application process. This is necessary to defend against any lawsuits or allegations. If consent has been given, the data will be stored for longer on the basis of Article 6 (1) (a) GDPR. You can withdraw your consent at any time. The lawfulness of the processing carried out up to the time of withdrawal remains unaffected. If there is no employment relationship, the applicant can be added to our pool of applicants. All information from the application is stored in order to be able to contact the relevant person in case of suitable job advertisements. The data in the applicant pool is stored exclusively after consent has been given on the basis of Article 6 (1) lit. ADSGVO. This consent can be withdrawn at any time, whereupon the corresponding data will be deleted, unless there are legal storage reasons. Deletion takes place automatically no later than two years after consent has been given. The lawfulness of the processing carried out up to the withdrawal remains unaffected.
Presence on LinkedIn
Social networks process their users' personal data extensively. When you visit our profiles, your IP address and other information about the devices you use are processed, which allows the IP addresses to be assigned to individual users. We have no influence on this data processing. We would like to point out that you use our profiles on social networks and their functions on your own responsibility. Details of data processing can be found in the operator's privacy policy. We have a profile on LinkedIn. The provider is Linkedin Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland. LinkedIn uses advertising cookies. Detailed information about the handling of personal data can be found in the following LinkedIn privacy policy: https://www.linkedin.com/legal/privacy-policy.Zweck of our profiles on social media platforms is the expansion of our website and the associated greater awareness. Legitimate interest in accordance with Article 6 (1) (f) GDPR is therefore the legal basis. Furthermore, with regard to processing activities carried out by social networks, on their own legal bases (e.g. consent in accordance with Art. 6 para. 1 lit. a GDPR), which can be found in the respective privacy policy. Together with the social media platform, we are generally responsible for the data processing processes triggered when you visit our profile. You can therefore assert your rights as a data subject in accordance with Art. 15ff GDPR against the social media platform as well as against us. However, we would like to point out that we have no influence on data processing by the social media platform.
.svg)
