Data protection declaration in accordance with the GDPR

I. Name and address of the data controller

Adolf Lupp GmbH + Co KG
Alois-Thums-Straße 1-3
63667 Nidda
Germany
Tel.: +49 60 43 – 807 0
E-Mail: info@lupp.de
Website: https://www.lupp.de

The company is responsible in accordance with the EU General Data Protection Regulation (GDPR) and other national data protection laws.

II. Name and address of the data protection officer

The data protection officer of the data controller is:

Axel Streichardt
Adolf Lupp GmbH + Co KG
Alois-Thums-Straße 1-3
63667 Nidda
Germany
Tel.: +49 60 43 – 807 0
E-Mail: datenschutz@lupp.de
Website: https://www.lupp.de

III. General information about data processing

1. Processing scope of personal data

We only collect and use personal data of users of our homepage to the extent necessary to provide a functional website, our content and services.

In principle, our users’ personal data is only collected and used with their consent. An exception to this principle applies in cases where processing of data is permitted by law or where prior consent cannot be obtained for whatever reason.

2. Legal basis for the processing of personal data

The legal basis for the processing of personal data is primarily determined from:

  • Article 6, paragraph 1, lit. a of the GDPR for obtaining the consent of an affected person.
  • Article 6, paragraph 1, lit. b of the GDPR in the case of processing for the fulfilment of a contract to which the affected person is a party. This includes processing procedures that are required to implement pre-contractual measures.
  • Article 6, paragraph 1, lit. c of the GDPR in the case of processing that is essential to fulfil a legal obligation.
  • Article 6, paragraph 1, lit. d of the GDPR if the processing of personal data is absolutely essential for the vital interests of the affected person or another natural person.
  • Article 6, paragraph 1, lit. e of the GDPR if the processing is necessary to safeguard legitimate interests of our company or a third party and the interests, fundamental rights and freedoms of the affected person do not outweigh the aforementioned interests.

3. Data deletion and storage duration

Users’ personal data will be deleted or blocked as soon as the purpose of storage ceases to apply. Further storage may take place if this has been intended by the European or national legislator in EU regulations, laws or other regulations that are applicable to the data controller. The data will also be blocked or deleted when a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or fulfilment of a contract.

IV. Using our website, general information

1. Description and scope of data processing

Every time a user visits our website, our system automatically collects data and information from the user’s computer system. The following information is collected:

  1. Information about the browser type and version used
  2. Operating system of the user
  3. Internet service provider of the user
  4. IP address of the user
  5. Date and time of access
  6. Websites from which the user’s system reaches our website
  7. Websites accessed by the user’s system via our website

The log files contain IP addresses or other data enabling allocation to a user. This could be the case, for example, if the link to the website from which the user accesses the website or the link to the website to which the user navigates contains personal data.

The described data is stored in the log files of our system. This data is not stored together with other personal data of the user.

2. Purpose and legal basis for data processing

The temporary storage of the IP address by our system is necessary to enable the website to be delivered to the user’s computer. For this purpose, the IP address of the user must remain stored for the duration of the session.

Log files are stored to ensure the functionality of the website. In addition, the data is used by us to optimize the website and ensure the security of our information technology systems. Data stored in this context are not evaluated for marketing purposes.

The legal basis for the temporary storage of data is Article 6, paragraph 1, lit. f of the GDPR.

The collection of your personal data for the provision of our website and the storage of the data in log files is absolutely necessary for the operation of the website. Therefore, the user does not have an option to object.

3. Duration of storage

Your data will be deleted as soon as it is no longer necessary to achieve the purpose for which it was collected. If your data is collected to ensure the provision of the website, the data will be deleted when the respective session is ended.

Data stored in log files are deleted no later than after seven days. Storage beyond this period is possible, in which case users’ IP addresses are deleted or alienated, making it impossible to assign them to the accessing client.

V. General information about use of cookies

We use cookies on our website. Cookies are text files that are stored in the Internet browser or by the Internet browser on the user’s computer system. When you visit a website, a cookie may be stored in your operating system. It contains a characteristic character string that allows the browser to be uniquely identified when the website is accessed again.

We use cookies to make our homepage more user-friendly. Some elements of our website require that the browser can be identified even after changing a page.

TDSDPA:

The legal basis for the storage of cookies, device identifiers and similar tracking technologies or for the storage of information in the end user’s terminal equipment and access to this information is the European ePrivacy Directive in conjunction with the Telecommunications Digital Services Data Protection Act (TDSDPA).

Please note that the legal basis for the processing of personal data collected in this context then results from the GDPR (Art. 6 para. 1 p.1 GDPR). The relevant legal basis for the processing of personal data in each specific case can be found below the respective cookie or the respective processing itself.

The primary legal basis for the storage of information in the end user’s terminal equipment – consequently in particular for the storage of cookies – is your consent, Section 25 para. 1 p.1 TDSDPA. Consent is given when you visit our website – although this does not have to be given, of course – and can be revoked at any time in the cookie settings.

Pursuant to Section 25 (2) No. 2 TDSDPA, consent is not required if the storage of information in the end user’s terminal equipment or access to information already stored in the end user’s terminal equipment is absolutely necessary for the provider of a telemedia service to be able to provide a telemedia service expressly requested by the user. You can see from the cookie settings which cookies are to be classified as absolutely necessary (often also referred to as “technically necessary cookies”), and therefore fall under the exception of Section 25 (2) TDSDPA and thus do not require consent.

GDPR:

When cookies are used, the following data is stored and sent:

  • Cookie preferences (Borlabs)

The legal basis for the processing of personal data using cookies is Article 6, paragraph 1, lit. f of the GDPR. The purpose of using the technically essential cookies is to simplify the use of our website.

We do not use the user data collected by technically essential cookies to create user profiles.

Cookies are stored on the user’s computer and sent to our site. As a user, you therefore have control over the use of cookies. You can restrict or deactivate the transmission of cookies by making changes in the settings of your Internet browser. Stored cookies can also be deleted there. Please note that if you deactivate cookies, you may not be able to use all the functions of our website any longer.

Adjust cookie settings

VI. Your rights/rights of the affected person

Under the EU General Data Protection Ordinance, you have the following rights as an affected person:

1. Right to information

You have the right to receive information from us to know whether we have processed your personal data and further information according to the legal requirements of article 13, 14 of the GDPR.

You can assert your right to information at datenschutz@lupp.de.

2. Right to correction

If the personal data we process is incorrect or incomplete, you have the right to correct and/or complete it. The correction shall be made immediately.

3. Right to restriction

You may exercise the right to restrict the processing of your personal data according to the legal requirements (article 18 of the GDPR).

4. Right to deletion

If the reasons given in article 17 of the GDPR are applicable, you can request to have your personal data deleted immediately.

We would like to point out that the right to deletion does not exist if the processing is necessary for one of the exemptions mentioned in article 17, paragraph 3 of the GDPR.

5. Right to information

If you have exercised your right to correction, deletion or restriction of processing, we will be obliged to inform all recipients, to whom your personal data has been disclosed, about this correction or deletion of the data or restriction on processing, unless this proves impossible or involves a disproportionate effort. You also have the right to be informed of these recipients.

6. Right to data transferability

According to the GDPR, you also have the right to receive your personal data provided to us in a structured, commonly used and machine-readable format or to require their transfer to another responsible person.

7. Right to revoke the declaration of consent as per the data protection law

You have the right to revoke your declaration of consent as per the data protection law at any time. We would like to point out that the revocation of the consent does not affect the legality of the processing carried out on the basis of the consent until its revocation.

8. Right to objection

Furthermore, for reasons arising from your particular situation, you always have the right to object to the processing of your personal data concerning you, which is carried out on the basis of Article 6, paragraph 1, lit. e or f of the GDPR.

9. Automated decision in individual cases including profiling

Under the EU General Data Protection Ordinance, you still have the right not to be subject to a decision that is exclusively based on automated processing – including profiling – and that has a legal effect on you or significantly affects you in a similar manner.

10. Right to lodge a complaint with a supervisory authority

Finally, if you consider that the processing of your personal data violates the GDPR, you have the right to lodge a complaint with a supervisory authority, especially in the member state where you are staying, working or the location of alleged violation.

VII. Contact us electronically

A contact form is available on our home page to contact us electronically. The data entered in the form will be transmitted to and stored by us. This data includes:

  1. First name
  2. Last name
  3. E-Mail address
  4. Telephone number
  5. Subject
  6. Message

At the time of sending the message, the following data is stored in addition:

  1. The user’s IP address
  2. Date and time of registration.

You can also contact us by sending an email to the email address provided. In this case, the personal data of the user transmitted together with this email will be stored. Your data are not transferred to third parties in this context, but only used for the purpose of communicating with you.

The legal basis for processing and handling of the contact request is Art. 6 para. 1 sent. 1 lit. b GDPR if consent has been given by the user, additional Art. 6 ( ) lit. f GDPR.

Should further personal data be processed during sending, this will only serve to prevent misuse of our contact form and ensure the security of our information technology systems.

Your data is deleted as soon as it is no longer required to achieve the purpose for which they were collected. For the personal data from the contact form and those sent by e-mail, this is the case once the respective communication with the user has ended. A conversation is considered to have ended when it is obvious from the circumstances that the matter in question has been conclusively clarified.

Any additional personal data collected during the sending process will be deleted no later than after a period of seven days.

If the operation is based on the legal basis of Art. 6 (1) sent. 1 lit. f (legitimate interest), you may also object to the storage of your personal data at any time. Please note, however, that the communication cannot be continued in this case. Please contact our data protection officer to withdraw your consent to the processing and storage of your personal data. All personal data stored in the context of contacting us will be deleted in this case.

VIII. Social Media

1. Social media presence

We maintain fan pages on various social networks and platforms with the aim of reaching customers, interested parties and users who are active on these platforms and informing them about our services and establishing a communication with them. This could result in your personal data being processed outside the European Union. This means that you could be exposed to risks, for example with regard to enforcing your rights under European or German law.

User data is generally processed for market research and advertising purposes. For example, user profiles can be created from the usage behavior data and identified interests. These user profiles can, among others, be used for personalized advertising activities on or off these platforms. For this purpose, for example, cookies tracking user behavior and interests are stored on the users’ computers. Furthermore, user profiles can be used to store user data irrespective of the terminal device used.
Our legitimate interests in processing the personal data of users in accordance with Art. 6 (1) sentence 1 lit. f GDPR lies in establishing effective communication and information. If users are asked to consent to the processing of their data by a provider, the legal basis for such processing is Art. 6 (1) sentence 1 lit. a, Art. 7 GDPR.

By clicking on the respective links, you can obtain further information from the relevant providers about the processing of your personal data and your options to object. Your data subject rights, i.e. requests for information and other rights, can also be asserted against the providers if they process your personal data.
We will be happy to answer your questions in this regard and assist you if you need help.

Providers:

Facebook
Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland
Privacy policy: https://www.facebook.com/about/privacy/
Opt-out: https://www.facebook.com/settings?tab=ads and http://www.youronlinechoices.com

LinkedIn
LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Irland
Privacy policy: https://www.linkedin.com/legal/privacy-policy
Opt-out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out

2. Sharing of social media content

Our website uses so-called sharing box links. They make it possible to directly share website content on one of the social media channels linked by us (Facebook, Twitter, LinkedIn, Pinterest).

To this end, the content link is copied after accessing the sharing box link and the page of the linked social media service is opened. If you are not already logged in, you will be asked to log in to the service before you can share anything. As soon as the respective social media page is opened, the social media channel’s share function will open, enabling you to edit the copied content link and immediately share it. Only if you click on the sharing box link is data transferred to the respective social media service.

At the time a link is called up, we only process the following data:

  • Information about the browser type and version used,
  • Operating system of the user,
  • IP address of the user,
  • Date and time of access.

The legal basis for the data processing is our legitimate interest in improving the user experience according to Art. 6 Art. 6 (1) sentence 1 lit. f GDPR. More information about the social media services linked with sharing box links is provided here:

Facebook
Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland
Privacy policy: https://www.facebook.com/about/privacy/
Opt-out: https://www.facebook.com/settings?tab=ads und http://www.youronlinechoices.com

Twitter
Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA
Privacy policy: https://twitter.com/de/privacy
Opt-out: https://twitter.com/personalization

LinkedIn
LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Irland
Privacy policy: https://www.linkedin.com/legal/privacy-policy
Opt-out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out

Pinterest
Pinterest Inc., 635 High Street, Palo Alto, CA, 94301, USA
Privacy policy / Opt-out: https://about.pinterest.com/de/privacy-policy

3. Integration of YouTube videos

We have integrated YouTube videos in our online services. They are saved on http://www.youtube.com and can be played directly from our website. They are embedded in ‘enhanced privacy mode’, which means that no user data is transferred to YouTube if you do not play the videos. Only when videos are played will the data referred to in paragraph 2 be transmitted. We have no influence on this data transmission.

When you visit the website, YouTube is informed that you have visited the corresponding subpage of our website. This happens regardless of whether YouTube provides a user account through which you are logged in or whether no user account exists. If you are logged in with Google, your data is directly associated with your account. If you do not wish to be assigned with your profile at YouTube, you must log out before you activate the button. YouTube stores your data collected as user profiles and uses them for the purposes of advertising, market research and/or the tailored design of their website. An analysis of this kind is carried out in particular (even for users who are not logged in) to provide tailored advertising and to inform other users of the social network about your activities on our website. You have a right to lodge an objection to the creation of these user profiles, but you must contact YouTube in order to exercise this right.

For more information on the purpose and scope of data collection as well as data processing by YouTube, please refer to the privacy policy. It also offers additional information about your rights and settings options available to protect your privacy: https://www.google.de/intl/de/policies/privacy.

4. Integration of Google Maps

On this website we use the offer of Google Maps. This allows us to display interactive maps directly on the website and enables you to use the map function conveniently.

By visiting the website, Google receives the information that you have called up the corresponding subpage of our website. In addition, the data mentioned in section IV of this declaration are transmitted to Google. This occurs regardless of whether Google provides a user account through which you are logged in or whether no user account exists. If you are logged in at Google, your data will be assigned directly to your account. If you do not wish to be associated with your profile on Google, you must log out before activating the button. Google stores your data as user profiles and uses them for purposes of advertising, market research and/or demand-oriented design of its website. Such an evaluation is carried out in particular (even for users who are not logged in) to provide needs-based advertising and to inform other users of the social network about your activities on our website. You have a right of objection to the creation of these user profiles, and you must contact Google to exercise this right.

Further information on the purpose and scope of data collection and its processing by the plug-in provider can be found in the provider’s privacy policy. There you will also receive further information on your rights and settings to protect your privacy: https://www.google.de/intl/de/policies/privacy.

IX. Integration of Google Fonts

On the basis of our legitimate interest in accordance with Art. 6 (1) lit. f GDPR, we integrate the fonts (“Google Fonts”) of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. This is done for the purpose of optimizing and operating our homepage in a cost-effective manner. The provider’s privacy policy is available at: https://www.google.com/policies/privacy /, opt-out cookies can be set at: https://adssettings.google.com/authenticated.

X. Use of Google’s ReCaptcha service

Our website also uses Google’s reCaptcha service to determine whether a person or a computer makes an entry in our contact form.

Google uses the following data to verify whether you are a human being or a computer: IP address of terminal device used, website visited with us on which the reCaptcha is integrated, date and duration of visit, recognition data of the browser type and operating system used, Google account if logged in with Google, mouse movements on the reCaptcha fields and tasks asking you to identify certain images.

The legal basis for the above-mentioned data processing is Art. 6 (1) sentence 1 lit. f GDPR. Our legitimate interests in processing these data lies in ensuring the security of our website and protecting it from automated entries (attacks).

Further information about the provider Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, can be found at https://www.google.com/policies/privacy.

Opt-out: https://adssettings.google.com/authenticated

XI. Data Transfers to Third Countries (outside of the EU)

The GDPR ensures an equally high level of data protection within the European Union. When selecting our service providers, we therefore rely on European partners wherever possible when your personal data is being processed. Within some exceptions we may process personal data outside the EU through third-party services. This may only be the case where the special requirements in accordance with Art. 44 et. seq. GDPR are fully met. This means that the processing of your data may then only take place when the third country has been declared to ensure an adequate level of protection by the European Commission or if the European Standard Contractual Clauses have been signed.

EU-US Trans-Atlantic Data Privacy Framework

Within the framework of the so-called “Data Privacy Framework” (DPF), the EU Com-mission has also recognized the level of data protection for certain companies from the U.S. as safe within the framework of the adequacy decision of 10.07.2023. The list of certified companies as well as further information on the DPF can be found on the website of the U.S. Department of Commerce at https://www.dataprivacyframework.gov/s/participant-search.