Privacy policy of Leroma GmbH
 


§ 1 Information on the processing of personal data

(1) We, Leroma GmbH, Ottostraße 1, 40625 Düsseldorf, Germany (hereinafter referred to as "Leroma" or "we") attach particular importance to the protection and confidentiality of your data. The collection and use of your personal data is exclusively within the scope of the legal provisions of the applicable data protection law. With this data protection declaration we inform you about the personal data we collect in connection with your use of the platform www.leroma.de (hereinafter referred to as "platform") and for what purpose the data is used.

(2) You can use our platform as a browser-based online offer. In the following, we provide information about the type, scope and purpose of processing personal data when using our platform including all sub-pages. You can access this information at any time on our website under the menu item "Privacy Policy" in the main menu. Personal data are all data that can be related to you personally, e.g. name, e-mail address, year of birth, usage data. Usage data is such data that is necessary to use our website, such as information about the beginning, end and extent of use of our website, registration data and payment data. The person responsible in accordance with Art. 4 Para. 7 of the EU Data Protection Basic Regulation (DS-GVO) is: Leroma GmbH, Ottostraße 1, 40625 Düsseldorf (see our imprint, email: support@leroma.de)

(3) When you contact us by post, e-mail or via the website, we will store your e-mail address and, if provided by you, your name, telephone number and any other data you provide in order to answer your questions. We delete the data collected in this context after storage is no longer required or - in the case of statutory storage obligations - restrict processing.

(4) Occasionally, we may rely on contractually affiliated third-party companies and external service providers to provide the services, for example in the areas of sending advertising (only if you have given your express prior consent) and customer service. In such cases, information is shared with these companies or individuals to enable them to process your request. These external service providers are carefully selected and regularly reviewed by us to ensure that your privacy is protected. The service providers are not allowed to use the data for any purpose other than the one we have specified. In addition, we contractually oblige the service providers to treat your data exclusively in accordance with this data protection declaration and the German data protection laws.
 


§ 2 Your rights

(1) You have the following rights in relation to the personal data concerning you:

    • Right of information,
    • Right of correction or deletion,
    • Right to restrict processing,
    • Right to object to the processing,
    • Right to data portability

(2) You also have the right to complain to a data protection supervisory authority about the processing of your personal data in our company



§ 3 Processing of personal data when using our website

(1) In order to use the website, we collect the following information when you create an account with us and log in to our website via your account:

    • e-mail address
    • Salutation
    • First name, last name
    • Address
    • Date of the start and end of use
    • scope of use
    • Payment information
    • Password
    • Customer number of your account

The processing of the above-mentioned data is carried out,

    • to identify you as a Leroma user
    • for corresponding with you
    • for invoicing
    • for processing and executing payments and orders
    • for the settlement of any existing liability claims and the assertion of any claims against you.

The data processing is carried out for the purposes mentioned, for the implementation of pre-contractual measures and for the fulfilment of the contract with you (legal basis is Art. 6 para. 1 sentence 1 lit. b DS-GVO). In addition, our legitimate interests lie in achieving the stated purposes (the legal basis is Art. 6 para. 1 sentence 1 lit. f DS-GVO).

(2) You can use our platform via our website browser-based directly on your PC, tablet or smartphone.

(3) When you visit or use the website, including all sub-pages, we collect the personal data described below to enable convenient use of the functions. If you wish to use our website, we collect the following data, which is technically necessary for us to offer you the functions of our website and to ensure stability and security (legal basis is Art. 6 Para. 1 S. 1 lit. f DS-GVO):

    • IP address
    • Date and time of the request
    • Time zone difference to Greenwich Mean Time (GMT)
    • Content of the request (concrete page)
    • Access status/HTTP status code
    • Amount of data transmitted in each case
    • Website from which the request comes
    • Browser
    • Operating system and its interface
    • Language and version of the browser software.

(4) In addition to the above-mentioned data, cookies are stored on your computer when you use our platform. Cookies are small text files that are stored on your hard disk, assigned to the browser you are using, and through which certain information flows to the party that sets the cookie (here: us). Cookies cannot execute programs or transfer viruses to your computer. They serve to make the website more user-friendly and effective overall.

Use of cookies:

a) This website uses the following types of cookies, the scope and function of which are explained below:

    • Transient cookies (see b)
    • Persistent cookies (see c).b)

(b) Transient cookies are automatically deleted when you close the browser. This includes in particular the session cookies. These store a so-called session ID, with which various requests from your browser can be assigned to the common session. This allows your computer to be recognized when you return to our website. The session cookies are deleted when you log out or close the browser.

(c)Persistent cookies are automatically deleted after a specified period of time, which may vary depending on the cookie. You can delete the cookies in the security settings of your browser at any time.

(d) You can configure your browser settings according to your wishes and, for example, refuse to accept third-party cookies or all cookies. Please note that you may not be able to use all functions of this website.

(e) Furthermore, we use HTML5 storage objects that are stored on your end device. These objects store the required data independently of the browser you are using and have no automatic expiration date. You can prevent the use of HTML5 storage objects by using the private mode in your browser. We also recommend that you regularly delete your cookies and browser history manually. In addition to the data mentioned above, cookies are stored on your computer when you use our website. Cookies are small text files that are stored in the memory of your device and assigned to the website you are using. Cookies allow certain information to flow to the party that sets the cookie (here: us). Cookies cannot execute programs or transfer viruses to your mobile device. They serve to make the website more user-friendly and effective.

(5) Unless expressly stated otherwise within the scope of this data protection declaration, the data stored by us will be deleted as soon as they are no longer required for their intended purpose and there are no legal storage obligations to prevent deletion. If the data are not deleted because they are required for other and legally permissible purposes and it is necessary according to Art. 18 DS-GVO, their processing will be restricted.



§ 4 Information disclosure

In principle, your personal data will only be passed on without your express prior consent in the following cases:

(1) If it serves to clarify an illegal website use or is necessary for legal prosecution, personal data will be forwarded to the prosecution authorities and, if necessary, to injured third parties. However, this only happens if there are concrete indications of illegal or abusive behaviour. A transfer can also take place if this serves to enforce terms of use or other agreements. Leroma is also legally obliged to provide information to certain public bodies on request. These are law enforcement agencies, authorities that prosecute administrative offences that are subject to fines and the tax authorities.

(2)  As part of the further development of our business, the structure of Leroma GmbH may change as a result of a change in legal form, the establishment, purchase or sale of subsidiaries, parts of companies or components. In such transactions, customer information will be transferred together with the part of the business to be transferred. Whenever personal information is transferred to third parties to the extent described above, Leroma will ensure that this is done in accordance with this privacy policy and the relevant data protection laws.



§ 5 Objection or revocation against the processing of your data

(1) If you have given your consent to the processing of your data, you can revoke this consent at any time. Such revocation will affect the permissibility of processing your personal data after you have given it to us.

(2) As far as we base the processing of your personal data on the weighing of interests, you may object to the processing. This is the case if the processing is in particular not necessary for the fulfilment of a contract with you, which is described by us in the following description of the functions. In the event of such an objection, we ask you to explain the reasons why we should not process your personal data as we have done. In the event of your justified objection, we will examine the situation and either stop or adapt the data processing or show you our compelling reasons worthy of protection on the basis of which we will continue the processing.

(3) Of course, you can object to the processing of your personal data for the purposes of advertising and data analysis at any time. You can inform us about your objection to advertising at the following contact details Via Mail: Leroma GmbH, Ottostraße 1, 40625 Düsseldorf Via E-Mail: support@leroma.de
 


§ 6 Use of Google Analytics

(1) This website uses Google Analytics, a web analysis service of Google Inc. ("Google"). Google Analytics uses "cookies", which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookie about your use of this website is usually transferred to a Google server in the USA and stored there. However, in the event that IP anonymisation is activated on this website, your IP address will be shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and shortened there. On our behalf, Google will use this information to evaluate your use of the website, to compile reports on the website activities and to provide us with further services related to the use of the website and the Internet.

(2) The IP address transmitted by your browser within the framework of Google Analytics is not merged with other Google data.

(3) You can prevent the storage of cookies by adjusting your browser software accordingly; however, we would like to point out that in this case you may not be able to use all functions of this website to their full extent. You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) and the processing of this data by Google by downloading and installing the browser plug-in available under the following link: tools.google.com/dlpage/gaoptout.

(4) This website uses Google Analytics with the extension "_anonymizeIp()". This allows IP addresses to be processed in a shortened form, thus excluding the possibility of personal references. If the data collected about you contains a personal reference, this is immediately excluded and the personal data is therefore deleted immediately.

(5) We use Google Analytics to analyse and regularly improve the use of our website. We can use the statistics obtained to improve our offer and make it more interesting for you as a user. For the exceptional cases in which personal data is transferred to the USA, Google has subjected itself to the EU-US Privacy Shield, www.privacyshield.gov/EU-US-Framework. The legal basis for the use of Google Analytics is Art. 6 para. 1 sentence 1 lit. f DS-GVO

(6) Third party information: Google Dublin, Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001. user conditions: www.google.com/analytics/terms/de.html, overview of data protection: www.google.com/intl/de/analytics/learn/privacy.html, and the data protection declaration: www.google.de/intl/de/policies/privacy.)

(7) This website also uses Google Analytics for a cross-device analysis of visitor flows, which is carried out using a user ID. You can deactivate the cross-device analysis of your usage in your customer account under Settings.



§ 7 Integration of Google Maps

(1) On this website we use the offer of Google Maps. This allows us to display interactive maps directly on the website and enables you to use the map function conveniently.

(2) By visiting the website, Google receives the information that you have called up the corresponding subpage of our website. In addition, the data mentioned above in this declaration is transmitted. This occurs regardless of whether Google provides a user account through which you are logged in or whether no user account exists. If you are logged in at Google, your data will be assigned directly to your account. If you do not want your profile to be associated with Google, you must log out before activating the button. Google stores your data as user profiles and uses them for purposes of advertising, market research and/or demand-oriented design of its website. Such an evaluation is carried out in particular (even for users who are not logged in) for the purpose of providing needs-based advertising and to inform other users of the social network about your activities on our website. You have a right of objection to the creation of these user profiles, whereby you must contact Google in order to exercise this right.

(3) For further information on the purpose and scope of data collection and its processing by the plug-in provider, please refer to the provider's privacy policy. There you will also find further information on your rights in this regard and setting options for protecting your privacy: www.google.de/intl/de/policies/privacy. Google also processes your personal data in the USA and has submitted to the EU-US Privacy Shield, www.privacyshield.gov/EU-US-Framework.
 


§ 8 Use of Google Web Fonts

(1) We use external fonts, so-called Google fonts, provided by Google on our website for the purpose of uniform display of fonts on your device. Google Fonts is a service provided by Google Inc. ("Google"), 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. When you call up a page, your browser loads the required web fonts in your browser cache to display text and fonts correctly. If your browser does not support web fonts, a default font from your computer is used.

(2) The Web Fonts are integrated via an interface ("API") to the Google services. By integrating the Web Fonts, Google may collect information (including personal data) and process it in the USA. Google has subjected itself to the EU-US Privacy Shield: www.privacyshield.gov/EU-US-Framework.

(3) We ourselves do not collect any data within the scope of providing the Google Fonts.

(4) The legal basis for the processing of personal data described here is Article 6(1)(f) of the DS-GVO. Our legitimate interest in this respect, which is necessary for this purpose, lies in the great benefit which a uniform presentation of the typefaces offers. The possibility of a uniform presentation means that we can keep the design workload lower than if we had to react to font standards of different operating systems or browsers with our own graphically adapted websites. Google also has a legitimate interest in the data collected in order to improve its own services.

(5) The provision of personal data is neither required by law nor by contract, nor is it necessary for the conclusion of a contract. Nor are you obliged to provide the personal data. However, failure to provide such data may mean that you are unable to use our website or cannot use it to its full extent and that the presentation of the website may change.

(6) You can set your browser so that the fonts are not loaded from the Google servers. If your browser does not support the Google fonts or if you prevent access to the Google servers, the text will be displayed in the default font of the system.

(7) Further information can be found at: www.google.com/fonts#AboutPlace:about and developers.google.com/terms/ and https://policies.google.com/privacy?hl=de.



§ 9 Using CLoudFlare

(1) On this website we use the "Content Delivery Network" (CDN) CloudFlare of the company CloudFlare Inc, 101 Townsend St, 94107 San Francisco, USA. CloudFlare is certified under the EU-US Privacy Shield Agreement:
www.privacyshield.gov/participant

(2) To ensure the full functionality of our website, all data transmitted to or from this website (including your IP address) is processed via the worldwide network of CloudFlare. Cloudflare uses cookies, which are stored on your computer and which enable an increase in the performance and security of the website. The information generated by cookies about your use of this website is stored and logged both within and outside the European Union. According to CloudFlare, the cached data is always deleted within 4 hours, but at the latest after one week.

(3) Data processing is carried out for the above-mentioned purposes and for the safe and efficient provision, analysis and optimisation of our website. The legal basis for data processing is Art. 6 Para. 1 lit. f DS-GVO.

(4) You can prevent the collection and processing of your data by CloudFlare by deactivating the execution of script code in your browser or by installing a script blocker in your browser (you can find such a script blocker e.g. at www.ghostery.com).

(5) Further information can be found in the privacy policy of CloudFlare at: www.cloudflare.com/privacypolicy/.



§ 10 Newsletter

(1) With your consent you can subscribe to our newsletter, with which we inform you about our current, interesting offers.

(2) For the registration to our newsletter we use the so-called double-opt-in procedure. This means that after your registration, we will send you an e-mail to the e-mail address provided, in which we ask you to confirm that you wish to receive the newsletter. If you do not confirm your registration within seven days, your information will be blocked and automatically deleted. In addition, we store your IP address, the time of registration and confirmation. The purpose of this procedure is to be able to prove your registration and, if necessary, to clarify any possible misuse of your personal data.

(3) Your e-mail address is the only compulsory information for the sending of the newsletter. The provision of further, separately marked data is voluntary and is used to address you personally. After your confirmation we will save your e-mail address for the purpose of sending you the newsletter. The legal basis is Art. 6 Paragraph 1 S. 1 lit. a DS-GVO.

(4) You can revoke your consent to the sending of the newsletter at any time and unsubscribe from the newsletter. You can revoke your consent by clicking on the link provided in each newsletter e-mail.



Status: April 2020