Data privacy statement

The protection of your privacy is very important to us. We therefore proceed according to the statutory regulations of the European and German data privacy legislation in all operations of data processing (e.g. collecting, processing and transmission).

The following statement gives you an overview of which of your data is asked for on our websites, how this data is used and forwarded, in which way you can find out about the information given to us and which security measures we take to protect your data.
 

1. Who is your contact person (controller) for data privacy concerns?

The controller as defined in the data privacy regulations for all data processing procedures performed via our websites is:

LOXEO GmbH
Carl-Benz-Str. 34
74321 Bietigheim-Bissingen
Germany
Phone: +49 7142 78-4800
E-mail: info(at)loxeo.com

We have not appointed a data privacy officer, as the statutory prerequisites for an appointment in our company are not given.

Please address your enquiries on the topic of data privacy and the assertion of the rights of data subjects (cf. below) to the above address.
 

2. Which data do we need from you for the use of our websites? Which data is collected and stored during use?

Personal data shall be any information that refers to an identified or identifiable natural person (“data subject”) such as, e.g. your name, your address, your phone number, your date of birth, your bank details and your IP address.

Basically, we only collect and use personal data of our users when this is necessary to provide a functioning website and our contents and services. As a general rule, the collection and use of personal data of our users is only carried out after obtaining the user's consent. An exception applies in cases where obtaining prior consent is not possible for practical reasons, and when the processing of data is permitted by statutory regulations.

 

  1. Usage data


The following data is recorded when using our websites, whereby storage ensues solely for internal system-related and statistical purposes; so-called usage data:
 

  • Information on the type of browser and the version used
  • The user's operating system
  • Name of the requested domain
  • The user's IP address
  • Date and time of access
  • Search machines used
  • Names of the downloaded files



The data is also stored in the log files of our system. There is no storage of this data together with other personal data of the user.

Legal basis for the temporary storage of data and log files is Art. 6 Par. 1 lit. f GDPR (General Data Protection Regulation).

The temporary storage of the IP address is required by the system, in order to enable the delivery of the website to the user’s computer. For this purpose, the user’s IP address must be stored for the duration of the session.

The storage in log files is performed to ensure the functioning of the website. In addition, the data is used to optimise the website and ensure our IT systems' security. There is no analysis of data for marketing purposes in this context.

Our legitimate interest in data processing as according to Art. 6 Par. 1 lit. f GDPR also lies in these purposes.

The data is deleted the moment it is no longer necessary to achieve the purpose for which it was collected. In the case of recording data to make the website available, this is the case when the respective session is terminated.

In the case of storing the data in log files, this is the case at the latest after 90 days. Storage beyond this time is possible. In this case, the users' IP addresses are deleted or modified so that they can no longer be allocated to the accessing clients.

The recording of data to make the website available and the storage of data in log files is absolutely necessary for the operation of the website. Consequently, the user has no option of contesting this.

 

  1. Registration


We offer users the option of registering on our website, giving personal data. For this, the data is entered in an entry mask and transmitted to us and stored. The following data is processed in the course of the registration process:
 

  • First name and surname
  • E-mail address
  • Telephone number (optional)
  • Company and its location (optional)
  • Department and own position (optional)
  • Value-Added Tax – ID (optional)


At the time of registration the following data is also stored:
 

  • IP address of the user
  • Place and time of registration


When registration serves the fulfilment of a contract, of which the user is a contractual party, or the execution of pre-contractual measures, an additional legal basis for processing the data is provided pursuant to Art. 6 Par. 1 lit. b GDPR.

The data is deleted the moment it is no longer necessary to achieve the purpose for which it was collected.

This is the case for the fulfilment of a contract or the execution of pre-contractual measures during the registration process, if the data is no longer necessary for the execution of the contract. Even after concluding the contract, the necessity to store personal data of the contractual partner may exist, in order to comply with contractual and statutory obligations.

Continuing obligations require the storage of the personal data during the contractual term. Moreover, warranty periods must be complied with as well as the storage of data for tax purposes. Which storage deadlines are to be adhered to hereby cannot be stipulated globally but must be determined for the respectively concluded contracts and contractual parties in each individual case.

As a user, you have the possibility to void the registration at all times. You can have the data stored in relation to you changed at all times. If you would like to delete your account, please send us a request to registration@loxeo.com

When the data is required to fulfil a contract or to execute pre-contractual measures, a premature erasure of the data is only possible, if it is not contrary to contractual or statutory obligations.

 

  1. Contact form


We provide a contact form for you on our website, with which you can conveniently get in touch with us electronically and send us your request. We merely collect your name and your e-mail address via the contact form. Providing information corporate affiliation is voluntary. At the time the message is sent, the following data are also stored:
 

  • IP address of the user
  • Date and time at which the contact form was sent


Before the data is processed, you will be informed about the intended use of your data and referred to this data protection declaration.

We only use your data to process your enquiry and can contact you for this purpose using the contact data given. Use of this data for advertising purposes or forwarding to third parties does not take place.

Legal basis for the processing of the data transmitted via the contact form is Art. 6 Par. 1 lit. f GDPR. If making contact also aims at concluding a contract, additional legal basis for processing is Art. 6 Par. 1 lit. b GDPR.

The processing of personal data from the entry mask is only used for processing the communication with you. In the case of contact made by e-mail, the required legitimate interest is also in the processing of the data.
The other personal data processed during the dispatch process are only used to avoid abuse of the contact form and to ensure the security of our IT systems.

The data is deleted as soon as it is no longer necessary to achieve the purpose for which it was collected. This is the case for the personal data from the entry screen of the contact form if the respective conversation with the user is terminated. The conversation is terminated when it can be inferred from the circumstances that the situation concerned has been conclusively clarified.

The personal data additionally collected during the dispatch process is deleted after a period of 90 days at the latest.

 

Right to objection:
You have the possibility to object to your consent regarding the processing of personal data at any time. Please use the contact options listed above for this purpose. If you contact us by e-mail and object to the storage of your personal data, the conversation cannot be continued.


All personal data that was stored in the course of making contact will be deleted in this case.

 

3. How is my data used and possibly forwarded to third parties, and for which purpose is this carried out?

We use the personal data you make available to us to answer your enquiries, to deal with your order in our online shop as well as for the technical administration of our websites.

Insofar as this is necessary pursuant to Art. 6 Par. 1 S. 1 lit. b GDPR to fulfil the contract concluded with you, your personal data will be passed on to third parties. These include in particular group companies of the Dürr Group or partners we use to process contracts, such as mail order companies or payment service providers. The data passed on may only be used by these third parties for the purposes stated.

To safeguard legitimate interests pursuant to Art. 6 Par. 1 S. 1 lit. f GDPR, your personal data may be passed on to third parties, which we use to safeguard legitimate interests (including marketing service providers and authorized dealers). To the extent necessary for the performance of our services, your personal data will be passed on to partners (including advertising service providers, shipping companies), for the purposes as set out in Art. 6 Par. 1S.  1 lit. a GDPR, for which permission is provided.

 

4. What security measures have we taken to protect your data?

We have taken a variety of security measures to protect personal information appropriately and adequately.

Our databases are protected by physical and technical measures, as well as by means of procedural measures that restrict access to the information to specially authorised persons in compliance with this data privacy statement. Our information system is located behind a software firewall to prevent access from other networks that are connected to the internet. Only employees who require the information to complete a special task can obtain access to personal information. Our members of staff are trained regarding security and data privacy practices.

We use the standardised SSL encryption technology when collecting and transmitting data via our internet pages. Personal details are transmitted via SSL encryption during the ordering procedure, identifiable in the browser by the lock icon and in address line by the addition “https://”.

You should never disclose your password to any third party and you should change it regularly. You also should not use the same password to access our websites that you also use on other websites for password-protected access (e-mail account, online banking etc.). When you leave our websites, you should actively log out and close your browser to avoid unauthorised users gaining access to your user account.

When communicating by e-mail, we cannot guarantee full data security.

 

5. You will receive advertising from us by e-mail (e.g. e-mail newsletter). What does this mean for you?

For the despatch of e-mails to our customers, we use an e-mail service provider. The below stated data will be processed by the service provider on our mandate and for this purpose will be stored on server of the service provider in Germany. The service provider solely uses your data for despatching the e-mails and analysing the e-mails.

For despatching the e-mails the following data from the particular entry mask will be used:
 

  • First name and surname
  • E-mail address


In addition, the following data is collected during registration:
 

  • IP address of the calling computer
  • Date and time of registration


We obtain your consent for the processing of data during the login process and refer to this data privacy statement. The data is used solely for the despatch of the e-mails.

The legal basis for processing the data by our service provider after registration for the newsletter, with the existence of the user’s consent, is Art. 6 Par. 1 lit. a, Art. 7 GDPR.

The collection of the user’s email address is used to send the newsletter.

The collection of other personal data within the scope of the registration process serves to prevent a misuse of the services or the used e-mail address.

The data will be deleted as soon as they are no longer necessary for the purpose for which they were collected. Thus, the user’s e-mail address is stored for as long as the subscription of the promotional e-mails is active.
 

Revocability of granted consents:
The user concerned can cancel the subscription of the promotional e-mails at any time. For this purpose, every advertising e-mail contains a link to unsubscribe. Alternatively, the subscription can be unsubscribed by an e-mail to info(at)loxeo.com. The revocation of the consent does not affect the lawfulness of the processing carried out on the basis of the consent up to the revocation.

Revocation of the consent to store personal data collected during the registration process is also made possible here.  



6. A cookie is stored on your computer when you use our websites. What does this mean?

We use so-called cookies on our websites. Cookies are small amounts of data in the form of text information that the web server sends to your browser. These are only stored on your hard disk. Cookies can only be read by the server that previously stored them. Cookies do not store any personal information, such as your name. The data stored in the cookies is not linked to your personal details (name, address, etc.).
 

  1. Transient and persistent cookies


So-called transient cookies, persistent cookies, are used on our web pages.

Transient cookies are deleted automatically when you close the browser. These in particular include the session cookies. These store a so-called session-ID, with which various enquiries of your browser can be allocated to the joint session. This way, your computer can be recognised when you return to our website. The session cookies are deleted when you log-out or close the browser.
We use transient cookies to make our website more user-friendly. Some elements of our website make it necessary to be able to identify the accessing browser even after a page change. The following data is therefore stored and transmitted in the cookies:
 

  • Log-In information
  • Items in a shopping basket
  • Session ID of the user


We additionally use persistent cookies on our website, which enable an analysis of the surfing behaviour of the users. Persistent cookies are automatically deleted after a specified period, which may vary, depending on the cookie. This way e.g. the following data can be transmitted:

1. IP address
2. Entered search keywords
3. Use of website functions

The data collected via persistent cookies are pseudonymised by technical precautions, therefore it is no longer possible to assign the data to the calling user. The data is not stored together with any other personal data relating to the user.

It is up to you to decide whether you allow cookies. On the one hand, you have the option of accepting all cookies, of being informed when cookies are set or refusing all cookies by changing your browser settings (usually to be found under “Option” or “Settings” in the browser’s menu). On the other hand, cookies that have already been saved can be deleted at any time. This can even be done automatically. If cookies are deactivated for our website, it is possible that all the functions of the website may not be used to their full extent.

The legal basis for the processing of personal data using the transient cookies technically needed for this is Art. 6 Par. 1 S. 1 lit. f GDPR.

The objective of using transient cookies is to simplify the use of websites for the user. Some functions of our website cannot be offered without the use of cookies. It is necessary for these that the browser is also identified after a page change.

The user data collected by transient cookies is not used for creating user profiles.

The use of the persistent cookies, in particular of analysis cookies, is carried out for the purpose of improving the quality of our website and its contents. Through the analysis cookies we discover how the website is used and can thus constantly optimise our offer. Our legitimate interest in data processing according to Art. 6 Par 1 S.1 lit. f GDPR also lies in these purposes.

 

7. On our web pages we use services for analysis purposes. What does this mean for you?

We use analysis and marketing software on our websites. For the statistical and analytical evaluation of certain data we use the following analysis tool:

- Google Analytics

The data collected by the service is recorded in pseudonymised form and used exclusively for statistical purposes. The legal basis for the use of the services described below is basically § 15 (3) TMG (Telemedia Act), Art. 6 (1) sentence 1 lit. f GDPR. The data collected by the analysis software is not aggregated and linked to create usage profiles.
We have a legitimate interest in the collection and evaluation of statistical data, as this is necessary to keep the services and offers provided on our website available to our customers and so as to constantly improve them. How you can object to the evaluation of your data can be found in the paragraphs of this data protection declaration on the respective services.

Google Analytics
We use Google Analytics on our websites, which is a web analysis service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). Google Analytics uses "cookies", which are text files placed on your computer, to help the website analyse how users use the site, as described in the section on cookies above. Generally speaking, the information generated by the cookie regarding your use of this website is transmitted to a server of Google in the USA and stored there. However, in the event of the activation of the IP anonymisation on this website, your IP address is first abbreviated by Google within member states of the European Union or in other contracting states of the Treaty on the European Economic Area. The full IP address will only be transmitted to a server of Google in the USA and abbreviated there in exceptional cases. By order of the operator of this website, Google will use this information in order to evaluate your use of the website in order to compile reports concerning the website activities and to provide further services associated with the website use and the internet use towards the website operator. The IP address transmitted by your browser within the scope of Google Analytics will not be aggregated with other data of Google. You can prevent the storage of the cookies by a corresponding setting of your browser software; however, we would like to point out that, if applicable, you will not be able to use all functions of this website in full in this case. In addition to this, you can prevent the use of the data generated by the cookie and referring to your use of the website (incl. your IP address) as well as the processing of this data by Google by downloading and installing the browser plug-in available under the following link (http://tools.google.com/dlpage/gaoptout?hl=en).

You can find more detailed information relating to the functioning of Google Analytics and the conditions of use and data protection provisions that are relevant for this service at http://www.google.com/analytics/terms/us.html or at http://www.google.de/intl/en/policies/privacy/. What is more, we would also like to point out to you that Google Analytics is used on our websites with the extension anonymizeIP and therefore IP addresses are only processed further in an abbreviated form in order to exclude a personal reference.

If you have consented to this, we use so-called "Cross Device Tracking" for the evaluation of your usage behaviour on our websites. This means that we can recognise you as a registered user of our websites even across different devices. For this purpose, you will be assigned an ID when you register on our site. This ID is recognised by Google Analytics when you log on to our websites from different devices (e.g. mobile phone, tablet).
 The data collected about you is summarised by Google under the corresponding ID, stored there exclusively pseudonymised on the basis of the assigned ID and made accessible to us. We use these pseudonymised user profiles to tailor your shopping experience on our websites even more personally and individually to you.

 

Right to objection
You can prevent Google from collecting data relating to your use of the website (including your IP address) and from processing this data by Google by downloading and installing the browser plug-in available at the following link https://tools.google.com/dlpage/gaoptout?en=de.



8. Rights of data subjects

If personal data relating to you is processed, you are a data subject as defined in the GDPR and you are entitled to the following rights towards the controller:

Information, rectification, restriction of processing and erasure

You have the right at any time to obtain information free of charge about any personal data we have stored about you, about the origin and recipient, as well as the purpose of data processing via our websites. In addition, you have the right to rectification, erasure and restriction of the processing of your personal data, where the statutory provisions exist.

Right to data portability

You have the right to receive the personal data relating to you that you have made available to us as the responsible office in a structured, commonly used and machine-readable format. We can satisfy this right by providing a csv-export of the customer data processed relating to you.

Right to information

When you have asserted your right to rectification, deletion or restriction of processing to the responsible office, this officer is obliged to inform all recipients, to whom the personal data relating to you was disclosed, about this rectification or deletion of the data or the restriction of processing, unless this proves to be impossible or involves an unreasonable expense or effort.

You have the right vis-à-vis the responsible office to be informed about these recipients.

Right to object

For reasons arising from your particular situation, you have the right to object at any time to the processing of personal data relating to you that is carried out pursuant to Art. 6 Par. 1 lit. e or lit. f GDPR: this shall also apply to any profiling that is supported by these provisions.

The controller no longer processes the personal data relating to you, unless he can prove compelling legitimate reasons for the processing that override your own interests, rights and liberties, or when the processing serves the assertion, exercise or defence of legal claims.

If the personal data relating to you is processed in order to operate direct advertising, you have the right to object to the processing of the personal data relating to you for the purpose of such advertising at any time. This also includes profiling, when this is associated with such direct advertising.

If you object to the processing for direct advertising purposes, the personal data relating to you will no longer be processed for these purposes.

You have the possibility, in connection with the use of services of the information society – irrespective of the Directive 2002/58/EC – to exercise your right to object by means of automatic processes with which technical specifications are used.

Revocability of data privacy consent declarations

In addition, you may revoke the consents that you have given us with effect to the future at any time, using the contact details stated above.

Right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular, in the member state of your place of residence, your place of work or the place of alleged infringement, if you consider that the processing of the personal data relating to you infringes the EU general data privacy regulation.

The supervisory authority, with which the complaint has been lodged, informs the complainant of the progress and the outcome of the complaint, including the possibility of a judicial remedy pursuant to Art. 78 GDPR.

 

9. Changes to this data privacy statement

We reserve the right to change this data privacy statement when the occasion arises and without prior notice. Please therefore consult this page regularly to find out about possible changes to this data privacy statement.