Privacy Policy for Lipotype
last revised on July 2022; Version: 2.5.1

1. In A Nutshell

In general, our website (also the “Platform”) may be used anonymously. Providing personal data is purely voluntary and you will always be informed if and for what purpose we want to store your data. Personal data are data that enable us to identify you personally and/or to contact you, such as your name, address or e-mail address. Here you can decide whether you allow us to statistically evaluate your visit to our website so that we can improve our services:

2. In Detail

Who We Are And How You Can Reach Us

The controller of the processing of personal data on this website is Lipotype GmbH, Tatzberg 47, 01307 Dresden, Germany, e-mail privacy@lipotype.com. You may contact our data protection officer at the following address: Lipotype GmbH, Attn: Data Protection Officer, Tatzberg 47, 01307 Dresden, e-mail: privacy@lipotype.com.

What Data We Do (Not) Process, For What Purpose, For How Long And On What Legal Basis

In general: If we intend to store data about you, we will always point this out to you and they will not be used for any purpose other than those expressly stated in this privacy policy.

Anonymous Use Of Our Website

You may use our website anonymously. When you visit our website, your web browser tells our web server your IP address so that communication is possible. Your IP address may be used to identify you. However, we do not store your IP address. You remain completely anonymous to us when visiting our website.

Data Processing Upon Contact

If you call us or send us a message, for example via the contact form or by e-mail, we need your e-mail address, your postal address or a telephone number if you want us to reply to you. You may also use a pseudonym instead of your name. We will use this data exclusively to handle your request. Your data will not be passed on to third parties. We will delete your data as soon as it is no longer needed for this purpose, i.e. usually three months after the last contact with you. If you have any further questions, please contact us again within three months. The legal basis for the data processing is Art. 6 para. 1 subpara. 1 letters b and f GDPR. The legitimate interest in processing on the basis of Art. 6 para. 1 subpara. 1 letter f GDPR is to fulfil your request.

Exceptions: We are required to retain business and commercial letters and other tax- relevant documents in order to fulfil our commercial and tax law archiving obligations; we will delete them by 31 March of the seventh calendar year following their creation, and in the case of booking receipts of the eleventh calendar year following their creation. The legal basis for tax law retention is Art. 6 Para. 1 Para. 1 Letter c GDPR in connection with sections 147 AO, 257 HGB. We will keep information on safety- related incidents and accidents or customer complaints for 31 years after the end of product distribution in order to comply with our product monitoring obligation and to assert or exercise legal claims or to defend against legal claims. The legal basis for data processing is Art. 6 para. 1 para. 1 letters b and f GDPR, in view of our product monitoring obligations also Art. 6 para. 1 para. 1 letter c GDPR in conjunction with the relevant jurisdiction. The legitimate interest in processing on the basis of Art. 6 para. 1 subpara. 1 letter f GDPR is to comply with our product monitoring obligations, as well as the exercise or pursuit of legal claims or the defence against legal claims.

If your request is for a special purpose (e.g. ordering, quotation request, newsletter order, expression of interest in our products or services), only the explanations in the respective section for that special purpose apply to data processing in this context.

Data Processing For Newsletters

If you subscribe to our newsletter, we need your e-mail address, otherwise we cannot send you the newsletter. All other information is voluntary. Your data will not be passed on to third parties, and we use it only for sending our newsletter and for customer care, in order to contact you individually (as far as this is legally permitted) – if necessary after researching further data – to present you offers and clarify your need for our services. You will first receive an email with a link you must click to confirm that you want to receive the newsletter (“Double-Opt-In”). This will prevent others from subscribing to the newsletter in your name. As described in your declaration of consent, we will analyze how you use our newsletter, namely when you open the newsletter with what browser and from which location and which links you click on. This data is used to improve our services and to make suggestions and offers tailored to your needs. In addition, we store your registration for the newsletter, if applicable your consent to the usage analysis and your confirmation to be able to prove that you have registered and agreed. For the purpose of sending the newsletter and analyzing its use, we will store your data until you revoke your consent or until the newsletter is permanently discontinued; for the purpose of customer service, we will delete your data as soon as you object or by 31 March of the fifth calendar year following your last order or enquiry or expression of interest; for the purpose of proof of consent by 31 March of the fourth calendar year following the last newsletter dispatch. If you do not confirm your newsletter subscription, we will delete your data after 24 hours. Please confirm your registration (“Double-Opt- In”) within 24 hours, otherwise you have to register again.

For the processing for the purpose of sending the newsletter and, if applicable, for the usage analysis, the legal basis is Art. 6 para. 1 para. 1 letter a GDPR. For processing for the purpose of proof of consent, the legal basis is Art. 6 para. 1 subpara. 1 letter c in connection with. Art. 5 para. 2 GDPR, Art. 7 para. 1 GDPR and Art. 24 para. 1 GDPR as well as Art. 6 para. 1 para. 1 letter f GDPR. For processing for the purpose of customer care, the legal basis is Art. 6 para. 1 subpara. 1 letter f GDPR. The legitimate interests in processing on the basis of Art. 6 para. 1 para. 1 letter f GDPR are the promotion of the sale of our products and services, corresponding advertising, and the proof of your consent, i.e. the defense against legal claims.

At present, we use “Sendinblue” as our newsletter service provider: Sendinblue, 55 rue d’Amsterdam, 75008 Paris, France. You can find Sendinblue’s Privacy Policy here: https://www.sendinblue.com/legal/privacypolicy/. We have concluded an agreement on commissioned data processing with Sendinblue; an additional legal basis for the processing is Art. 6 Para. 1 UAbs. 1 lit. f GDPR, our legitimate interest is the provision of a high-quality newsletter dispatch including safe receipt. Sendinblue may use the recipients’ pseudonomized data to optimize and improve its own services, in particular with regard to technical optimization of the newsletter service, however is not permitted to use the recipients’ data to contact them or to disclose the data to third parties.

Data Processing For Webinars

If you apply for one of our webinars, we need your name, e-mail address and career level, otherwise we cannot administer your application. All other information is voluntary. We use it only for the administration of your application for the webinar and for customer care purposes. When you apply for a webinar you will first receive an email with a link you must click to confirm (“Double-Opt-In”). This will prevent others from subscribing to a webinar in your name.

As described in your declaration of consent, we will analyze how you use our services, namely when you participate in our webinar and interact with others. This data is used to improve our services and to provide help in the course of your participation in the webinar.

To the extent that a newsletter is sent to you after the participation in a webinar, please see above.

We will store your data for the purpose of conducting the webinar until it has ended. For the purpose of customer care, we will delete your data as soon as you object or by 31 March of the fifth calendar year following your last order or enquiry or expression of interest. If you do not confirm your application, we will delete your data after 24 hours. Please confirm your registration (“Double-Opt-In”) within 24 hours, otherwise you have to register again.

For the processing for the purpose of conducting the webinar and, if applicable, for the usage analysis of the technical means, the legal basis is Art. 6 para. 1 para. 1 letter a GDPR. For processing for the purpose of customer care, the legal basis is Art. 6 para. 1 subpara. 1 letter f GDPR. The legitimate interests in processing on the basis of Art. 6 para. 1 para. 1 letter f GDPR are the maintenance of customer satisfaction, corresponding advertising, and the proof of your consent, i.e. the defense against legal Claims.

At present, we use “Sendinblue” as our webinar service provider: Sendinblue, 55 rue d’Amsterdam, 75008 Paris, France. You can find Sendinblue’s Privacy Policy here: https://www.sendinblue.com/legal/privacypolicy/. We have concluded a controller to processor agreement with Sendinblue; an additional legal basis for the processing is Art. 6 Para. 1 UAbs. 1 lit. f GDPR, our legitimate interest is the provision of a high- quality webinar. Sendinblue may use the recipients’ pseudonomized data to optimize and improve its own services, in particular with regard to technical optimization of the webinar service, however is not permitted to use the recipients’ data to contact them or to disclose the data to third parties.

Data Processing For Orders, Information And Quotation Requests And Expression Of Interest

When you place an order or request information or a quotation or express your interest in our products or services, we require certain information from you depending on the type of product or service and delivery. The order or quotation form indicates what information is required and what information is voluntary; if you contact us informally and the necessary information is missing, we will get in touch with you or ask for it. Your data will not be passed on to third parties. We use your data only for handling your enquiry, processing orders and complaints, for customer service and, if permitted by law, to send you advertisements about similar goods and services from us (including customer satisfaction surveys) and to prove that we may send you such advertisements. We are also required to store your order and any related communication and payment data for tax and commercial law reasons; we will delete this data in the case of business and commercial letters and other tax- relevant documents by 31 March of the seventh calendar year after creation, and in the case of booking receipts of the eleventh calendar year after creation. For the purpose of order and complaint processing we will delete your data 27 months after delivery of your order or three months after expiry of the warranty period if the warranty period is longer than 24 months; for the purpose of customer service (including handling your inquiry), as soon as you object or by 31 March of the fifth calendar year following your last order, request for information or offer or expression of interest; for the purpose of advertising as soon as you object or we finally discontinue advertising activities; for the purpose of proving your order and the similarity of the advertised goods and services by March 31 of the fourth calendar year following the last advertising campaign.

The legal basis for data processing is Art. 6 para. 1 subpara. 1 letter b (for processing and handling your request or order) and f GDPR. For processing for the purpose of proof of your inquiry or order, the legal basis is Art. 6 para. 1 subpara. 1 letter c in connection with Art. 5 para. 2 GDPR and Art. 24 para. 1 GDPR as well as Art. 6 para. 1 subpara. 1 letter f GDPR. The legal basis for tax law retention is Art. 6 para. 1 subpara. 1 letter c GDPR in connection with sections 147 AO, 257 HGB. The legitimate interests in processing on the basis of Art. 6 para. 1 para. 1 letter f GDPR are the fulfilment of your request, the promotion of the sale of our products and services, the assertion or exercise of legal claims or the defence against legal claims.

Data Processing Upon Registration In Our Online Shop

When you create an account for our online shop, you will no longer need to enter your details for future orders, can view your order history, place new orders, accept orders and change previously entered information. In addition to your user name – which can also be your e-mail address or a pseudonym – you must also enter a password. The data that goes beyond the data already processed in the context of the order will only be used for the provision of the above convenience functions of our online shop and will be deleted when you delete your account.

The legal basis for data processing is Art. 6 para. 1 subpara. 1 letters a, b and for the processing of your contributions letter f GDPR. The legitimate interest in processing on the basis of Art. 6 para. 1 para. 1 letter f GDPR is the provision of services with user comments, in particular the publication of the comment at the request of the respective user.

Borlabs Cookie

This website uses Borlabs Cookie, which sets a technically necessary cookie (borlabs-cookie) to store your cookie consents.

Borlabs cookie does not process any personal data.

The Borlabs cookie stores your consents that you gave when you entered the website. If you wish to revoke these consents, simply delete the cookie in your browser. When you re-enter/reload the website, you will be asked again for your cookie consent.

Facebook Pixel

On our website, we use the so-called “Facebook Pixel” from Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. The purpose of the collection is the classification of visitors to our website into specific target groups in order to subsequently be able to play out targeted advertising on Facebook. For example, IP addresses, information about the web browser, the location of the website, clicked areas of the website, and possibly so-called pixel IDs are collected. This data is not visible to Lipotype itself. The data is only available to Lipotype in an evaluated form for the purpose of placing certain advertisements. So-called cookies are also set. If you have a Facebook account and are logged in when you visit our website, your visit will be assigned to your Facebook user account.

The way it works is as follows: The user’s browser establishes a direct connection with Facebook’s server when the cookie is set. Lipotype has no influence on the scope and further use of the data collected by Facebook through the use of the Facebook pixel. In any case, as shown, it is transmitted to Facebook that you have accessed a certain area of Lipotype’s website or clicked on an ad. We also inform you that Facebook can assign your visit to our website to your user account if you are registered with Facebook. But even if you are not registered with Facebook or have not logged in, your IP address will be collected and stored. Insofar as you have consented to this, we may pass on your telephone number or e-mail address to “Facebook” in order to be able to show you advertisements that correspond to your interests. This data is stored for 90 days.

You can find out how the Facebook pixel is used for advertising campaigns at https://www.facebook.com/business/learn/facebook-ads-pixel.

General information on data processing by Facebook is available at https://www.facebook.com/about/privacy.

We store your data as long as we need it for the respective purpose (display of interest-based advertising) or you have not objected to the storage of your data or revoked your consent.

You can change your settings for Facebook ads at https://www.facebook.com/help/109378269482053/?helpref=hc_fnav, provided you are logged into Facebook.

The legal basis for data processing is Art. 6 para. 1 lit. a) DSGVO. We obtain your consent when you call up our websites via the cookie banner.

Twitter Pixel

On our website, we use services of Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. (“Twitter”). These services use cookies and code to connect the website to another third-party platform such as Twitter. In addition, a so-called “Twitter pixel” can be used to track the actions of users after they have seen or clicked on a Twitter advertisement. The purpose of the collection of data is the recording of user behavior (e.g. websites visited, content retrieved, time of visit, device-related data such as applications and operating systems). The user’s IP address is stored and used for the geographic targeting of advertising. Twitter also attempts to track the user behavior across all of a user’s devices. Twitter merges and links this data to the respective user profile on twitter.com.

Data is deleted within 6 months. Data that makes it possible to identify a specific user on Twitter is deleted within 90 days. For more information please visit https://legal.twitter.com/ads-terms/international.html

You can object to data collection by Twitter by adjusting the advertising settings in your Twitter account or at https://twitter.com/personalization

The legal basis for data processing is Art. 6 para. 1 lit. a) DSGVO. We obtain your consent when you call up our websites via the cookie banner.

Linkedln Insight Tags

The Platform uses the LinkedIn Insight Tag, a web analysis service provided by LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Pl, Grand Canal Dock, Dublin 2, Ireland.

When you visit our website, you are notified of the use of The LinkedIn Insight Tag for the purposes specified herein below and asked to provide your express consent. We use the LinkedIn Insight Tag on the basis of your consent.

The LinkedIn Insight Tag is a piece of lightweight JavaScript code to enable in-depth campaign reporting and unlock valuable insights about our Platform visitors. We use the LinkedIn Insight Tag to track conversions, retarget website visitors, and unlock additional insights about LinkedIn members interacting with our ads.

The LinkedIn Insight Tag enables the collection of data regarding LinkedIn members’ visits to our Platform, including the URL, referrer, IP address, device and browser characteristics, and timestamp. The IP addresses are truncated or (when used for reaching members across devices) hashed, and members’ direct identifiers are removed within seven days in order to make the data pseudonymous. This remaining pseudonymized data is then deleted within 30 days.

LinkedIn does not share the personal data with Lipotype, it only provides reports (which do not identify you) about the Platform audience and ad performance. LinkedIn also provides retargeting for Platform visitors, enabling Lipotype to show personalized ads off our Platform by using this data, but without identifying the member. LinkedIn also uses data that does not identify you to improve ad relevance and reach members across devices.

Linkedln members can control the use of their personal data for advertising purposes through their account settings.

You can find information on which data LinkedIn collects and how they are used in the privacy statement of LinkedIn: www.linkedin.com/legal/privacy-policy.

Google Marketing Platform (previously Double Click)

Our website uses the Google Marketing Platform (formerly “Google DoubleClick”). This platform uses cookies to improve the relevance of the ads for the users and the evaluations of the success of the campaigns or to avoid repeated display of the ads to a user. For this purpose, Google records via a cookie ID which ads were specifically played in which browser and subsequently prevents them from being displayed again in the browser in question. Google can also use the cookie IDs to determine whether an ad was successful (so-called conversion). For example, it is determined whether a user who has seen a certain ad later visits the advertiser’s site and buys the advertised product there. The way it works is as follows: The user’s browser establishes a direct connection with Google’s server when the cookie is set. Lipotype has no influence on the scope and further use of the data that is collected by Google through the use of the Google marketing platform. In any case, as shown, it will be transmitted to Google that you have accessed a certain area of Lipotype’s website or clicked on an advertisement. We also inform you that Google can assign your visit to our website to your user account if you are registered with Google. However, even if you are not registered with Google or have not logged in, your IP address will be collected and stored. This data will be stored for 1 month.

You can prevent this type of tracking by (i) configuring your browser accordingly from the outset (e.g. not allowing third-party cookies), (ii) deactivating the cookies for conversion tracking (to do this, you must block cookies from the domain www.googleadservices.com in the browser settings) or (iii) at least excluding advertising from those advertisers who have joined the self-regulatory campaign “About Ads” via the link https://optout.aboutads.info advertising. We would like to point out that in this case you may not be able to use all functions of this offer to their full extent.

For more information on the Google marketing platform, please visit https://marketingplatform.google.com/about/

The legal basis for data processing is Art. 6 para. 1 lit. a) DSGVO. We seek your consent when you visit our websites via the cookie banner.

Google Tag Manager / Conversion Linker

We use Google Tag Manager to trigger two cookies via the Conversion Linker function. This platform uses cookies to improve the relevance of the ads for the users and the evaluations of the success of the campaigns or to avoid repeated playing of the ads to a user. To this end, Google uses a cookie ID to record which ads were specifically played in which browser and then prevents them from being displayed again in the browser in question. Google can also use the cookie IDs to determine whether an ad was successful (so-called conversion). For example, it is determined whether a user who has seen a particular ad later visits the advertiser’s site and buys the advertised product there. The way it works is as follows: The user’s browser establishes a direct connection with Google’s server when the cookie is set. Lipotype has no influence on the scope and further use of the data that is collected by Google through the use of the Google marketing platform. In any case, as shown, it will be transmitted to Google that you have accessed a certain area of Lipotype’s website or clicked on an advertisement. We also inform you that Google can assign your visit to our website to your user account if you are registered with Google. However, even if you are not registered with Google or have not logged in, your IP address will be collected and stored. This data is stored for 90 days.

We have explained how you can prevent this form of tracking above in the section “Google Marketing Platform”. The legal basis for the data processing is Art. 6 para. 1 lit. a) GDPR. We seek your consent when you visit our websites via the cookie banner.

Google AdSense

This website uses Google AdSense. This is a service provided by Google for the integration of advertisements. Google AdSense also uses cookies. In addition, Google AdSense uses so-called web beacons. Web beacons are, for example, small digital (image) files that are embedded in a web page and are also called tracking pixels. When a user accesses a page in which such a tracking pixel is embedded, he may not see the pixel, but his web browser automatically downloads the pixel so that the user’s computer has to send a request to the server of the host company on which the source pixel is stored. This allows Google to analyze clicks on this website, traffic on it and similar information.

The information obtained via cookies and web beacons, your IP address and the delivery of advertising formats are transmitted to a Google server located in the USA and stored there. Google may pass on this collected information to third parties if this is required by law or if Google instructs third parties to process the data. However, Google will merge your IP address with the other stored data. This data is stored for 90 days.

We have explained how you can prevent this form of tracking above in the section “Google Marketing Platform”. The legal basis for the data processing is Art. 6 para. 1 lit. a) GDPR. We seek your consent when you visit our websites via the cookie banner.

Google Analytics

The Platform uses Google Analytics, a web analysis service provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). Google Analytics uses “cookies”. The information generated by the cookie regarding your use of the Platform is normally transferred to a Google server in the USA, and is stored there. As the IP anonymize function is activated on the Platform, your IP address will, within Member States of the European Union or other contracting states of the Agreement on the European Economic Area, first be shortened by Google. Only in exceptional cases will Google transfer the full IP address to a Google server in the USA, and will shorten it there. On behalf of the operator of this Platform, Google will use this information in order to analyze your usage of our Platform, to compile reports on Platform activities, and to provide further services to Lipotype relating to the usage of the Platform and the internet. The IP address transferred by your browser within the framework of Google Analytics will not be combined by Google with other data.

You can prevent the storage of cookies by setting your browser software, however, in such case, you may possibly not be able to fully use all features on this Platform. Furthermore, you can prevent collection by Google of the data generated by the cookie and relating to your use of the Platform (including your IP address), as well as processing of these data by Google, by downloading and installing the browser plug­in provided under the following link: https://tools.google.com/dlpage/gaoptout?hl=de.

In order to opt-out from being tracked by Google Analytics within this Platform in the future (the opt-out applies only for the browser in which you set it and within this domain). An opt-out cookie will be stored on your device, which means that you’ll have to click this link again if you delete your cookies. The legal basis for data processing is Art. 6 para. 1 subpara. 1 letter a GDPR. We seek your consent when you visit our websites via the cookie banner.

Social Plugins: Twitter, Facebook, Instagram

Social plugins from the providers listed below are used on our website. You can recognize the plugins by the fact that they are marked with the corresponding logo. Information, which may also include personal data, may be sent to and used by the service provider via these plugins. We prevent the unintentional collection and transmission of data to the service provider through a so-called 2-click solution. To activate the desired social plugin, it must first be activated by clicking on the corresponding button. Only this activation of the plugin also triggers the collection of information and its transmission to the service provider. We do not collect any personal data ourselves with the help of the social plugins or about their use. We have no influence on what data an activated plugin collects and how it is used by the provider. Currently, it must be assumed that a direct connection to the services of the provider is established and at least the IP address and device-related information are collected and used. There is also the possibility that the service providers try to store cookies on the computer used. Which specific data is collected and how it is used can be found in the data protection information of the respective service provider. It is known that Facebook, for example, can identify you as a visitor to a particular page if you are logged into Facebook at the same time as visiting our site.

We have integrated the social media buttons of the following companies on our website:

Facebook: https://www.facebook.com/legal/FB_Work_Privacy,

Instagram: https://help.instagram.com/519522125107875?helpref=page_content,

Twitter: https://twitter.com/en/privacy.

The integration is carried out for the purpose of enabling you to share content via the service providers you use. The processing of the data is based on a contract that is established when you activate the social media button. As explained, we do not store any data resulting from the forwarding to the service provider.

Voluntary Provision Of Your Data

You are not obliged to provide us with personal data. If you do not provide us with certain information that we need to handle your request (for example a way to contact you if you want an answer from us), we may not be able to do so. In the context of special procedures (e.g. when you place an order or register for our newsletter) it may be necessary for you to provide us with certain information because otherwise we will not be able to process your order or send you the newsletter. However, we will always point this out to you in the specific situation.

Recipients Of The Data

Your personal data will remain in our area of responsibility. In certain cases, we may need to disclose your personal data to third parties so that you can obtain the desired service, in particular to vicarious agents such as banks and other payment service providers as well as postal and parcel service providers or forwarding companies.

If you choose to pay via PayPal, the payment itself will be processed by PayPal. We do not have access to your payment details, such as your bank account or credit card number. Please see PayPal’s privacy policy for details.

In certain areas, such as web hosting and e-mail hosting, we use specialized service providers, especially ALL-INKL.COM – Neue Medien Münnich (Germany) for webhosting, Google LLC (USA) for analytics, Sendinblue (France) for newsletter services, Telekom Deutschland GmbH for providing user rights for the customer relationship management system Salesforce. These are strictly bound to our instructions by an agreement on commissioned data processing and may not process the data for their own purposes. Processing takes place only in Germany or in the USA.

Your Rights

If we process your personal data, for example because you write us a message, register, enroll for an event or transmit data for any other reason, you have a right of access, to rectification or erasure, restriction of processing, to object to processing and to data portability under the respective statutory preconditions with regard to the personal data concerning you. In particular, you have the right to object to the processing of your data for advertising purposes at any time without incurring costs other than the transmission costs according to the basic rates of your provider (e.g. the costs of an e-mail = usually none). This applies, for example, if you have ordered something from us and do not want to receive offers for similar goods and services. If you want to exercise these rights, you can simply write to privacy@lipotype.com or click on the unsubscribe link in any email to unsubscribe. If we call you, you can of course also tell us directly in the conversation.

You also have the right to complain to a data protection supervisory authority about our processing of your personal data, for example to the supervisory authority responsible for us: Sächsischer Datenschutzbeauftragter, Bernhard-von-Lindenau- Platz 1, 01067 Dresden, Germany, e-mail: saechsdsb@slt.sachsen.de. If you have any questions or requests regarding data protection, please feel free to contact us at any time at privacy@lipotype.com.

Right To Object

In particular, you can object to the future processing of the data concerning you in accordance with Art. 21 GDPR at any time. The objection may be lodged in particular against processing for direct marketing purposes.