We are pleased about your interest in our website lwwk.de. The protection of your personal data is very important to us. Below, we inform you in detail about how we handle your data.
1. Controller for Data Processing
The controller within the meaning of the General Data Protection Regulation (GDPR) and other national data protection laws as well as other data protection regulations is:
Mohammed Dalawi
(trading as LWWK)
Wellingdorfer Straße 8
24148 Kiel Germany
Email: service@lwwk.de
2. General Principles of Data Processing
Scope of Processing Personal Data We generally process personal data of our users only to the extent necessary to provide a functional website and our content and services. The processing of personal data of our users regularly takes place only with the user’s consent. An exception applies in cases where prior consent cannot be obtained for factual reasons and the processing of the data is permitted by law.
Legal Bases for Processing Personal Data
Insofar as we obtain the consent of the data subject for processing operations of personal data, Art. 6 (1) (a) of the EU General Data Protection Regulation (GDPR) serves as the legal basis.
When processing personal data necessary for the performance of a contract to which the data subject is a party, Art. 6 (1) (b) GDPR serves as the legal basis. This also applies to processing operations necessary for carrying out pre-contractual measures.
Insofar as processing of personal data is necessary for compliance with a legal obligation to which we are subject, Art. 6 (1) (c) GDPR serves as the legal basis.
In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 (1) (d) GDPR serves as the legal basis.
If processing is necessary for the purposes of the legitimate interests pursued by our company or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject, Art. 6 (1) (f) GDPR serves as the legal basis for processing.
For the storage of information in the end-user’s terminal equipment or access to information already stored in the terminal equipment (e.g., for cookies that are not technically essential), Section 25 (1) of the German Telecommunications Telemedia Data Protection Act (TTDSG) on the basis of consent, or Section 25 (2) TTDSG if the storage/access is strictly necessary to provide a telemedia service expressly requested by the user, serves as the legal basis.
Data Erasure and Storage Duration The personal data of the data subject will be erased or blocked as soon as the purpose of storage no longer applies. Storage may also take place if this has been provided for by the European or national legislator in EU regulations, laws, or other provisions to which the controller is subject. Data will also be blocked or erased if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or performance of a contract. Specifically, this means:
Invoice data: Is stored for 10 years in accordance with Section 257 HGB (German Commercial Code) and Section 147 AO (German Tax Code).
Contact and inquiry data: Is generally deleted 6 to 12 months after processing of your inquiry is complete, provided there are no statutory retention obligations to the contrary or the data is no longer required for contract performance.
Data from cookies: The storage duration of cookies varies and can range from the duration of the session up to 12 months or longer, depending on the purpose of the cookie and your settings. Details can be found in the “Cookies” section.
Data Security We take appropriate technical and organizational measures (TOMs) in accordance with legal requirements, taking into account the state of the art, implementation costs, and the nature, scope, context, and purposes of processing, as well as the varying likelihood and severity of the risk to the rights and freedoms of natural persons, to ensure a level of security appropriate to the risk. This includes, in particular, ensuring the confidentiality, integrity, and availability of data by controlling physical access to the data, as well as access to, input, disclosure, assurance of availability, and separation of the data. Measures include, in particular, the encrypted transmission of data between your browser and our server (SSL/TLS encryption). Our security measures are continuously improved in line with technological developments.
3. Provision of the Website and Creation of Log Files
Each time our website is accessed, our system automatically collects data and information from the computer system of the accessing computer. The following data is collected (server log files):
IP address of the requesting computer
Date and time of access
Name and URL of the retrieved file
Website from which access is made (referrer URL)
Browser used and, if applicable, the operating system of your computer and the name of your access provider
This data is temporarily stored in the log files of our system. This data is not stored together with other personal data of the user. The legal basis for the temporary storage of data and log files is Art. 6 (1) (f) GDPR (our legitimate interest in ensuring system security, stability, and correct delivery of the website). The collection of data for the provision of the website and the storage of data in log files is essential for the operation of the website. Consequently, there is no possibility for the user to object. The log files are generally deleted after 7 to 14 days, unless further storage is required for evidentiary purposes (e.g., in the event of hacker attacks).
4. Use of Cookies
Our website uses cookies. Cookies are small text files that are stored on your terminal device (laptop, tablet, smartphone, etc.) when you visit our site. Cookies do not cause any damage to your terminal device, do not contain viruses, Trojans, or other malware.
Technically Necessary Cookies: Some cookies are technically necessary for you to navigate the website and use essential functions. These cookies do not require consent pursuant to Section 25 (2) TTDSG. The legal basis for the associated data processing is Art. 6 (1) (f) GDPR (our legitimate interest in providing a functional website).
Cookies for Analysis, Marketing, and Preferences (Consent-Based): In addition, we use cookies to statistically record the use of our website and to evaluate it for the purpose of optimizing our offer for you (analysis cookies), to display personalized content to you, or for marketing purposes. These cookies are only set with your express consent pursuant to Section 25 (1) TTDSG and Art. 6 (1) (a) GDPR. You can revoke your consent at any time. You can manage cookie settings via your browser (delete, deactivate). Many browsers also offer a so-called “privacy mode” in which cookies are automatically deleted after visiting a page. Please note that the functionality of our website may be limited if you deactivate cookies. Upon your first visit to our website, you will be informed via a cookie consent tool (cookie banner) about the use of cookies requiring consent and asked for your consent. Your selection will also be stored in a cookie.
5. Contacting Us (e.g., via Email or Contact Form)
If you send us inquiries via email or a contact form, your details from the inquiry form or your email, including the contact details you provided there (e.g., name, address, telephone number, email address, IP address when using the form) and the content of your inquiry, will be stored and processed by us for the purpose of processing the inquiry and in case of follow-up questions. The processing of this data is based on Art. 6 (1) (b) GDPR, insofar as your inquiry is related to the performance of a contract or is necessary for carrying out pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of inquiries addressed to us (Art. 6 (1) (f) GDPR) or on your consent (Art. 6 (1) (a) GDPR), if this has been requested. The data you transmit will remain with us until you request us to delete it, revoke your consent to storage, or the purpose for data storage no longer applies (e.g., after your inquiry has been fully processed), provided that no mandatory legal provisions – in particular retention periods – conflict with this.
6. Data Processing for Contract Fulfillment and Invoicing
To fulfill our contractual obligations and provide our services, we process inventory data (e.g., names and addresses as well as contact details of users) and contract data (e.g., services used, names of contact persons, payment information). The legal basis is Art. 6 (1) (b) GDPR. The entries marked as mandatory in online forms are required for the conclusion of the contract. Payment data (e.g., bank details, credit card data) is processed as part of order or payment processes.
7. Hosting and Content Delivery Networks (CDN)
We use external hosting services for the operation of our website. These serve to provide infrastructure and platform services, computing capacity, storage space and database services, security services, and technical maintenance services that we use for the purpose of operating this online offer. In this context, we or our hosting provider process inventory data, contact data, content data, contract data, usage data, meta and communication data of customers, interested parties, and visitors to this online offer on the basis of our legitimate interests in an efficient and secure provision of this online offer pursuant to Art. 6 (1) (f) GDPR in conjunction with Art. 28 GDPR (conclusion of a data processing agreement). Our hosting provider is: [Name and registered office of the hosting provider – PLEASE ADD, e.g., Strato AG, ALL-INKL.COM etc.]. We have concluded a data processing agreement (DPA) with our hosting provider in accordance with Art. 28 GDPR.
8. Analysis Tools and Tracking: Google Analytics
This website uses Google Analytics, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). Google Analytics uses “cookies”, which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookie about your use of the website will generally be transmitted to and stored by Google on servers in the United States. We only use Google Analytics with IP anonymization activated. This means that Google will truncate the IP address of users within Member States of the European Union or in other contracting states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity, and providing other services relating to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data. The use of Google Analytics is based on your consent pursuant to Art. 6 (1) (a) GDPR and Section 25 (1) TTDSG. You can revoke your consent at any time. You may refuse the use of cookies by selecting the appropriate settings on your browser, however, please note that if you do this you may not be able to use the full functionality of this website. You can also prevent Google’s collection and use of data (cookies and IP address) by downloading and installing the browser plug-in available under https://tools.google.com/dlpage/gaoptout?hl=en. As an alternative to the browser add-on or within browsers on mobile devices, please click the following link to set an opt-out cookie that will prevent Google Analytics from collecting data within this website in the future (this opt-out cookie only works in this browser and only for this domain. If you delete your cookies in this browser, you must click this link again): [Disable Google Analytics – Link must be programmatically designed to set an opt-out cookie]. We have concluded a data processing agreement with Google in accordance with Art. 28 GDPR. For the transfer of data to the USA, Google may rely on Standard Contractual Clauses of the European Commission to ensure an adequate level of data protection. Further information on data protection in connection with Google Analytics can be found in the Google Analytics Help (https://support.google.com/analytics/answer/6004245?hl=de) and in Google’s privacy policy: https://policies.google.com/privacy?hl=en.
9. Disclosure of Data to Third Parties and Processors
Your personal data will generally only be disclosed to third parties if:
You have given your express consent to this (Art. 6 (1) (a) GDPR).
disclosure is necessary for the establishment, exercise or defense of legal claims and there is no reason to assume that you have an overriding legitimate interest in not disclosing your data (Art. 6 (1) (f) GDPR).
in the event that disclosure is a legal obligation (Art. 6 (1) (c) GDPR).
this is legally permissible and necessary for the processing of contractual relationships with you (Art. 6 (1) (b) GDPR).
Third parties to whom data may be disclosed include:
Payment service providers: Insofar as this is necessary for processing payments (e.g., PayPal, Stripe, banks). The data disclosed may only be used by the respective service provider for the purpose of its disclosure. Legal basis: Art. 6 (1) (b) GDPR.
Hosting providers: See section “Hosting”. Legal basis: Art. 6 (1) (f) GDPR in conjunction with Art. 28 GDPR.
Providers of email services/communication tools: For sending emails or using communication platforms, we may use external service providers. Legal basis: Art. 6 (1) (f) GDPR in conjunction with Art. 28 GDPR (for data processing) or Art. 6 (1) (a) GDPR (your consent).
If we commission third parties to process data on the basis of a so-called “data processing agreement” (DPA), this is done on the basis of Art. 28 GDPR.
10. Data Transfer Outside the EU/EEA
We generally do not transfer data to countries outside the EU or the European Economic Area (EEA), with the possible exception of the processing described under point 8 (Google Analytics). We ensure that an adequate level of data protection is guaranteed for such transfers, e.g., by concluding EU Standard Contractual Clauses or if an adequacy decision of the EU Commission exists for the third country concerned.
11. Your Rights as a Data Subject
You have the right:
pursuant to Art. 15 GDPR, to request information about your personal data processed by us. In particular, you can request information about the purposes of processing, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right to lodge a complaint, the origin of your data if it was not collected by us, and the existence of automated decision-making including profiling and, if applicable, meaningful information about their details;
pursuant to Art. 16 GDPR, to demand the immediate rectification of incorrect personal data or the completion of your personal data stored by us;
pursuant to Art. 17 GDPR, to demand the erasure of your personal data stored by us, unless processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest, or for the establishment, exercise or defense of legal claims;
pursuant to Art. 18 GDPR, to demand the restriction of processing of your personal data if the accuracy of the data is contested by you, the processing is unlawful but you oppose its erasure and we no longer need the data, but you require it for the establishment, exercise or defense of legal claims, or you have objected to processing pursuant to Art. 21 GDPR;
pursuant to Art. 20 GDPR, to receive your personal data which you have provided to us in a structured, commonly used and machine-readable format or to request its transmission to another controller (data portability);
pursuant to Art. 7 (3) GDPR, to withdraw your consent once given to us at any time. As a result, we may no longer continue the data processing based on this consent for the future;
pursuant to Art. 21 GDPR, to object to the processing of your personal data if your personal data is processed on the basis of legitimate interests pursuant to Art. 6 (1) sentence 1 (f) GDPR, provided that there are reasons for this arising from your particular situation or the objection is directed against direct marketing. In the latter case, you have a general right to object, which we will implement without specifying a particular situation.
pursuant to Art. 77 GDPR, to lodge a complaint with a supervisory authority. As a rule, you can contact the supervisory authority of your usual place of residence or work or our company headquarters. The supervisory authority responsible for us is the Unabhängiges Landeszentrum für Datenschutz Schleswig-Holstein (ULD), Postfach 71 16, 24171 Kiel, Email: mail@datenschutzzentrum.de.
If you wish to exercise your rights, an email to: service@lwwk.de is sufficient.
12. Changes to this Privacy Policy
We reserve the right to adapt this privacy policy so that it always complies with current legal requirements or to implement changes to our services in the privacy policy, e.g., when introducing new services. The new privacy policy will then apply to your next visit. It is advisable to read this privacy policy regularly.