Privacy Policy

Scope of Application

This statement informs you about the nature, scope and purpose of collecting, processing and using your data when you communicate with us via telecommunications or exchange data with us via our telemedia services.

This Privacy Policy applies in particular to users of the website `livetolion.de`.

I. Summary

The provider stores and processes your personal data in compliance with the relevant data protection regulations, in particular the General Data Protection Regulation (GDPR), the Act on the Regulation of Data Protection and Privacy in Telecommunications and Telemedia (TTDSG), the Federal Data Protection Act (BDSG), and the Telemedia Act (TMG).

The provider adheres to the principle of data minimization. This means that data is processed only to the extent necessary for the purposes of processing, as is appropriate and necessary for providing a functional website and with regard to the offered content and services. The processing is carried out either on the basis of prior consent or when permitted by legal regulations.

When you visit the provider's website, the provider processes certain usage data to enable you to use its services.

If you enter data into the provider's contact form, the provider processes it exclusively for the purposes specified.

All processed personal data will be deleted by the provider after the storage period has expired.

You have the right to be informed about your data, as well as to rectify, delete and restrict the processing of your data, a right of objection to the processing, a right to data portability and a right to lodge a complaint with a supervisory authority. Further information can be found below.

II. Privacy Information According to Art. 13, 14 GDPR and §§ 32 ff. BDSG 2018

1. Definitions

a. Personal Data

Personal data is any information relating to an identified or identifiable natural person (hereinafter “data subject”); an identifiable natural person is one who can be identified directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

b. Master Data

Master data is the personal data of a user required to establish, define the content of, or modify a contractual relationship between the service provider and the user regarding the use of telemedia.

c. Usage Data

Nutzungsdaten sind personenbezogene Daten eines Nutzers, die erforderlich sind, um die Inanspruchnahme von Telemedien zu ermöglichen und abzurechnen. Hierzu zählen insbesondere Merkmale zur Identifikation des Nutzers, Angaben über Beginn und Ende sowie des Umfangs der jeweiligen Nutzung und Angaben über die vom Nutzer in Anspruch genommenen Telemedien.

d. Processing

Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

e. Pseudonymization

Pseudonymization is the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person;

f. Cookies

Cookies are small text files stored on your device. Cookies always have a validity period, which may be limited to the end of your session (so-called session cookies) or persist for a longer period (so-called persistent cookies). These persistent cookies remain on your device and allow the provider or their partner companies (so-called third-party cookies) to recognize your device on your next visit. You can configure your browser to notify you when cookies are set, allowing you to decide individually whether to accept them or to reject the setting of cookies for specific cases or generally. If cookies are not accepted, the functionality of the website may be limited.

g. Website

A website, also known as a web presence, is the consolidated presence of a private or commercial provider of telemedia services at a specific internet address in the worldwide network (World Wide Web). The web presence includes web pages or subpages and optionally available downloadable documents as well as other accessible audiovisual media services.

2. Description and Scope of Processing Your Data

In this section, we inform you about the purposes for which the personal data is to be processed, as well as the legal basis for the processing.

The provider publishes information about its company and its goods and services on the website.

a. Processing related to the entire website

The provider processes the data you provide to enable your use of this website.

b. Processing in the event of sending emails and telephone contact

You can contact the provider via the email address and telephone number provided on the website. The provider processes the data you provide to answer your inquiry.

Data collection (Personal data):

Title
First and Last Name
Company Name
Street (regarding contact, billing and delivery address)
Postal Code (regarding contact, billing and delivery address)
City (regarding contact, billing and delivery address)
Country
Telephone (landline and mobile number)
E-Mail

In the event of sending an email or contacting us by phone, the aforementioned personal data will be processed if you provide it to the provider.

The legal basis for data processing is Article 6(1)(a) of the GDPR if you have given the provider consent, and also the exercise of legitimate interests under Article 6(1)(f) of the GDPR. The provider's legitimate interests include, among others, the implementation of marketing activities. The provider will, however, always use this possibility in a specific and appropriate manner. If the purpose of contact is to initiate a contract, Article 6(1)(b) of the GDPR also constitutes a legal basis for data processing.

The data you provide will be deleted immediately after your request is resolved, or at the latest three months after the last contact if the request remains unresolved, unless your data is subject to a longer storage period for separate reasons (e.g., the storage of information necessary for contract fulfillment). A request is considered resolved when the circumstances indicate that the relevant matter has been fully clarified.

You have the right at any time to revoke your consent to the processing of personal data or to object to the processing of data that is not based on consent. You can exercise your revocation or objection, in particular, by email to the email address mentioned above. All personal data that the provider has stored in the course of your contact will be deleted in this case. Your right of revocation or objection generally does not apply to data that the provider needs to fulfill a contract or take pre-contractual measures. However, you may have further rights.

c. Processing of Log Data

When you access the provider's website, your internet browser automatically transmits certain data to the provider's server for technical reasons. This data is stored in so-called log files. The data stored in log files is referred to below as log data.

The following log data are collected separately from other data you may transmit to the provider and are used by the provider for the purposes listed below:

Data collection (Usage data)

Name of the accessed webpage or URL
Date and time of access
Access status / HTTP status code
Referrer URL
Browser software and software version
IP address (anonymized, truncated by the last 3 digits)
Randomly generated key number of the cookie or session.

The provider analyzes the log data for system monitoring purposes. The information collected in this way is stored exclusively on the provider's server in Germany. It is not possible for the provider to identify the natural person in this process.

The legal basis for storing and evaluating the data is the provider's legitimate interests under Article 6(1)(f) of the GDPR. The provider's legitimate interests include reach measurement, statistical analyses, conducting advertising activities, as well as evaluating error states and system monitoring to detect and counter system threats.

In the event that the data is stored in log files, the usage data will be deleted after a maximum of 7 days. Further storage is possible in accordance with data protection regulations. In this case, the IP addresses will generally be deleted or anonymized, so that it is no longer possible to assign the access to the website to your computer.

The collection of data for providing the website and the storage of data in log files is essential for the operation of the website. Consequently, there is no possibility for users to object. However, you can exercise your right to object by using automated procedures that use technical specifications, such as anonymizing your IP address through a VPN provider.

d. Processing when using forms (Contact Form)

The provider makes forms available through which you can send messages to the provider and submit further data.

Data collection (Personal data):

Contact Form

First Name*
Last Name*
Email Address*
Message*

* Required fields

The legal basis for data processing is Article 6(1)(a) GDPR if you have given the operator consent, and additionally Article 6(1)(f) GDPR in cases of data processing based on the operator's legitimate interests. The operator's legitimate interests include, among others, the implementation of marketing activities. However, the operator will always use this possibility in a specifically appropriate manner. If the purpose of contact is to initiate a contract, Article 6(1)(b) GDPR also constitutes a legal basis for data processing.

e. Use of the Google reCAPTCHA service

To prevent the sending of spam messages via the contact form, the provider uses the Google reCAPTCHA service from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland („Google Ireland“). When you use the provider's contact form and consent to data transmission to Google reCAPTCHA, your computer establishes a connection to the servers where the Google reCAPTCHA service is hosted. This enables Google to become aware that the provider's website was accessed via your IP address.

If you are not logged into a Google account, Google stores unique identifiers linked to the browser, app, or device you use. This allows Google to personalize your experience, for example, by retaining your settings across browser sessions, storing your preferred language, or adjusting settings to display more relevant search results or advertisements based on your activities. If you are logged into a Google account, Google also collects additional data stored in your Google account, which Google considers personal data.

The use of Google reCAPTCHA is in the interest of defending against harassment by spam messages. These purposes constitute legitimate interests under Article 6(1)(f) of the GDPR. The provider is authorized under the provisions of § 12(1) and (4) TTDSG to process traffic data and protocol data.

Google Terms of Service: https://www.google.de/intl/de/policies/terms/regional.html, Privacy Policy: http://www.google.de/intl/de/policies/privacy. Google provides information in its privacy policy under the section 'How Google stores the collected data' regarding retention periods: https://policies.google.com/technologies/retention?hl=de.

The provider has concluded a data processing agreement with Google.

3. Existence of Appropriate Safeguards

a. Pseudonymization

Insofar as the provider collects usage data, it always stores it under pseudonyms (in the case of cookies, for example, via a unique session key). The provider does not combine pseudonymous data with data about the bearer of the pseudonym (such as inventory data).

b. Use of Encryption Technologies

For data transfer between your computer or mobile device and the provider's server, the provider uses the SSL security system (Secure Socket Layer). This technology is designed to protect your data from being read by unauthorized third parties and offers a very high security standard. You can recognize that your data is being transmitted in encrypted form by the closed display of a key or lock symbol in the lower status bar of your browser.

4. Recipients of personal data within the EU

As a so-called subprocessor, IONOS SE, Elgendorfer Str. 57, 56410 Montabaur provides the following IT service:

Hosting of the email server

More detailed information can be found in the privacy policy of IONOS SE: https://www.ionos.de/terms-gtc/index.php?id=6

5. Recipients of personal data in third countries

The provider does not transfer personal data to recipients outside the EU.

6. Further Processing for Other Purposes

Unless otherwise stated above, your data will not be transferred to third parties and will not be further processed for purposes other than those mentioned.

7. Rights of Data Subjects

You have the right to access personal data concerning you, as well as the right to rectification or erasure, restriction of processing, the right to object to processing, the right to data portability, and the right to lodge a complaint with a supervisory authority in accordance with the description provided below. In cases covered by §§ 32 et seq. of the BDSG 2018, these claims exist only to the extent provided for by the BDSG 2018.

a. Your Right to Access

You have the right to request from the provider confirmation as to whether personal data concerning you is being processed. If this is the case, you have a right to information about this personal data and the following information: the purposes of processing; the categories of personal data being processed; the recipients or categories of recipients to whom the personal data has been or will be disclosed, in particular recipients in third countries or international organizations; if possible, the planned duration for which the personal data will be stored, or, if this is not possible, the criteria for determining this duration; the existence of a right to rectification or erasure of personal data concerning you or a right to restriction of processing by the controller or a right to object to such processing; the existence of a right to lodge a complaint with a supervisory authority; if the personal data has not been collected from the data subject, all available information about the source of the data; the existence of automated decision-making, including profiling (according to Article 22 paragraphs 1 and 4 GDPR) and – at least in these cases – meaningful information about the logic involved as well as the scope and the intended consequences of such processing for the data subject.

b. Right to Rectification

You have the right to request the immediate rectification of incorrect personal data concerning you from the provider. You have the right to request the completion of incomplete personal data - including by means of a supplementary statement - if this is compatible with the purposes of processing mentioned above or if there is a factual reason for this.

c. Right to Erasure

You have the right to request from the provider that personal data concerning you be erased immediately. We are obligated to erase personal data immediately if one of the following reasons applies:

The personal data are no longer necessary for the purposes for which they were collected or otherwise processed; the data subject withdraws their consent on which the processing was based pursuant to Article 6(1)(a) or Article 9(2)(a) GDPR, and there is no other legal basis for the processing; the data subject objects to the processing pursuant to Article 21(1) GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2) GDPR; the personal data have been unlawfully processed; the deletion of the personal data is necessary for compliance with a legal obligation under Union or Member State law to which the controller is subject; the personal data have been collected in relation to the offer of information society services referred to in Article 8(1) GDPR (consent of a child in relation to information society services).

If we have made the personal data public and are obliged to delete them, we will take reasonable measures, including technical measures, taking into account the available technology and the cost of implementation, to inform the controllers processing the personal data that a data subject has requested us to delete all links to these personal data or copies or replications of these personal data.

However, in accordance with Art. 17 Para. 3 GDPR, you do not have a right to erasure insofar as the processing is necessary for exercising the right of freedom of expression and information; for compliance with a legal obligation which requires processing under Union or Member State law to which the controller is subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller; for reasons of public interest in the area of public health in accordance with Article 9(2)(h) and (i) as well as Article 9(3) GDPR; for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) GDPR insofar as the right referred to in paragraph 1 is likely to render impossible or seriously impair the achievement of the objectives of that processing; or for the establishment, exercise or defense of legal claims.

d. Right to restriction of processing

You have the right to request restriction of processing from us if one of the following conditions is met: the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data; the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead; the controller no longer needs the personal data for the purposes of processing, but they are required by the data subject for the establishment, exercise or defense of legal claims, or the data subject has objected to processing pursuant to Article 21(1) pending verification of whether the legitimate grounds of the controller override those of the data subject.

If processing has been restricted, such personal data shall – with the exception of storage – only be processed with your consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State. If you have obtained restriction of processing, you will be informed by us before the restriction is lifted.

e. Right to data portability

You have the right to receive the personal data concerning you which you have provided to a controller, in a structured, commonly used and machine-readable format, and you have the right to transmit these data to another controller without hindrance by us or the controller to whom the personal data have been provided, provided that the processing is based on a consent pursuant to Article 6(1)(a) GDPR or on a contract pursuant to Article 6(1)(b) GDPR and the processing is carried out by automated means.

When exercising your right to data portability pursuant to paragraph 1, you have the right to obtain that the personal data is transferred directly from one controller to another controller where technically feasible. This right must not adversely affect the rights and freedoms of others.

The exercise of the right to data portability does not affect Article 17 GDPR (right to erasure / 'right to be forgotten'). This right does not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

f. Right to object to processing

You have the right to object at any time, on grounds relating to your particular situation, to the processing of your personal data if it is based on Article 6(1)(e) (the performance of a task necessary in the public interest) or (f) (the legitimate interests of the controller or a third party) of the GDPR; this also applies to profiling based on these provisions. We will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights, and freedoms, or the processing is necessary for the establishment, exercise, or defense of legal claims.

If personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such marketing; this also applies to profiling to the extent it is linked to such direct marketing. If you object to processing for direct marketing purposes, your personal data will no longer be processed for these purposes.

We must explicitly inform you of your aforementioned right to object to processing at the latest at the time of our first communication with you; this notice must be provided in an understandable form and separate from other information.

In connection with the use of information society services, you may exercise your right to object by automated means using technical specifications (e.g., by pressing "Do Not Track" functions on your phone or by changing browser settings), regardless of Directive 2002/58/EC.

You have the right to object, on grounds relating to your particular situation, to the processing of personal data concerning you for scientific or historical research purposes or for statistical purposes pursuant to Article 89(1) GDPR, unless the processing is necessary for the performance of a task carried out for reasons of public interest.

To exercise your right to object, a phone message or an email to the email address mentioned above is sufficient.

g. Right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedies, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, workplace or the place of the alleged infringement, if you believe that the processing of your personal data violates this regulation.

The supervisory authority with which the complaint was lodged will inform you as the complainant about the status and results of the complaint, including the possibility of a judicial remedy under Article 78 GDPR.

8. Revocation of Consents

--- End of Privacy Policy ---