Privacy policy

We are pleased that our customers visit us in our local shop, on the Internet and when using our online services. With this in mind, our privacy policy applies to all points at which we come into contact with our customers.

Lindemann Optik takes the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this privacy policy.

In the following we inform you about

I.        Name and address of the controller

II.       General information on data processing

III.      Processing procedures

IV.    Data processing on our website and online services

V.      Use of cookies

VI.     Online ordering

VII:    Contact form, e-mail contact, forms

VIII:   Data processing via social media

IX.     Use of the WhatsApp messenger service

X.      Online appointment scheduling

XI.     Data security measures

XII.    Your rights as a data subject

 

We would like to point out that data transmission over the Internet (e.g. when communicating by e-mail) can have security gaps.

Complete protection of data against access by third parties is not possible.

I.) NAME AND ADDRESS OF THE CONTROLLER

The controller within the meaning of the General Data Protection Regulation and other national data protection laws of the member states as well as other data protection regulations is

Lindemann Optik
Jörg Lindemann
Kortumstraße 109
44787 Bochum

Phone: 0234/681026
info@lindemann-optik.de


II General information on data processing

1 Scope of the processing of personal data

As a matter of principle, we collect and use our customers' personal data only insofar as this is necessary within the scope of our activities as a specialist optician and online retailer for optical aids. The collection and use of our customers' personal data takes place exclusively on the basis of legal authorisation, contracts or with the customer's consent.

2 Legal basis for the processing of personal data

Insofar as we obtain the consent of the data subject for the processing of personal data, Art. 6 para. 1 lit. a EU General Data Protection Regulation (GDPR) serves as the legal basis. When processing personal data that is necessary for the fulfilment of a contract to which the data subject is a party, Art. 6 para. 1 lit. b GDPR serves as the legal basis. This also applies to processing operations that are necessary for the performance of pre-contractual measures.
Insofar as the processing of personal data is necessary to fulfil a legal obligation to which our company is subject, Art. 6 para. 1 lit. c GDPR serves as the legal basis. In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 para. 1 lit. d GDPR serves as the legal basis. If the processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the first-mentioned interest, Art. 6 para. 1 lit. f GDPR serves as the legal basis for the processing

3 Data erasure and storage duration

The personal data of the data subject will be erased or blocked as soon as the purpose of storage no longer applies. Data may also be stored if this has been provided for by the European or national legislator in EU regulations, laws or other provisions to which the controller is subject. The data will also be blocked or erased if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or fulfilment of a contract.

4. recipient of the data

We use contracted service providers for individual processing operations. This includes, for example, hosting, maintenance and support of IT systems, marketing measures or file and data carrier destruction. These service providers only process the data in accordance with explicit instructions and are contractually obliged to guarantee suitable technical and organisational measures for data protection. In addition, we may transfer personal data of our customers to organisations such as postal and delivery services, house banks, tax consultants/auditors or the tax authorities.

5. processing when exercising your rights pursuant to Art. 15 to 22 GDPR

If you exercise your rights in accordance with Art. 15 to 22 GDPR, we will process the personal data transmitted for the purpose of implementing these rights by us and to be able to provide proof of this. For the purpose of providing information and its preparation, we will only process stored data for this purpose and for data protection control purposes and otherwise restrict processing in accordance with Art. 18 GDPR.

This processing is based on the legal basis of Art. 6 para. 1 lit. c) GDPR in conjunction with Art. 15 to 22 GDPR. Art. 15 to 22 GDPR and § 34 para. 2 BDSG.

We will inform you in detail about your rights at the end of this privacy policy.

 


III. PROCESSING PROCEDURES

1. contractual relationship

The processing of the personal master data, contract data and payment data provided to us is regularly required to establish or fulfil the contractual relationship with our customers. The legal basis for this processing is Art. 6 para. 1 lit. b) GDPR. We also process customer and prospective customer data for evaluation and marketing purposes. This processing is carried out on the legal basis of Art. 6 para. 1 lit. f) GDPR and serves our interest in further developing our offer and informing you specifically about offers from Lindemann Optik. Further data processing may take place if you have given your consent (Art. 6 para. 1 lit. a) GDPR) or if this serves to fulfil a legal obligation (Art. 6 para. 1 lit. c) GDPR).

2. applications

If you apply to us, we will process your application data exclusively for purposes related to your interest in current or future employment with us and the processing of your application. Your application will only be processed and acknowledged by the relevant contact persons at our company. All employees entrusted with data processing are obliged to maintain the confidentiality of your data. If we are unable to offer you employment, we will retain the data you have submitted for up to six months after any rejection for the purpose of answering questions in connection with your application and rejection. This does not apply if statutory provisions prevent deletion, if further storage is necessary for the purpose of providing evidence or if you have expressly consented to longer storage. The legal basis for data processing is § 26 para. 1 sentence 1 BDSG. If we store your applicant data for longer than six months and you have expressly consented to this, we would like to point out that this consent can be freely revoked at any time in accordance with Art. 7 para. 3 GDPR. Such a revocation does not affect the legality of the processing that was carried out on the basis of the consent until the revocation.

3. data transmission or access by third parties

As part of our activities, we also rely on external help such as IT service providers for the provision and maintenance of our hardware and software or other service personnel. As part of this involvement, our external service providers may also become aware of personal data, which is why we oblige our external service providers to maintain confidentiality and data secrecy and limit their access to personal data to a minimum. Supervisory authorities also regularly inspect optical businesses and have access to personal data.

We would like to draw particular attention to our obligation to carry out the billing resulting from the contractual relationship with our customers. This may involve the transfer of a large amount of personal data. In order to guarantee the activity, for example, an invoice for spectacles must be sent to the relevant health insurance company. We are supported by opta data Finance GmbH as a service provider. The object of the contract is the central acceptance and forwarding of data to the providers' online platforms with the aim of realising the processing of electronic cost estimates (eKV) between Optik Lindemann and the cost bearers or health insurance companies. In this context, we have concluded a corresponding order processing contract with opta data.

4. existence of automated decision-making

We do not use automated decision-making or profiling.


IV. DATA PROCESSING ON OUR WEBSITE AND ONLINE SERVICES

1. description and scope of data processing

Each time our website is accessed, our system automatically collects data and information from the computer system of the accessing computer.
The following data is collected:

(1)    Information about the browser type and version used
(2)   The operating system of the user
(3)   The user's internet service provider
(4)   The IP address of the user (shortened)
(5)   Date and time of access
(6)    Websites from which the user's system accesses our website
(7)    Success or error during loading

The data is also stored in the log files of our system. This data is not stored together with other personal data of the user.

2. legal basis for data processing

The legal basis for the temporary storage of data and log files is Article 6(1)(f) GDPR.

3. purpose of data processing

The temporary storage of the IP address by the system is necessary to enable the website to be delivered to the user's computer. It also serves security purposes. For this purpose, the user's IP address must remain stored for the duration of the session.
The data is stored in log files to ensure the functionality of the website. We also use the data to optimise the website and to ensure the security of our information technology systems. The data is not analysed for marketing purposes in this context.
These purposes also constitute our legitimate interest in data processing in accordance with Art. 6 para. 1 lit. f GDPR.

4. duration of storage

The data is deleted as soon as it is no longer required to fulfil the purpose for which it was collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended.


If the data is stored in log files, this is the case after 14 days at the latest. Back-up files are deleted after four weeks. Storage beyond this period is possible. In this case, the IP addresses of the users are deleted or anonymised so that it is no longer possible to identify the accessing client.

5. possibility of objection and removal

The collection of data for the provision of the website and the storage of data in log files is absolutely necessary for the operation of the website. Consequently, the user has no option to object.

6. integrated third-party services and content

We use services and content provided by third-party providers on our website (hereinafter collectively referred to as "content"). For such integration, it is technically necessary to process your IP address so that the content can be sent to your browser. Your IP address is therefore transmitted to the respective third-party providers. This data processing is carried out to protect our legitimate interests in the optimisation and economic operation of our website and is based on the legal basis of Art. 6 para. 1 letter f) GDPR. You can object to this data processing at any time via the settings of the browser used or certain browser extensions. One such extension is the Matrix-based firewall, the Matrix for the Firefox and Google Chrome browsers. Please note that this may result in functional restrictions on the website.

We would also like to point out that we have integrated other services into our website that you can use if you wish. These services, such as online appointment booking, also use third-party services. If you use one of the services listed on our website, we refer you to the data protection declarations of the respective service provider.

We have integrated content from the following services provided by third parties into our website:

Dienste der Google Ireland Limited (Irland/EU):

  • "Google Web Fonts" for the representation of fonts
    This site uses so-called web fonts provided by Google for the standardised display of fonts. The Google fonts are installed locally. There is no connection to Google servers.

  • Google Analytics
    Google Analytics is a web analytics service provided by Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland, hereinafter referred to as "Google".

    When selecting the settings, we have taken into account the requirements for data protection through technology design and data protection-friendly default settings from Art. 25 Para. 1, 2 GDPR. As a result, we have restricted the processing of personal data as far as possible and have adapted the configuration of Google Analytics so that only the website analysis function is used unless separate consent has been given for the advertising functions.

    The cookies set by Google Analytics for measurement purposes are first-party cookies, which means that the cookie values of the data subjects are different for each customer (i.e. there is no standardised Google Analytics cookie ID used on all websites that use Google Analytics). The information generated by the cookie about your use of this website is usually transferred to a Google server in the USA and stored there. However, if IP anonymisation is activated on this website, your IP address will first be truncated by Google within member states of the European Union or in other states party to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. Google will use this information on behalf of the operator of this website to analyse your use of the website, to compile reports on website activity and to provide the website operator with other services relating to website activity and internet usage.

    The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.

    We use Google Analytics to analyse and regularly improve the use of our website. We can use the statistics obtained to improve our offering and make it more interesting for you as a user. We also receive information about the functionality of our website (e.g. to recognise navigation problems).

    When configuring Google Analytics, care was taken to ensure that Google receives this data as a processor and is therefore not permitted to use this data for its own purposes.

    This website uses Google Analytics with the extension "_anonymiseIp()". This means that IP addresses are further processed in abbreviated form, so that they cannot be linked to a specific person.

    For further information, please refer to our cookie banner.

    Transfers to third countries are possible. Standard contractual clauses pursuant to Art. 46 GDPR have been concluded as suitable guarantees. For third countries/companies for which an adequacy decision exists, the adequacy decision also applies. Further information can be found here:

    https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu_de.

V. Use of cookies

1. description and scope of data processing

Some of the Internet pages use so-called cookies. Cookies do not damage your computer and do not contain viruses. Cookies are used to make our website more user-friendly, effective and secure. Cookies are small text files that are stored on your computer and saved by your browser. A cookie contains a characteristic string of characters that enables the browser to be uniquely identified when the website is called up again.
Most of the cookies we use are so-called "session cookies". They are automatically deleted at the end of your visit. Other cookies remain stored on your end device until you delete them. These cookies enable us to recognise your browser on your next visit. The user data collected in this way is pseudonymised by technical precautions. It is therefore no longer possible to assign the data to the accessing user. The data is not stored together with other personal user data.

A general distinction is made between two types:

Web browser cookies

A web browser cookie is a small text file that is sent from a website to your computer or mobile device, where it is stored by your web browser. Web browser cookies may store information such as your IP address or other identifier, your browser type and information about the content you view and interact with on the Digital Services. By storing such information, web browser cookies can store your preferences and settings for online services and analyse how you use online services.

 

Tracking technologies: Web beacons/gifs, pixels, page tags, script

Emails and mobile applications may contain small, transparent image files or lines of code to record how you interact with them. This information is used to help website and app publishers better analyse and improve their services.

When accessing our website, users are prompted by a banner to give their voluntary consent and are informed about the use of cookies. Reference is also made to this privacy policy. In this context, there is also a reference to "further information". This automatically takes you to this page. Here, under point 5, it is explained how the storage of cookies can be prevented in the browser settings.

The Federal Office for Information Security provides further information on this.

2. legal basis for data processing

The legal basis for the processing of personal data using technically necessary cookies is our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR.

The legal basis for the processing of personal data using cookies for analysis purposes is Art. 6 para. 1 lit. a GDPR if the user has given consent to this.

3. purpose of data processing

The purpose of using technically necessary cookies is to simplify the use of websites for users. Some functions of our website cannot be offered without the use of cookies. For these, it is necessary for the browser to be recognised even after a page change. This applies to
A) Session management
The user data collected by technically necessary cookies is not used to create user profiles. There is also no use of so-called analysis cookies.

4. duration of storage

Cookies are stored on the user's computer and transmitted by it to our website. As a user, you therefore have full control over the use of cookies. Session cookies are stored for one hour. For more details, please refer to our cookie banner.

5. possibility of objection and removal

The user / visitor to the website can deselect each individual cookie as long as it is not necessary for the functional operation of the website. Cookies that have already been saved can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to use all the functions of the website to their full extent.

However, you can also set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser.



VI. ONLINE ORDERING

1. description and scope of data processing

In addition to our shop business, we offer you the opportunity to purchase our products online. Responsible for the data processing on and via the online platform atalanda.com is within the meaning of Art. 4 No. 7 GDPR:

Atalanda GmbH
Münchener Straße 1
83395 Freilassing

E-Mail: info@atalanda.com
Tel.: +49 8654 774 17 21
Fax: +49 8654 403 99 65

In this context, we refer you to the data protection declaration of Atalanta GmbH under the following link: Privacy Policy | atalanda For you as a customer in particular, you will find further information on the scope of the processed data, the legal basis and information on the payment service providers under the "Customer" privacy policy, point 5.7 "Data processing when using the platform as an active customer".


VII. Kontaktformular, E-Mail-Kontakt, FORMULARE

1. description and scope of data processing

There is a contact form on our website that can be used to contact us electronically. If a user makes use of this option, the data entered in the input mask will be transmitted to us and stored. If the entire contact form is filled out, this is

  • Name
  • E-Mail Adress

The following data is also stored when the message is sent:

  1. The IP address of the user
  2. Date and time of registration


Your consent is obtained for the processing of the data as part of the sending process and reference is made to this privacy policy.

Alternatively, you can contact us via the e-mail address provided on the contact page in the "Imprint" section. In this case, the user's personal data stored with the e-mail and in the attachments will be saved.
The data will not be passed on to third parties in this context. The data will be used exclusively for processing the respective enquiry.

m Zusammenhang keine Weitergabe der Daten an Dritte. Die Daten werden ausschließlich für die Verarbeitung der jeweiligen Anfrage verwendet.

2 Legal basis for data processing

The legal basis for the processing of the data is Art. 6 para. 1 lit. a GDPR if the user has given consent.
The legal basis for the processing of data transmitted in the course of sending an e-mail is Art. 6 para. 1 lit. f GDPR. If the e-mail contact is aimed at the conclusion of a contract, the additional legal basis for the processing is Art. 6 para. 1 lit. b GDPR.

3. purpose of data processing

The processing of the personal data from the input mask serves us solely to process the contact. If contact is made by email, this also constitutes the necessary legitimate interest in processing the data.
The other personal data processed during the sending process is used to prevent misuse of the contact form and to ensure the security of our information technology systems.

4. duration of storage

If you send us enquiries via the contact form, your details from the enquiry form, including the contact details you provide there, will be stored by us for the purpose of processing the enquiry and in the event of follow-up questions. We will not pass on this data without your consent.

5. possibility of objection and removal

The user has the option to withdraw their consent to the processing of personal data at any time. If the user contacts us by email, they can object to the storage of their personal data at any time. In such a case, the conversation cannot be continued.
All personal data stored in the course of contacting us will be deleted in this case.


VIII. DATA PROCESSING VIA SOCIAL MEDIA

Social media or a social network is a social meeting place operated on the Internet, an online community that generally enables users to communicate with each other and interact in virtual space. A social network can serve as a platform for exchanging opinions and experiences or enable the Internet community to provide personal or company-related information. Facebook, for example, allows users of the social network to create private profiles, upload photos and network via friend requests.

In this way, we would like to offer further opportunities for information about the respective activities of Lindemann Optik and for dialogue. We are currently present on the following social media platforms:

  • Facebook
  • Instagram

When you visit or interact with a profile on a social media platform, personal data about you may be processed. The information associated with a social media profile used also regularly constitutes personal data. This also includes messages and statements made using the profile. In addition, when you visit a social media profile, certain information is often collected automatically, which may also constitute personal data.

We would like to explain this process to you in more detail here.

We use social media plug-ins on our platform to connect users via social media. If the data subject is logged in to a social media service while using the platform, the social media service generally recognises which specific subpage the data subject is visiting each time the platform is accessed and for the entire duration of their stay on it. This information is collected by the corresponding plug-in and assigned to the data subject's personal account by the respective social network. If the data subject clicks on a social network button integrated on the platform (Twitter, Facebook, Instagram, etc.), the data and information transmitted with it is assigned to the data subject's personal user account with the respective social network and stored and processed there.
A data subject who does not wish to do so can log out of their social networks before visiting the platform. However, even in this case, most plug-ins transmit data to their social network, but this data is not directly assigned to a user profile.

1. visit a social media page of Facebook and Instagram

When you visit our Facebook or Instagram page, which we use to present our company or individual products from our range, certain information about you is processed.

The sole controller for this processing of personal data is Meta Platforms Ireland Limited (Ireland/EU - "Meta"). Further information on the processing of personal data by Meta can be found at https://www.facebook.com/privacy/explanation.

Meta offers the option of objecting to certain data processing; information and opt-out options in this regard can be found at https://www.facebook.com/settings?tab=ads.

Meta provides us with statistics and insights for our Facebook and Instagram page in anonymised form, which help us gain insights into the types of actions people take on our page (so-called "page insights"). These Page Insights are created on the basis of certain information about people who have visited our site. This processing of personal data is carried out by Meta and us as joint controllers. The processing serves our legitimate interest in analysing the types of actions taken on our site and improving our site based on these findings. The legal basis for this processing is Article 6(1)(f) GDPR. We cannot assign the information obtained via Page Insights to individual Facebook profiles that interact with our Facebook page. We have entered into a joint controllership agreement with Meta, which sets out the allocation of data protection obligations between us and Meta. Details about the processing of personal data for the creation of Page Insights and the agreement concluded between us and Meta can be found at https://www.facebook.com/legal/terms/information_about_page_insights_data.

With regard to this data processing, you have the option of asserting your data subject rights (see "Your rights") against Meta. Further information on this can be found in Meta's privacy policy at https://www.facebook.com/privacy/explanation.

Please note that according to Meta's privacy policy, user data is also processed in the USA or other third countries. Meta only transfers user data to countries for which the European Commission has issued an adequacy decision in accordance with Art. 45 GDPR or on the basis of suitable guarantees in accordance with Art. 46 GDPR.

Data processing and data protection in the USA do not meet the standard of the GDPR. The services are subject to US law and may therefore be obliged to disclose data to US authorities or intelligence agencies if legal requirements are met. Risks for you arise in particular from the difficulty of enforcing the law, the lack of control over the further processing or disclosure of data and the aforementioned access by government agencies.

2. processing of data that you share with us via our social media pages

We also process information that you have made available to us via our company page on the respective social media platform. Such information may include the username used, contact details or a message to us. We only process this personal data on a regular basis if we have expressly requested you to provide us with this data in advance. This processing is carried out by us as the sole controller. We process this data on the basis of our legitimate interest in contacting enquiring persons. The legal basis for data processing is Article 6(1)(f) GDPR.

We may also process such data for evaluation and marketing purposes. This processing is carried out on the legal basis of Art. 6 (1) (f) GDPR and serves our interest in further developing our offer and informing you specifically about offers from Lindemann Optik. Further data processing may take place if you have given your consent (Art. 6 (1) (a) GDPR) or if this serves to fulfil a legal obligation (Art. 6 (1) (c) GDPR)


IX. USE OF THE WHATSAPP MESSENGER SERVICE

Service to our customers is at the centre of everything we do. In today's world, this also includes a variety of ways to contact us. We have therefore decided to offer you the option of communicating with us via WhatsApp. WhatsApp is part of the company Meta (formerly Facebook) and works together with it. By using WhatsApp, you allow extensive processing of your data, including comprehensive advertising consent in favour of the group of companies.

Services in Europe

If you contact us via WhatsApp, your data will also be processed by WhatsApp Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland as part of a contract and advertising consent with the provider.

This applies to the following countries: Andorra, Austria, Azores, Belgium, Bulgaria, Canary Islands, Channel Islands, Denmark, Germany, Estonia, Finland, France, French Guiana, Greece, Guadeloupe, Iceland, Ireland, Isle of Man, Italy, Latvia, Liechtenstein, Lithuania, Luxembourg, Madeira, Malta, Czech Republic, Hungary, Martinique, Mayotte, Monaco, Netherlands, Norway, Poland, Portugal, Republic of Cyprus, Réunion, Romania, San Marino, Saint Barthélemy, Saint-Martin, Slovakia, Slovenia, Spain, Sweden, Switzerland, United Kingdom, sovereign British bases in Cyprus (Akrotiri and Dekelia) and Vatican City.

WhatsApp's terms of use and privacy policy apply.

Services outside Europe

If you do not live in the above-mentioned countries, the services are provided by WhatsApp Inc, 1601 Willow Road, Menlo Park, California 94025, United States of America.

A legally adequate level of data protection for the transfer of data to the United States of America is guaranteed for the provider by its EU-U.S. Privacy Shield certification  . The following terms of use and  privacy policy of WhatsApp. Application.

Risk of profile formation

You contact us via a company account. This discloses your relationship with us to WhatsApp and the meta-company and thus improves your profile for targeted advertising, among other things.

To our knowledge, this element of your profile can only be unlinked by deleting the profile. However, it is possible that this link could continue to exist with a newly created profile if your contacts differ only insignificantly from the deleted profile or your movement profile does not change.

Data Protection Law

Your data will be transferred to WhatsApp Inc. without an adequacy decision and without appropriate safeguards in relation to data protection. The provider may be subject to the obligations of the California Consumer Privacy Act (CCPA). However, the EU Commission has not assessed whether the existing laws are sufficient to assume an adequate level of data protection in the United States of America and its state of California. Legal protection against the recipient can regularly only be sought under the national law of the United States of America. This notice does not replace legal advice and cannot take into account individual cases of private international law.

Consent

If you wish to contact us via the WhatsApp service of WhatsApp Inc and WhatsApp Ireland Limited in full knowledge of these risks, you can contact us directly via WhatsApp. We regard this contact as voluntary consent to the use of WhatsApp.

Your consent also includes measurements and analyses that we receive from WhatsApp through communication with you.

You can revoke your consent to us at any time for the future via WhatsApp message or a message to us without affecting the legality of the processing carried out on the basis of the consent until the revocation.


X. Online appointment booking

We use the "Online Appointment Booking (Click2Date)" service provided by IPRO GmbH (www.ipro.de) to record data for online appointments and transfer it to our internal data processing system.

IPRO GmbH provides its customers with online services that can be used to process personal data (end customer data) from the winIPRO systems. These services are provided on servers of IPRO GmbH in its business premises in Germany and are administered exclusively by employees of IPRO GmbH, who are obliged to comply with all data protection regulations and to maintain confidentiality. Access to the data itself (content) shall only take place upon special request by the Customer for the purpose of analysing or correcting errors. IPRO GmbH shall take appropriate technical and organisational measures to ensure the security of the data and sufficient availability.

This constitutes commissioned processing in accordance with Article 28 GDPR, i.e. the processing is carried out on our behalf and under our supervision as the controller within the meaning of the GDPR.

Only data that is necessary for the fulfilment of the task is collected and processed. In detail, these are title, surname, first name, email address, optional mobile number, desired branch, desired service, desired employee, appointment data and, if necessary, comments.

To synchronise the data, it must be temporarily stored by the service provider. In order to be able to access the data in the event of faults, the data is stored by the service provider for 30 days and then automatically deleted.

The connection to the website with the data entry form and the transmission of data between the service provider and our internal data processing is encrypted (HTTPS); it is not passed on to third parties. Metadata (log files) collected by the service provider are only used for internal quality assurance and troubleshooting purposes and are automatically deleted after 20 days.

In the course of making an appointment, a confirmation of receipt and an appointment confirmation with the transmitted data are sent to the contact details provided, whereby external providers (mail or SMS providers) are integrated.

Persons who are not yet registered in our customer file are automatically entered with the personal data provided when an appointment is made. If the appointment is not kept and the customer data is not completed, the incomplete, provisional entry in the customer file will be deleted by us no later than 30 days after the requested appointment.

You can find IPRO's privacy policy for internal data processing at https://www.haag-streit.com/fileadmin/Folder_for_all/GDPR/IPD_Datenschutzerklaerung.pdf.

The web form uses reCAPTCHA® to protect against so-called bots and displays the location of our shop using Google Maps®. Both components transmit the user's metadata to Google, but not, according to IPRO, the content of the web form with the data entered. You can find Google's privacy policy with a list of the data used on the Internet https://policies.google.com/privacy?hl=de“.

We, Lindemann Optik, would like to point out that reCAPTCHA® itself indicates that data is transferred to the United States of America: hCaptcha - Privacy Policy. It cannot be ruled out that the data will be passed on to third parties for advertising purposes.

Unfortunately, our service provider IPRO does not see any technical possibility to remove reCAPTCHA® from the programme. In terms of proportionality and the risk to the rights and freedoms of natural persons, we must therefore weigh up whether to change the service provider or accept reCAPTCHA®. Since the change means a considerable financial and personnel effort for a small company, you as a customer have the option of deciding whether to accept online appointment allocation or to contact us via other media such as e-mail or telephone.


XI. Data security measures

SSL encryption

This site uses SSL encryption for security reasons and to protect the transmission of confidential content, such as the enquiries you send to us as the site operator. You can recognise an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line. If SSL encryption is activated, the data you send to us cannot be read by third parties.

Data security

We use technical and organisational security measures to protect the data you provide to our company against accidental or intentional manipulation, loss, destruction or access by unauthorised persons. Our security measures are continuously improved in line with technological developments. If you have any further questions about the processing of your personal data or data protection, please contact the data protection officer named above.


XII. Your rights as a data subject

If your personal data is processed, you are a data subject within the meaning of the GDPR and you have the following rights vis-à-vis the controller:

1. right to information

You can request confirmation from the controller as to whether personal data concerning you is being processed by us.
If such processing is taking place, you can request the following information from the controller:

(1) the purposes for which the personal data are processed;

(2) the categories of personal data being processed

(3) the recipients or categories of recipients to whom the personal data concerning you have been or will be disclosed

(4) the envisaged period for which the personal data concerning you will be stored, or, if specific information on this is not possible, the criteria used to determine that period

(5) the existence of a right to rectification or erasure of personal data concerning you, a right to restriction of processing by the controller or a right to object to such processing

(6) the existence of a right to lodge a complaint with a supervisory authority

(7) all available information about the origin of the data if the personal data is not collected from the data subject

(8) the existence of automated decision-making including profiling in accordance with Art. 22 (1) and (4) GDPR and - at least in these cases - meaningful information on the logic involved and the scope and intended effects of such processing for the data subject.

You have the right to request information as to whether the personal data concerning you is transferred to a third country or to an international organisation. In this context, you may request to be informed of the appropriate safeguards pursuant to Art. 46 GDPR in connection with the transfer.

2. right to rectification

You have a right to rectification and/or completion vis-à-vis the controller if the processed personal data concerning you is incorrect or incomplete. The controller must carry out the rectification without undue delay.

3. right to restriction of processing

You may request the restriction of the processing of your personal data under the following conditions:

(1) if you contest the accuracy of the personal data concerning you for a period enabling the controller to verify the accuracy of the personal data;

(2) the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead

(3) the controller no longer needs the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defence of legal claims; or

(4) if you have objected to processing pursuant to Art. 21 (1) GDPR pending the verification whether the legitimate grounds of the controller override your grounds.

If the processing of personal data concerning you has been restricted, this data - apart from its storage - may only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.

If the restriction of processing has been restricted in accordance with the above conditions, you will be informed by the controller before the restriction is lifted.

4. right to cancellation

a) Obligation to erase

You have the right to obtain from the controller the erasure of personal data concerning you without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:

(1) The personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed.

(2) You revoke your consent on which the processing was based pursuant to Art. 6 para. 1 lit. a or Art. 9 para. 2 lit. a GDPR and there is no other legal basis for the processing.

(3) You object to the processing pursuant to Art. 21 (1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21 (2) GDPR.

(4) The personal data concerning you has been processed unlawfully.

(5) The deletion of personal data concerning you is necessary to fulfil a legal obligation under Union law or the law of the Member States to which the controller is subject.

(6) The personal data concerning you have been collected in relation to the offer of information society services referred to in Article 8(1) GDPR.

b) Information to third parties

Where the controller has made the personal data concerning you public and is obliged pursuant to Art. 17 (1) GDPR to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that you as the data subject have requested the erasure by such controllers of any links to, or copy or replication of, those personal data.

c) Exceptions

The right to erasure does not exist if the processing is necessary

(1) for exercising the right of freedom of expression and information;

(2) for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller

(3) for reasons of public interest in the area of public health pursuant to Art. 9 para. 2 lit. h and i and Art. 9 para. 3 GDPR;

(4) for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Art. 89 para. 1 GDPR, insofar as the right referred to in section a) is likely to render impossible or seriously impair the achievement of the objectives of that processing, or

(5) for the establishment, exercise or defence of legal claims.

5. right to information

If you have asserted the right to rectification, erasure or restriction of processing against the controller, the controller is obliged to notify all recipients to whom the personal data concerning you have been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves a disproportionate effort.
You have the right vis-à-vis the controller to be informed about these recipients.

6. right to data portability

You have the right to receive the personal data concerning you, which you have provided to the controller, in a structured, commonly used and machine-readable format. You also have the right to transmit this data to another controller without hindrance from the controller to which the personal data has been provided, where

(1)   the processing is based on consent pursuant to Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR or on a contract pursuant to Art. 6 para. 1 lit. b GDPR and
(2)   the processing is carried out by automated means.

In exercising this right, you also have the right to have the personal data concerning you transmitted directly from one controller to another, where technically feasible. The freedoms and rights of other persons must not be affected by this.
The right to data portability does not apply to the processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

7. right to object

You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on point (e) or (f) of Article 6(1) GDPR, including profiling based on those provisions.
The controller will no longer process the personal data concerning you unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.
If the personal data concerning you are processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing.
If you object to processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes.
You have the option, in connection with the use of information society services - notwithstanding Directive 2002/58/EC - to exercise your right to object by means of automated procedures that use technical specifications.

8. right to revoke the declaration of consent under data protection law

You have the right to withdraw your declaration of consent under data protection law at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

9. automated decision-making in individual cases, including profiling

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision

(1)   is necessary for the conclusion or fulfilment of a contract between you and the controller,
(2)   is authorised by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests; or
(3)   with your express consent.

However, these decisions may not be based on special categories of personal data pursuant to Art. 9 para. 1 GDPR, unless Art. 9 para. 2 lit. a or g GDPR applies and appropriate measures have been taken to protect the rights and freedoms as well as your legitimate interests.
With regard to the cases referred to in (1) and (3), the controller shall implement suitable measures to safeguard your rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express your point of view and to contest the decision.

10. right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR.
The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Art. 78 GDPR.

Last revision: 27/05/2024

 

Would you like a non-binding consultation appointment?

Make an appointment