Privacy Policy

I. Privacy policy for our website

Thank you for visiting our website. In the following, we would like to inform you about the processing of your data according to Art. 13 of the General Data Protection Regulation (GDPR).

1.  Controller

The data controller in ther sense of Art. 4 (7) GDPR ist he company named in the imprint.

2.  Website and server log files

When you visit our web pages, so-called usage data is temporarily evaluated on our web server for statistical purposes as a log in order to improve the quality of our web pages. This data record consists of

    • the name and address of the requested content,
    • the date and time of the query,
    • the amount of data transferred,
    • the access status (content transferred, content not found),
    • the description of the web browser and operating system used,
    • Referrer URL,
    • the IP address of the requesting computer, which is shortened so that a personal reference can no longer be established.

The aforementioned log data is only evaluated anonymously.

3.  Data security

In order to protect your data from unwanted access as comprehensively as possible, we take technical and organizational measures. We use an encryption process on our websites. Your data is transferred from your computer to our server and vice versa via the Internet using TLS encryption. You can usually recognize this by the fact that the lock symbol is closed in the status bar of your browser and the address line begins with https://.

4.  Cookies

Cookies are small text files that are stored on your terminal device and can be read. Cookies can contain data that make it possible to recognize the device used. In some cases, however, cookies only contain information about certain settings that are not personally identifiable. We use session cookies on our websites. Session cookies are deleted as soon as you close your browser.

The processing is based on Art. 6 para. 1 lit. f GDPR and in the interest of optimizing or enabling user guidance and adapting the presentation of our website.

The following technically necessary cookies are used by us:

Cookie name Purpose Storage duration
wp-wpml current language Storage of the language selected by the user 2 days
wordpress_test_cookie Check if cookies are enabled Session
wordpress_logged_in_[ID] Storage of the session ID of a user Session
wordpress_sec_[ID] Also saves a session ID Session
wp-wpml_current_admin_language_[ID] Saving the language selected in the backend 2 days
wp-settings-[ID] Storage of certain backend settings, e.g. whether media are displayed as a list or as a grid 1 day
wp-settings-time-[ID] Saving the time when wp-settings-[ID] was set. 1 day

You can set your browser to inform you about the placement of cookies. This makes the use of cookies transparent for you. You can also delete cookies at any time via the appropriate browser setting and prevent the setting of new cookies. Please note that our websites may then not be displayed optimally and some functions may no longer be technically available.

5.  Processors in connection with the operation of the homepage

We transfer your data within the scope of order processing pursuant to Art. 28 GDPR to service providers who support us in the operation of our websites and the related processes. These are, for example, hosting service providers. Our service providers are strictly bound by instructions to us and are contractually obligated accordingly.

6.  Contact

Purpose of data processing/legal basis:

Personal information that you send us by e-mail, telephone, mail or contact form in the context of contacting us, we treat as confidential. When using the contact form, the name, address, department and the content of the message are mandatory.

We use your data exclusively for the purpose of processing your request. The legal basis for data processing is Art. 6 para. 1 lit. f GDPR. The legitimate interest on the part of Lipoid results here from the interest in answering inquiries from our customers, business partners and interested parties as uncomplicatedly, promptly and customer-oriented as possible and thus to maintain and promote customer satisfaction.

Recipients/Categories of Recipients:

As a matter of principle, we exclude the transfer of data to third parties outside Lipoid. Exceptionally, data is processed by order processors on our behalf. These are carefully selected in each case, are also audited by us and contractually obligated in accordance with Art. 28 GDPR.

Furthermore, it may be necessary for us to pass on requests to other companies within Lipoid if this is necessary for processing.

Storage period/criteria for determining the storage period:

Your data will only be processed to respond to your inquiry. We will delete your data if it is no longer required and there are no legal retention obligations to the contrary.

7.   Matomo

We carry out anonymous visitor measurement on our websites. For this purpose, the log data of the web server and the shortened IP address are evaluated. Conclusions about your person are not possible.

8.  Google Recaptcha

To protect our web forms from automated requests, we use Google Recaptcha. This is a service provided by Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA (“Google”). As part of the captcha function, you may be asked to solve tasks or click checkboxes. The user input made in this context and possibly also the mouse movements are used to estimate whether the input comes from a human or an automated program.

Since the function is provided by a third-party provider (“Google”), the display of the captcha leads to content of the third-party provider (“Google”) being reloaded. Through this, the third-party provider receives the information that you have accessed our site as well as the technically necessary usage data in this context. We have no influence on the further data processing by the third-party provider.

The embedding is based on Art. 6 para. 1 p. 1 lit. f GDPR and in the interest of protection against spam and abuse.

If you wish to object to the data processing, please do not use our web forms, but contact us at info@lipid.com.

9.  Google Maps

On our websites, we embed map services that are not stored on our servers. To ensure that calling up our web pages with embedded map services does not automatically lead to content from the third-party provider being reloaded, we only display locally stored preview images of the maps in a first step. This does not provide the third-party provider with any information.

Only after a click on the preview image, the content of the third-party provider is reloaded. This provides the third-party provider with the information that you have accessed our site as well as the technically necessary usage data in this context. We have no influence on the further data processing by the third-party provider. By clicking on the preview image, you give us your consent to reload content from the third-party provider.

The embedding is based on your consent according to Art. 6 para. 1 p. 1 lit. a GDPR or § 15 para. 3 p. 1 TMG, provided that you have previously given your consent by clicking on the preview image.

Please note that the embedding of some map services may result in your data being processed outside the EU or EEA. In some countries, there is a risk that authorities may access the data for security and surveillance purposes without informing you or allowing you to seek redress.

If we use providers in insecure third countries and you consent, the transfer to an insecure third country is based on Art. 49 (1) lit. a GDPR.

Provider Adequate level of data protection Revocation of consent
Google LLC (USA) No adequate level of data protection. The transfer takes place on the basis of Art. 49 (1) lit. a GDPR. If you have clicked on a preview image, the content of the third-party provider will be reloaded immediately. If you do not want such reloading on other pages, please do not click the thumbnails anymore

10.  Online applications

Purpose of data processing/legal basis:

You have the option of applying for the jobs we advertise, e.g. on our website. You yourself determine the scope of the data you wish to transfer to us as part of your application. Applications are transmitted by e-mail to our personnel department, where they are processed as quickly as possible. Please note that our e-mail server is SSL transport-encrypted. Nevertheless, it is possible that unauthorized persons may take note of or even falsify the data. We therefore offer you the option of sending us your application as an encrypted attachment. If you wish to do so, please contact us via the contact options given in the imprint and send us the encryption code by telephone.

We process your personal data in accordance with the applicable data protection regulations on the basis of Art. 88 GDPR in conjunction with. § 26 Bundesdatenschutzgesetz (BDSG). We process the data that you disclose to us as part of your application solely for the purpose of selecting applicants. Data processing for other purposes does not take place.

In the event that we may also consider your application for other or future job postings, please indicate this on your application. We will then process your data on the basis of your consent pursuant to Art. 6 Para. 1 lit. a GDPR.

Recipients/Categories of Recipients:

As a matter of principle, your data will not be passed on to external parties. Within the company to which you are applying, only those persons who are involved in the decision-making process will have access to your personal data. Data will only be passed on to other companies within the Lipoid Group with your consent.

Storage period/ criteria for determining the storage period:

In the event of a successful application, your personal data will be stored for the duration of your employment relationship. In addition, after its termination, your tax-relevant data will be archived for a period of up to 10 years within the framework of the statutory retention periods pursuant to §§ 257 para. 1 no. 1, para. 4 HGB, 147 AO. In the event of an unsuccessful application, your personal data will be deleted four months after the rejection. Longer storage despite rejection will only take place with your consent.

11.  Your rights as a user

When processing your personal data, the GDPR grants you certain rights:

1. right of access to your data (Art. 15 GDPR):

You have the right to request confirmation as to whether personal data concerning you is being processed; if this is the case, you have a right to information about this personal data and to the information listed in detail in Article 15 of the GDPR.

2. right to rectification and erasure (Art. 16 and 17 GDPR):

You have the right to request the correction of inaccurate personal data concerning you and, if necessary, the completion of incomplete data without delay.

You also have the right to request that personal data concerning you be deleted without delay, provided that one of the reasons listed in detail in Art. 17 GDPR applies.

3. right to restriction of processing (Art. 18 GDPR):

You have the right to request the restriction of processing if one of the conditions listed in Art. 18 of the GDPR applies, e.g. if you have objected to the processing pursuant to Art. 21 of the GDPR or for the duration of any review as to whether our legitimate interests override your interests as a data subject.

4. right to data portability (Art. 20 GDPR):

In certain cases, which are listed in detail in Art. 20 GDPR, you have the right to receive the personal data concerning you in a structured, common and machine-readable format or to request the transfer of this data to a third party.

5. right to object (Art. 21 GDPR):

If data is collected on the basis of Art. 6 para 1 lit. e or f GDPR, you have the right to object to the processing at any time on grounds relating to your particular situation. We will then no longer process the personal data unless there are demonstrably compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

6. withdrawal of consent

If the data processing is based on consent pursuant to Art. 6 para. 1 lit. a or Art. 9 para. 2 lit. a GDPR, you may revoke your consent at any time with effect for the future without affecting the lawfulness of the previous processing. 

7. right to lodge a complaint with a supervisory authority

Pursuant to Art. 77 GDPR, you have the right to lodge a complaint with a supervisory authority if you are of the opinion that the processing of data relating to you violates data protection provisions. The right of complaint can be asserted in particular before a supervisory authority in the Member State of your residence, your place of work or the place of the alleged infringement.

12.  Existence of automated decision making

Automatic decision-making or profiling does not take place.

13.  Legal or contractual requirements for the provision of personal data

Unless otherwise stated in the previous statements, the provision of personal data is not required by law or contract or necessary for the conclusion of a contract. You are not obliged to provide the personal data if no other information has been provided previously. Failure to provide your personal data may mean that a contractual relationship cannot be established, carried out or completed.

14.  Contact details of the data protection officer

Our data protection officer will be happy to provide you with information or suggestions on the subject of data protection:

datenschutz süd GmbH
Wörthstraße 15
97082 Würzburg
E-mail: office@datenschutz-sued.de
Phone: +49-931-304976-0

II. Information on data protection according to Art. 13 GDPR for business partners

1. Controller

The responsible entity is the respective company with which you initiate or conduct a business relationship.

2. Data processing for contract performance (Art. 6 para. 1 lit. b GDPR)

The purposes of data processing result from the implementation of pre-contractual measures that precede a contractually regulated business relationship and in the fulfillment of the obligations arising from the concluded contract.

3. Data processing for the fulfillment of legal obligations (Art. 6 para. 1 lit. c GDPR)

The purposes of data processing result from legal requirements in individual cases. These legal obligations include, for example, the fulfillment of storage and identification obligations, e.g. within the framework of requirements for the prevention of money laundering, tax control and reporting obligations and data processing within the framework of requests from authorities.

4. Data processing for the protection of legitimate interests (Art. 6 para. 1 lit. f GDPR)

We process your data for internal purposes, for example, for measures to ensure proper business operations, contacting, auditing, etc. The legitimate interests here are, in particular, the selection of suitable business partners, assertion of legal claims, defense against liability claims, access controls, clarification of possible compliance violations, prevention of criminal acts and the settlement of damages resulting from the business relationship, as well as contact data of contact persons at business partners who do not themselves become contractual partners.

5. Storage period

Personal data will be stored for as long as is necessary to fulfill the above-mentioned purposes. In particular, as long as legal retention obligations exist, for example from the German Commercial Code (HGB) or the German Fiscal Code (AO).

6. Obligation to provide the data

In the context of our business relationship, you must provide those personal data that are necessary for the establishment, implementation and termination of a business relationship and for the fulfillment of the associated obligations, which we are required by law to collect or are entitled to collect on the basis of legitimate interests. Without this data, we will generally not be able to enter into a business relationship with you.

7. Data recipient

Within our company, those areas receive access to the data you have provided that need it to fulfill contractual or legal obligations or to fulfill legitimate interests. Within the framework of contractual relationships, we also commission processors or service providers who may have access to your personal data. Compliance with data protection requirements is contractually ensured in this regard.

The data may also be transferred to companies within the Lipoid Group for the purpose of fulfilling contractual obligations.

If we transfer personal data to recipients outside the European Economic Area (EEA), the transfer will only take place if the third country has been confirmed by the EU Commission to have an adequate level of data protection, if an adequate level of data protection has been agreed with the data recipient (for example, by means of EU standard contractual clauses), or if we have received your consent to do so.

8. Advertising

Purpose of data processing/legal basis:

If we have received your electronic mail address from you in connection with the sale of a good or service, or if you provide us with your e-mail address for the purpose of receiving direct mail, we may use your personal information for promotional purposes for our own similar goods and services. In this case, your e-mail address will be used exclusively for direct advertising for our own similar goods or services. In addition, we may also use your data for postal promotional mailings. The legal basis for sending advertising e-mails and postal advertising mailings is Art. 6 para. 1 lit. f GDPR.

Recipients/Categories of Recipients:

Your data will not be passed on to third parties outside Lipoid.

Storage period/criteria for determining the storage period

We delete your personal data as soon as they are no longer required or you object to the further use of your data and there are no legal retention obligations to the contrary.

9. Data processing in the course of trade fair events

Purpose of data processing/legal basis:

If you leave us your business cards – analog or virtual – at analog or virtual trade fairs or similar events for the purpose of establishing business contacts, the information contained on them may be used for the purpose of receiving direct advertising for our own goods or services. The legal basis for direct advertising is your consent given by leaving your business card in accordance with Art. 6 para. 1 lit. a GDPR.

Recipients/Categories of Recipients:

Your data will not be passed on to third parties outside Lipoid.

Storage period/criteria for determining the storage period

We delete your personal data as soon as they are no longer required or if you have revoked your consent.

10. Rights of the data subject

Data subjects have the right to obtain information free of charge from the controller about the personal data concerning them. In addition, there is the right to rectification of inaccurate data or to erasure, provided that one of the reasons stated in Art. 17 GDPR applies, e.g. if the data is no longer required for the purposes pursued. There is also the right to restriction of processing if one of the conditions set out in Art. 18 GDPR applies and, in the cases of Art. 20 GDPR, the right to data portability. If our processing of your personal data is based on consent, you have the right to revoke this consent at any time with effect for the future. If data is collected on the basis of Art. 6 para. 1 lit. e (data processing for the performance of official duties or for the protection of the public interest) or f GDPR (data processing for the protection of legitimate interests), the data subject has the right to object to the processing at any time for reasons arising from his or her particular situation. We will then no longer process the personal data, unless there are demonstrably compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or the processing serves to assert, exercise or defend legal claims. In these cases, please contact us in writing or by e-mail at the following address:

Lipoid GmbH
Frigenstr. 4
D – 67065 Ludwigshafen
datenbeauftragter@lipoid.com.

11. Right to lodge a complaint with a supervisory authority

Any data subject has the right to lodge a complaint with a supervisory authority if they consider that the processing of data concerning them is in breach of data protection provisions. The right to lodge a complaint may in particular be exercised before a supervisory authority in the Member State of the data subject’s residence or the place of the alleged infringement.

12. Contact details of the data protection officer

datenschutz süd GmbH
Wörthstraße 15
97082 Würzburg
E-mail: office@datenschutz-sued.de
Phone: +49-931-304976-0

III. Privacy policy for our social media pages

In the following, we would like to inform you about the handling of your data according to Art. 13 of the General Data Protection Regulation (GDPR).

Controller

We, Lipoid GmbH, operate the following social media sites:

    • LinkedIn (https://www.linkedin.com/company/lipoid/)
    • GoogleMyBusiness: there is no public URL to the Google my Buissness account (the data maintained in the dashboard is displayed in the Google on the right side as “search result”)

You can find our contact details in our imprint.

In addition to us, there is also the operator of the social media platform itself. In this respect, this operator is also another controller who carries out data processing, but we have only limited influence on this. At the points where we can exert influence and parameterize data processing, we work towards data protection-compliant handling by the operator of the social media platform within the scope of the options available to us. At many points, however, we cannot influence the data processing by the operator of the social media platform and also do not know exactly what data the operator processes. However, the operator will inform you about this in its respective privacy policy.

Data processing by us

The data you enter on our social media pages, such as comments, videos, pictures, likes, public messages, etc., will be published by the social media platform and will not be used or processed by us for any other purpose at any time. We only reserve the right to delete content if this should be necessary. If applicable, we share your content on our site if this is a function of the social media platform and communicate with you via the social media platform. The legal basis is Art. 6 para. 1 lit. f GDPR. The data processing is carried out in the interest of our public relations and communication.

If you wish to object to certain data processing over which we have control, please contact us using the contact details provided in the imprint. We will then review your objection or forward it to the social media platform if necessary.

If you send us a request on the social media platform, we may also refer you to other secure communication channels that guarantee confidentiality, depending on the required response. You always have the option of sending us confidential inquiries to our address listed in the imprint.

As already explained, where the provider of the social media platform gives us the opportunity, we take care to design our social media pages to be as privacy-compliant as possible. In particular, we therefore do not use the demographic, interest-based, behavior-based or location-based target group definitions for advertising that the operator of the social media platform may make available to us. Overall, we do not use the social media platform for advertising purposes. With regard to statistics provided to us by the provider of the social media platform, we can only influence these to a limited extent and cannot switch them off. However, we make sure that no additional optional statistics are made available to us.

Data processing by the operator of the social media platform

The operator of the social media platform uses web tracking methods. The web tracking can also take place regardless of whether you are logged in or registered with the social media platform. As already explained, we can unfortunately hardly influence the web tracking methods of the social media platform. We cannot, for example, switch this off.

Please be aware: It cannot be ruled out that the provider of the social media platform may use your profile and behavioral data, for example to evaluate your habits, personal relationships, preferences, etc. This means that we have no influence on the processing of your data by the provider of the social media platform. In this respect, we have no influence on the processing of your data by the provider of the social media platform.

For more information on data processing by the provider of the social media platform and further objection options, please refer to the provider’s privacy policy:

Your rights as a user

When processing your personal data, the GDPR grants you certain rights as a website user:

1.) Right of access to your data (Art. 15 GDPR):

You have the right to request confirmation as to whether personal data concerning you is being processed; if this is the case, you have a right to information about this personal data and to the information listed in detail in Article 15 of the GDPR.

2.) Right to rectification and erasure (Art. 16 and 17 GDPR):

You have the right to request without undue delay the rectification of any inaccurate personal data concerning you and, where applicable, the completion of any incomplete personal data.

You also have the right to request that personal data concerning you be deleted without delay, provided that one of the reasons listed in detail in Article 17 of the GDPR applies, e.g. if the data is no longer required for the purposes pursued.

3.) Right to restriction of processing (Art. 18 GDPR):

You have the right to request the restriction of processing if one of the conditions listed in Art. 18 GDPR is met, e.g. if you have objected to the processing, for the duration of any review.

4.) Right to data portability (Art. 20 GDPR):

In certain cases, which are detailed in Art. 20 GDPR, you have the right to receive the personal data concerning you in a structured, common and machine-readable format or to request the transfer of this data to a third party.

5.) Right to object (Art. 21 GDPR):

If data is collected on the basis of Art. 6 para. 1 lit. f GDPR (data processing for the protection of legitimate interests), you have the right to object to the processing at any time on grounds relating to your particular situation. We will then no longer process the personal data, unless there are demonstrably compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or the processing serves to assert, exercise or defend legal claims.

Right to lodge a complaint with a supervisory authority

Pursuant to Art. 77 GDPR, you have the right to lodge a complaint with a supervisory authority if you are of the opinion that the processing of data relating to you violates data protection provisions. The right of complaint can be asserted in particular before a supervisory authority in the Member State of your residence, your place of work or the place of the alleged infringement.