Logo L-One Systems L-One.de

Get started

FAQ

Blog

Privacy Policy

Preface  

We, L-One Systems GmbH (hereinafter: "the company", "we" or "us") take the protection of your personal data seriously and would like to inform you at this point about data protection in our company.  

Within the scope of our responsibility under data protection law, additional obligations have been imposed on us by the entry into force of the EU General Data Protection Regulation (Regulation (EU) 2016/679; hereinafter: "DS-GVO") in order to ensure the protection of personal data of the person affected by a processing operation (we also address you as a data subject hereinafter with "customer", "user", "you", "you" or "data subject").  

Insofar as we decide either alone or jointly with others on the purposes and means of data processing, this includes above all the obligation to inform you transparently about the nature, scope, purpose, duration and legal basis of the processing (cf. Articles 13 and 14 DS-GVO). With this statement (hereinafter: "Privacy Notice"), we inform you about the manner in which your personal data is processed by us.  

Our data protection notices have a modular structure. They consist of a general part for any processing of personal data and processing situations that come into play each time a website is called up (A. General) and a special part, the content of which relates in each case only to the processing situation specified there with the designation of the respective offer or product, in particular the visit to websites as detailed here (B. Visit to websites).  

In order to be able to find the parts relevant to you, please note the following overview of the subdivision of the data protection information:  

Part A is called General and is always relevant for you. 

Part B is called Website and social media presences and it is relevant for you if you use our German website including social media presences.

   

 A. General  

(1) Definitions  

Following the model of Art. 4 DS-GVO, this data protection notice is based on the following definitions:  

  • "Personal data" ( Art. 4 No. 1 DS-GVO) means any information relating to an identified or identifiable natural person ("data subject"). A person is identifiable if he or she can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, an online identifier, location data or by means of information relating to his or her physical, physiological, genetic, mental, economic, cultural or social identity characteristics. The identifiability can also be given by means of a linkage of such information or other additional knowledge. The origin, form or embodiment of the information does not matter (photographs, video or sound recordings may also contain personal data).  
  • "Processing" ( Art. 4 No. 2 GDPR) means any operation which involves the handling of personal data, whether or not by automated (i.e. technology-based) means. This includes, in particular, the collection (i.e. acquisition), recording, organization, arrangement, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment, combination, restriction, erasure or destruction of personal data, as well as the change of an objective or purpose on which a data processing was originally based.  
  • "Controller" ( Art. 4 No. 7 DS-GVO) means the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data.  
  • "Third Party" ( Art. 4 No. 10 DS-GVO) means any natural or legal person, public authority, agency or other body other than the Data Subject, the Controller, the Processor and the persons who, under the direct responsibility of the Controller or Processor, are authorized to process the Personal Data; this also includes other group-affiliated legal entities.  
  •  "Processor" ( Art. 4 No. 8 DS-GVO) is a natural or legal person, authority, institution or other body that processes personal data on behalf of the controller, in particular in accordance with the controller's instructions (e.g. IT service provider). In terms of data protection law, a processor is in particular not a third party.  
  •  "Consent" ( Art. 4 No. 11 DS-GVO) of the data subject means any expression of will given voluntarily for the specific case, in an informed manner and unambiguously in the form of a statement or other unambiguous confirmatory act by which the data subject indicates that he or she consents to the processing of personal data relating to him or her.  

(2) Name and address of the controller 

The controller of your personal data within the meaning of Article 4 No. 7 DS-GVO is us:  

L-One Systems GmbH  

Bratustraße 7  

64293 Darmstadt  

Phone: +49 6151 49 20 45-0  

E-mail: info@l-one.de For further information about our company, please refer to the imprint details on our website https://www.l-one.de/en-us/impressum.

(3) Contact details of the data protection officer  

Our company data protection officer is available at all times to answer any questions you may have and to act as your contact person on the subject of data protection at our company. His contact details are:  

dapex - data protection experts  

SH Consulting & Participation UG  

Heinrich-Hertz-Str. 2A  

64295 Darmstadt  

Contact person: Tim Steininger   

  

(4) Legal basis for data processing  

By law, any processing of personal data is in principle prohibited and only permitted if the data processing falls under one of the following justifications:  

   

  • Art. 6 (1) p. 1 lit. a DS-GVO ("consent"): If the data subject has voluntarily, in an informed manner and unambiguously indicated by a statement or other unambiguous confirmatory act that he or she consents to the processing of personal data relating to him or her for one or more specific purposes;  
  • Art. 6 (1) p. 1 lit. b DS-GVO: If the processing is necessary for the performance of a contract to which the data subject is a party or for the performance of pre-contractual measures taken at the data subject's request;  
  • Art. 6 (1) p. 1 lit. c DS-GVO: If the processing is necessary for compliance with a legal obligation to which the controller is subject (e.g., a legal obligation to keep records);  
  • Art. 6 para. 1 p. 1 lit. d DS-GVO: If the processing is necessary to protect vital interests of the data subject or another natural person;  
  • Art. 6 (1) p. 1 lit. e DS-GVO: If the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller; or  
  • Art. 6 (1) p. 1 lit. f DS-GVO ("Legitimate Interests"): If the processing is necessary to protect legitimate (in particular legal or economic) interests of the controller or a third party, unless the conflicting interests or rights of the data subject override (in particular if the data subject is a minor).    

Storing information in the end user's terminal equipment or accessing information already stored in the terminal equipment is only permitted if it is covered by one of the following justifications:  

  • Section 25 (1) TTDSG: If the end user has consented on the basis of clear and comprehensive information. The consent has to be given according to Art. 6 para. 1 p. 1 lit. a DS-GVO;  
  • Section 25 (2) no. 1 TTDSG: If the sole purpose is to carry out the transmission of a message via a public telecommunications network; or  
  • Section 25 (2) no. 2 TTDSG: If the storage or access is absolutely necessary for the provider of a telemedia service to provide a telemedia service expressly requested by the user.  

For the processing operations carried out by us, we indicate below the applicable legal basis in each case. A processing operation may also be based on several legal bases.  

 

(5) Data deletion and storage period  

For the processing operations carried out by us, we indicate below in each case how long the data will be stored by us and when it will be deleted or blocked. If no explicit storage period is specified below, your personal data will be deleted or blocked as soon as the purpose or legal basis for the storage no longer applies. In principle, your data will only be stored on our servers in Germany, subject to any transfer that may take place in accordance with the regulations in A.(7) and A.(8).  

However, storage may take place beyond the specified time in the event of a (threatened) legal dispute with you or other legal proceedings, or if storage is required by legal regulations to which we are subject as the responsible party (e.g. § 257 HGB, § 147 AO). If the storage period prescribed by the legal regulations expires, the personal data will be blocked or deleted unless further storage by us is necessary and there is a legal basis for this.  

  

   

(6) Data security  

  

We use appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorized access by third parties (e.g. TSL encryption for our website), taking into account the state of the art, implementation costs and the nature, scope, context and purpose of the processing, as well as the existing risks of a data breach (including its probability and impact) for the data subject. Our security measures are continuously improved in line with technological developments.  

We will be happy to provide you with more detailed information on request. Please contact our data protection officer (see under A.(3)). 

 

(7) Cooperation with Processors  

As with any larger company, we also use external domestic and foreign service providers (e.g. for IT, logistics, telecommunications, sales and marketing) to process our business transactions. These service providers only act on our instructions and are contractually obligated to comply with the provisions of data protection law in accordance with Art. 28 DS-GVO.  

If personal data from you is passed on by us to our subsidiaries or is passed on to us by our subsidiaries (e.g. for advertising purposes), this is done on the basis of existing order processing relationships.  

  

(8) Conditions for the transfer of personal data to third countries  

In the course of our business relationships, your personal data may be passed on or disclosed to third party companies. These may also be located outside the European Economic Area (EEA), i.e. in third countries. Such processing takes place exclusively for the fulfillment of contractual and business obligations and for the maintenance of your business relationship with us (legal basis is Art. 6 para. 1 lit b or lit f in each case in conjunction with Art. 44 et seq. DS-GVO). We will inform you about the respective details of the transfer in the relevant places below.  

The European Commission certifies data protection comparable to the EEA standard in some third countries by means of so-called adequacy decisions (a list of these countries and a copy of the adequacy decisions can be obtained here: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en). However, in other third countries to which personal data may be transferred, there may not be a consistently high level of data protection due to a lack of legal provisions. If this is the case, we ensure that data protection is adequately guaranteed. This is possible via binding company regulations, standard contractual clauses of the European Commission for the protection of personal data pursuant to Art. 46 para. 1 , 2 lit. c DS-GVO (the standard contractual clauses of 2021 are available at https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32021D0915&locale-en), certificates or recognized codes of conduct. Please contact our data protection officer (see under A.(3)) if you would like to receive more information on this.  

  

(9) No automated decision making (including profiling) 

We do not intend to use any personal data collected from you for any automated decision-making process (including profiling).  

 

(10) No obligation to provide personal data  

We do not make the conclusion of contracts with us dependent on you providing us with personal data in advance. For you as a customer, there is also basically no legal or contractual obligation to provide us with your personal data; however, it may be that we can only provide certain offers to a limited extent or not at all if you do not provide the data required for this. If this should exceptionally be the case in the context of the products we offer presented below, you will be informed of this separately.  

 

(11) Legal obligation to transfer certain data  

We may, under certain circumstances, be subject to a specific legal or statutory obligation to provide the lawfully processed personal data to third parties, in particular public bodies ( Art. 6 para. 1 p. 1 lit. c DS-GVO). 

 

(12) Your rights  

You may assert your rights as a data subject regarding your processed personal data at any time by contacting us using the contact details provided at the beginning of A.(2). As a data subject, you have the right  

  • to request information about your data processed by us in accordance with Art. 15 DS-GVO. In particular, you can request information about the processing purposes, the category of data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right of complaint, the origin of your data if it has not been collected by us, as well as the existence of automated decision-making, including profiling, and, if applicable, meaningful information about its details;  
  • in accordance with Art. 16 DS-GVO, to demand the correction of incorrect data or the completion of your data stored by us without delay;  
  • pursuant to Art. 17 DS-GVO, to request the deletion of your data stored by us, unless the processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the assertion, exercise or defense of legal claims;  
  • pursuant to Art. 18 DS-GVO, to request the restriction of the processing of your data, insofar as the accuracy of the data is disputed by you or the processing is unlawful;  
  • pursuant to Art. 20 DS-GVO, to receive your data that you have provided to us in a structured, common and machine-readable format or to request the transfer to another controller ("data portability");  
  • object to the processing in accordance with Art. 21 DS-GVO, provided that the processing is based on Art. 6 (1) p. 1 lit. e or lit. f DS-GVO. This is particularly the case if the processing is not necessary for the performance of a contract with you. Unless it is an objection to direct marketing, when exercising such an objection, we ask you to explain the reasons why we should not process your data as we have done. In the event of your justified objection, we will review the merits of the case and either discontinue or adjust the data processing or show you our compelling legitimate grounds on the basis of which we will continue the processing;  
  • in accordance with Article 7 (3) of the GDPR, to revoke your consent given once (also before the GDPR came into force, i.e. before 25.5.2018) - i.e. your voluntary will, made understandable in an informed manner and unambiguously by means of a declaration or other unambiguous confirming act, that you agree to the processing of the personal data in question for one or more specific purposes - at any time vis-à-vis us, if you have given such consent. This has the consequence that we may no longer continue the data processing, which was based on this consent, for the future and  
  • to complain to a data protection supervisory authority about the processing of your personal data in our company in accordance with Art. 77 DS-GVO, such as the data protection supervisory authority responsible for us: The Hessian Commissioner for Data Protection and Freedom of Information, P.O. Box 3163, 65021 Wiesbaden, e-mail: poststelle@datenschutz.hessen.de   

  

(13) Changes to data protection information  

In the context of the further development of data protection law as well as technological or organizational changes, our data protection information is regularly reviewed to determine whether it needs to be adapted or supplemented. You will be informed of any changes, in particular on our German website at www.l-one.de. This data protection notice is current as of November 2022. 

 

B. Visiting web pages  

 

(1) Explanation of function  

You can obtain information about our company and the services we offer in particular at www.l-one.de together with the associated sub-pages (hereinafter collectively referred to as "websites"). When you visit our Web pages, personal data may be processed.  

  

 (2) Processed personal data  

During the informational use of the Websites, the following categories of personal data are collected, stored and processed by us:  

  

"log data": When you visit our websites, a so-called protocol data record (so-called server log files) is stored temporarily and anonymously on our web server. This consists of:  

  • the page from which the page was requested (so-called referrer URL)  
  • the name and URL of the requested page  
  • the date and time of the request  
  • the description of the type, language and version of the web browser used  
  • the IP address of the requesting computer, which is shortened in such a way that a personal reference can no longer be established  
  • the amount of data transferred  
  • the operating system  
  • the message whether the request was successful (access status/http status code)  
  • the GMT time zone difference  

  

"contact form data": When contact forms are used, the data transmitted as a result are processed (e.g. gender, surname and first name, address, company, e-mail address and the time of transmission).  

  

In addition to the purely informational use of our website, we offer the subscription to our newsletter, with which we inform you about current topics in software development, news about L-One Systems, events and more. If you subscribe to our newsletter, the following "newsletter data" will be collected, stored and processed by us:  

  

  • the page from which the page was requested (so-called referrer URL)  
  • the form type  
  • the date and time of the request  
  • the description of the type of web browser used  
  • the IP address of the requesting computer, which is shortened in such a way that a personal reference can no longer be established  
  • the approximate location of the requesting computer  
  • the e-mail address  
  • the first and last name, if these are given in the form  
  • the gender, if this is indicated in the form  
  • the date and time of registration, of opening the confirmation e-mail and of clicking the confirmation link.  

We would like to point out that we evaluate your user behavior when sending the newsletter. For this evaluation, the emails sent contain so-called web beacons or tracking pixels, which are single-pixel image files stored on our website. For the evaluations, we link the aforementioned data and the web beacons with your e-mail address and an individual ID. Links contained in the newsletter also contain this ID. The data is collected exclusively pseudonymously, i.e. the IDs are not linked to your other personal data, and direct personal reference is excluded. 

 

(3) Purpose and legal basis of data processing  

We process the personal data described in more detail above in accordance with the provisions of the DS-GVO, the other relevant data protection regulations and only to the extent necessary. Insofar as the processing of personal data is based on Art. 6 (1) p. 1 lit. f DS-GVO, the aforementioned purposes also represent our legitimate interests.  

 

The processing of log data serves statistical purposes and to improve the quality of our website, in particular the stability and security of the connection (legal basis is Art. 6 para. 1 p. 1 lit. a or lit. f DS-GVO).  

  

Contact form data is processed for the purpose of handling customer inquiries (legal basis is Art. 6 para. 1 p. 1 lit. b or lit. f DS-GVO).  

  

Newsletter data is processed for the purpose of sending the newsletter. In the course of registering for our newsletter, you consent to the processing of your personal data (legal basis is Art. 6 para. 1 lit. a DS-GVO). For the registration to our newsletter, we use the so-called double opt-in procedure. This means that after your registration, we will send you an e-mail to the e-mail address you provided, in which we ask you to confirm that you wish to receive the newsletter. The purpose of this procedure is to be able to prove your registration and, if necessary, to clarify a possible misuse of your personal data. You can revoke your consent to the sending of the newsletter at any time and unsubscribe from the newsletter. You can declare the revocation by clicking on the link provided in each newsletter e-mail, by e-mail to marketing@l-one.de or by sending a message to the contact details provided in the imprint.  

 

If the processing of the data requires the storage of information in your terminal equipment or access to information already stored in the terminal equipment, Section 25 (1), (2) TTDSG is the legal basis for this.  

(4) Duration of data processing  

Your data will only be processed for as long as is necessary to achieve the above-mentioned processing purposes; the legal bases specified in the context of the processing purposes apply accordingly. With regard to the use of cookies, please refer to point A.(5).  

Third parties used by us will store your data on their system for as long as it is necessary in connection with the provision of services for us in accordance with the respective order.  

  

(5) Transfer of personal data to third parties; basis for justification  

The following categories of recipients, which are usually order processors (see A.(7)), may receive access to your personal data:  

 

  • Service providers for the operation of our website and the processing of data stored or transmitted by the systems (e.g. for data center services, payment processing, IT security). The legal basis for the transfer is then Art. 6 para. 1 p. 1 lit. b or lit. f DS-GVO, insofar as these are not order processors;  
  • Government agencies/authorities, insofar as this is necessary for the fulfillment of a legal obligation. The legal basis for the transfer is then Art. 6 para. 1 p. 1 lit. c DS-GVO;  
  • Persons employed to carry out our business operations (e.g. auditors, banks, insurance companies, legal advisors, supervisory authorities, parties involved in company acquisitions or the establishment of joint ventures). The legal basis for the disclosure is then Art. 6 para. 1 sentence 1 lit. b or lit. f DS-GVO.  

 

For the guarantees of an adequate level of data protection in the event of a transfer of data to third countries, see A.(8).   

In addition, we will only share your personal data with third parties if you have given your express consent to do so in accordance with Art. 6 para. 1 p. 1 lit. a DS-GVO. 

(6) Use of cookies, plugins and other services on our website  

a) Cookie  

We use cookies on our websites. Cookies are small text files that are assigned and stored on your hard drive to the browser you are using by means of a characteristic string of characters, and through which certain information flows to the entity that sets the cookie. Cookies cannot execute programs or transfer viruses to your computer and therefore cannot cause any damage. They serve to make the Internet offer as a whole more user-friendly and effective, i.e. more pleasant for you.  

Cookies can contain data that make it possible to recognize the device used. In some cases, however, cookies only contain information on certain settings that cannot be related to a specific person. However, cookies cannot directly identify a user.   

A distinction is made between session cookies, which are deleted as soon as you close your browser, and permanent cookies, which are stored beyond the individual session. With regard to their function, a distinction is made between cookies:  

  • Technical cookies: these are mandatory in order to navigate the website, use basic functions and ensure the security of the website; they do not collect information about you for marketing purposes, nor do they store which web pages you have visited;  
  • Performance cookies: these collect information about how you use our website, which pages you visit and, for example, whether errors occur during website use; they do not collect information that could identify you - all information collected is anonymous and is only used to improve our website and find out what interests our users;  
  • Advertising cookies, targeting cookies: these are used to provide the website user with tailored advertising on the website or offers from third parties and to measure the effectiveness of these offers; advertising and targeting cookies are stored for a maximum of 13 months;  
  • Sharing cookies: these are used to improve the interactivity of our website with other services (e.g. social networks); sharing cookies are stored for a maximum of 13 months.  

  

The legal basis for cookies that are absolutely necessary to provide you with the expressly requested service is Section 25 (2) No. 2 TTDSG. Any use of cookies that is not absolutely technically necessary for this purpose constitutes data processing that is only permitted with your express and active consent pursuant to Section 25 (1) TTDSG in conjunction with Article 6 (1) sentence 1 lit. a DS-GVO. This applies in particular to the use of performance, advertising, targeting or sharing cookies. In addition, we will only disclose your personal data processed by cookies to third parties if you have given your express consent to do so in accordance with Art. 6 (1) p. 1 lit. a DS-GVO.  

  

b) Hosting  

We host the contents of our website with the following providers:  

Strato  

The provider is Strato AG, Otto-Ostrowski-Straße 7, 10249 Berlin (hereinafter "Strato"). When you visit our website, Strato collects various log files including your IP addresses.  

For more information, please refer to Strato's privacy policy: https://www.strato.de/datenschutz/.  

The use of Strato is based on Art. 6 para. 1 lit. f DSGVO. We have a legitimate interest in the most reliable presentation of our website. If a corresponding consent has been requested, processing is carried out exclusively on the basis of Art. 6 (1) a DSGVO and Section 25 (1) TTDSG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) as defined by the TTDSG. The consent can be revoked at any time. 

 

External hosting  

This website is hosted externally. The personal data collected on this website is stored on the servers of the hoster(s). This may include, but is not limited to, IP addresses, contact requests, meta and communication data, contractual data, contact details, names, website accesses and other data generated via a website.  

External hosting is carried out for the purpose of contract performance vis-à-vis our potential and existing customers (Art. 6 para. 1 lit. b DSGVO) and in the interest of a secure, fast and efficient provision of our online offer by a professional provider (Art. 6 para. 1 lit. f DSGVO). Insofar as a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a DSGVO and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) as defined by the TTDSG. The consent can be revoked at any time.  

Our hoster(s) will only process your data to the extent necessary to fulfill their service obligations and follow our instructions regarding this data.  

We use the following hoster(s):  

Vercel Inc.  

340 S Lemon Ave #4133  

Walnut, CA 91789   

  

c) Plugins and tools  

YouTube with enhanced data protection  

This website embeds videos from YouTube. The operator of the pages is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.  

As soon as you start a YouTube video on this website, a connection to YouTube's servers is established. This tells the YouTube server which of our pages you have visited. If you are logged into your YouTube account, you enable YouTube to assign your surfing behavior directly to your personal profile. You can prevent this by logging out of your YouTube account.   

Furthermore, YouTube can save various cookies on your end device after starting a video or use comparable recognition technologies (e.g. device fingerprinting). In this way, YouTube can obtain information about visitors to this website. This information is used, among other things, to collect video statistics, improve the user experience, and prevent fraud attempts.  

If necessary, further data processing operations may be triggered after the start of a YouTube video, over which we have no control.  

YouTube is used in the interest of an appealing presentation of our online offers. This represents a legitimate interest within the meaning of Art. 6 para. 1 lit. f DSGVO. Insofar as a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a DSGVO and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) within the meaning of the TTDSG. The consent can be revoked at any time.  

For more information about data protection at YouTube, please see their privacy policy at: https://policies.google.com/privacy?hl=de

Google has group companies based in the USA. On July 10, 2023, the European Commission adopted the adequacy decision for the EU-U.S. Data Privacy Framework (EU-U.S. DPF). However, data exporters from the EU must note that no general adequate level of data protection can be assumed for transfers to organizations in the USA. They must first check in advance and ensure that the organization to which the transfer is made is certified under the EU-U.S. DPF (see https://vercel.com/legal/privacy-policy#international-transfers). Otherwise, further transfer instruments or additional measures are required. Google has such certification.

 

Font Awesome (local hosting)  

This site uses Font Awesome for consistent font rendering. Font Awesome is installed locally. There is no connection to Fonticons, Inc. servers. Font Awesome allows your browser to display a visually enhanced representation of our text. If your browser does not support this feature, a default font will be loaded from your computer and used to display the text.  

For more information about Font Awesome, please see the Font Awesome privacy policy at: https://fontawesome.com/privacy.  

  

Cookiebot  

Cookiebot CMP (Consent Management Platform) from Usercentrics A/S, Havnegade 39, 1058 Copenhagen (Denmark) is an external plug-in that helps companies make their website privacy compliant. Cookiebot identifies all cookies and trackers on a website.  

We use Cookiebot as an external plug-in to obtain, manage, and document consent from our website users to use these cookies and trackers.  

When consent is given, the tool automatically logs the following information:  

  • Anonymized IP number of the user  
  • Date and time of consent  
  • User agent of the user and browser   
  • URL from which the consent was sent  
  • Anonymous, random and encrypted key  
  • Consent status of the user. This serves as a proof of consent.  

The plug-in ensures that the key and the consent status are stored in the cookie "Cookieconsent" in the user's browser. The purpose of this is to ensure that consent does not have to be requested again during further visits to our website. Once consent has been given, it will be read automatically for up to 12 months on subsequent visits and followed accordingly.  

You can find out more about data protection at Cookiebot here: https://www.cookiebot.com/de/privacy-policy/   

  

Google Plugins  

Google Ads  

We use the ad services of Google Ads as well as Google Ads Remarketing to reach users with our offer. Google Ads is an online advertising program of Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.  

Google Ads enables us to play advertisements in the Google search engine or on third-party websites when the user enters certain search terms on Google (keyword targeting). Furthermore, targeted advertisements can be played on the basis of user data available at Google (e.g. location data and interests) (target group targeting). As the website operator, we can evaluate this data quantitatively by analyzing, for example, which search terms have led to the display of our advertisements and how many ads have resulted in corresponding clicks.  

The use of Google Ads results in the user's IP address being stored. Furthermore, user interactions are tracked and stored to provide the website operator with information about how users arrived at the website.  

The use of Google Ads is based on Art. 6 para. 1 lit. f DSGVO. The website operator has a legitimate interest in marketing its service products as effectively as possible.  

The data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://policies.google.com/privacy/frameworks and https://privacy.google.com/businesses/controllerterms/mccs/.  

You can read all details on data protection regarding Google Ads here: https://ads.google.com/intl/de_de/home/faq/gdpr/ 

 

Google Tag Manager  

For our online presence, we use the Google Tag Manager with which we operate website tags within the framework of an interface management, in order to be able to use e.g. marketing/tracking services from Google or other third-party providers in our website.   

The Google Tag Manager itself does not process any personal data. Regarding the processing of personal data, please refer to the more detailed information on the respective marketing/tracking tools in this privacy policy.  

 

Google Analytics 4 (GA4) 

If you have given your consent, Google Analytics 4 (GA4) is used on this website, hereinafter referred to as "Google Analytics". It is a web analytics service provided by Google LLC. The responsible entity for users in the EU / EEA and Switzerland is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google").  

Google Analytics uses cookies that enable an analysis of your use of our websites. The information collected by means of the cookies about your use of this website is generally transferred to a Google server in the USA and stored there.  

We use the User ID function. With the help of the User ID, we can assign a unique, permanent ID to one or more sessions (and the activities within these sessions) and analyze user behavior across devices.  

We use Google Signals. This allows Google Analytics to collect additional information about users who have enabled personalized ads (interests and demographics), and ads can be delivered to these users in cross-device remarketing campaigns.  

Google Analytics 4 has IP address anonymization enabled by default. Due to IP anonymization, your IP address will be truncated by Google within member states of the European Union or in other states party to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. According to Google, the IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.  

During your website visit, your user behavior is recorded in the form of "events". Events can be:  

  

  • Page views  
  • First visit to the website   
  • Start of session  
  • Your "click path", interaction with the website  
  • Scrolls (whenever a user scrolls to the bottom of the page (90%))  
  • Clicks on external links   
  • Internal search queries  
  • Interaction with videos  
  • Interaction with forms  
  • File downloads  
  • Ads seen / clicked  
  • Language setting   

Also collected:  

  • Your approximate location (region)  
  • Your IP address (in shortened form)  
  • Technical information about your browser and the end devices you use (e.g. language setting, screen resolution)  
  • Your internet service provider  
  • The referrer URL (via which website/ via which advertising medium you came to this website) 

 

Purposes of processing  

On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, and compiling reports on website activity. The reports provided by Google Analytics are used to analyze the performance of our website and the success of our marketing campaigns.  

Recipients of the data are/may be:  

Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (as processor according to Art. 28 DSGVO).  

Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA  

Alphabet Inc, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA  

 

It cannot be ruled out that US authorities access the data stored by Google.  

Insofar as data is processed outside the EU/EEA and there is no level of data protection corresponding to the European standard, we have concluded EU standard contractual clauses with the service provider to establish an appropriate level of data protection. The parent company of Google Ireland, Google LLC, is based in California, USA. A transfer of data to the USA and access by US authorities to the data stored by Google cannot be ruled out. The USA is currently considered a third country from a data protection perspective. You do not have the same rights there as within the EU/EEA. If applicable, you are not entitled to any legal remedies against access by authorities.  

The data sent by us and linked to cookies are automatically deleted after 14 months (GA4) 2. The deletion of data whose retention period has been reached takes place automatically once a month.  

The legal basis for this data processing is your consent pursuant to Art.6 para.1 p.1 lit.a DSGVO and Art. 49a DSGVO.  

You can revoke your consent at any time with effect for the future by calling up the cookie settings and changing your selection there. You can find out how to do this in our cookie declaration at https://www.l-one.de/en-us/cookies. The lawfulness of the processing carried out on the basis of the consent until the revocation remains unaffected.  

You can also prevent the storage of cookies from the outset by setting your browser software accordingly. However, if you configure your browser to reject all cookies, this may result in a restriction of functionalities on this and other websites. In addition, you can prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) to Google and the processing of this data by Google, by  

a. Not giving your consent to the setting of the cookie or  

b. downloading and installing the browser add-on to disable Google Analytics HERE. (We assume no liability for the use of this external tool).  

For more information on Google Analytics' terms of use and Google's privacy policy, please visit https://marketingplatform.google.com/about/analytics/terms/de/ and https://policies.google.com/?hl=de

 

Vercel  

The frontend, or user interface, of this website is hosted on servers of the provider Vercel Inc, 440 N Barranca Ave #4133, Covina, CA 91723 (USA). Vercel may process information from users of this website.  

This information may include, but is not limited to: IP addresses, location information derived from them, system configuration information, and information about traffic to and from the website, collectively referred to as "log data."  

Vercel collects and uses Log Data to operate, maintain, and improve its services and to fulfill obligations under customer agreements. For example, Log Data helps Vercel detect threats, identify malicious third parties, and provide more robust security protection to the website operator.  

All of this information is stored on the Vercel platform as part of the company's services. However, Vercel does not collect or process user IP addresses through the use of the company's analytics services.   

For more information on how Vercel handles user data, please see Vercel's privacy policy: https://vercel.com/legal/privacy-policy   

Vercel is based in the USA. Vercel has DPF certification.

  

Mailchimp  

The website operator uses the Mailchimp marketing platform from Rocket Science Group LLC, 675 Ponce De Leon Ave NE, Ste 5000 Atlanta, GA, 30308-2172 (USA) to collect data from prospective customers and customers in a data-protection-compliant manner via "double opt-in" (which stands for twofold consent). In addition, the tool is used to send newsletters. For these purposes, information from prospects and customers that has been collected via the website is also stored at Mailchimp.  

Data is only collected when it is actively sent by users to the website operator via one of the forms available on the website. The data collection can be done through these three ways:  

  • Via the contact form  
  • Via the form to register for our newsletter  
  • Via the form for downloading premium resources  

In addition to the data users enter directly in the forms, we also collect the form type, the date and time the form was submitted, the opening of the confirmation email, as well as the date and time the confirmation link in the email was clicked, and the approximate location of the user. This data is stored in Mailchimp.  

The purpose of documenting this data is to be able to prove the double opt-in if required. The purpose of collecting this data is to be able to send users personalized content about software development and information about L-One via Mailchimp a maximum of three times a month. The emails can be canceled at any time free of charge.

More information on the handling of user data can be found in Mailchimp's privacy policy: https://www.intuit.com/privacy/statement/.  

Mailchimp is also based in the USA. DPF certification is available (see https://mailchimp.com/de/gdpr/#:~:text=We%20annually%20certify%20with%20the,adopted%20EU%2DUS%20Data%20Privacy).

  

Pipedrive  

The website operator uses the customer relationship management system (CRM) Pipedrive, Pipedrive OÜ, Mustamäe tee 3a, 10615 Tallinn (Estonia), to store and manage information from interested parties and customers and to use it for the purpose of contacting them or sending newsletters. In Pipedrive, we also process data that has been collected via the website.  

Data is only collected if it is actively sent by users to the website operator via one of the existing forms. The data collection can be done through these three ways:  

  • Via the contact form  
  • Via the form to register for our newsletter  
  • Via the form for downloading premium resources.  

In addition to the data that users provide directly in the forms, we also forward information about the type of form and the date on which the confirmation link in the confirmation email was clicked to our CRM.  

In the case of the contact form, this serves the purpose of making the inquiries available internally to the correct contact person as quickly as possible, processing them and quickly establishing contact with the interested parties. Any subsequent communication of the prospects or customers with our account managers is also stored in Pipedrive.  

In the case of the form for registering for our newsletter, as well as the form for downloading premium resources, the purpose of the data processing is to manage the distribution list of our newsletter.  

More information on the handling of user data can be found in Pipedrive's privacy policy: https://www.pipedrive.com/en/privacy   


Wix

At L-One, we use Wix.com to ensure a seamless and efficient online presence. Our goal is to provide our website visitors with a user-friendly and informative platform. Wix.com enables us to intuitively design and customize the structure, design, and content of our website to best meet the needs of our customers and users.

By using Wix.com, we benefit from a variety of tools and features that help us create a dynamic and responsive website. We use these functions to provide relevant content, effectively present our services, and continuously improve the user experience.

The use of Wix.com is in the interest of an appealing presentation of our online offers. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 sentence 1 lit. f GDPR.

For more detailed information, visit the Wix Privacy Policy page: https://www.wix.com/about/privacy.

Wix.com is based in Israel and therefore outside the European Union. According to the EU Commission's report on the adequacy findings of January 2024, the Commission concludes that Israel continues to ensure an adequate level of protection for personal data transferred from the EU. Israel has also tightened data security requirements and strengthened the independence of its data protection supervisory authority through a binding government decision.

Use of Rebrandly

Our company uses the link management platform Rebrandly.com to create customized links and collect data. These links allow us to more effectively track and analyze user interactions and engagement. For this purpose, we store information about users collected via our website on Rebrandly.com. This data is anonymized data on the time (to the hour) of the click on the link, the country of the user, the traffic source (e.g. access via Google search results), their device (desktop or mobile), their browser and the language set in the system.

The purpose of storing this data is to analyze the effectiveness of our customized links and to accordingly adjust our marketing strategies.

The use of Rebrandly is in the interest of an effective presentation of our online offers. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 sentence 1 lit. f GDPR.

For more information, please visit the Rebrandly Privacy Policy page: https://www.rebrandly.com/privacy-policy.


Use of Microsoft Teams  

In the context of consulting sessions or other meetings with interested parties or customers, the website operator uses the Microsoft Teams tool for online-based audio and video conferences.  

The use of Microsoft Teams is in the interest of the efficient use of our online services. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 sentence 1 lit. f GDPR.

More information on the handling of user data can be found in Microsoft's privacy policy: https://privacy.microsoft.com/de-de/privacystatement.  

Microsoft is based in the USA. On July 10, 2023, the European Commission adopted the adequacy decision for the EU-U.S. Data Privacy Framework (EU-U.S. DPF). However, data exporters from the EU must note that no general adequate level of data protection can be assumed for transfers to organizations in the USA. They must first check in advance and ensure that the organization to which the transfer is made is certified under the EU-U.S. DPF. Otherwise, further transfer instruments or additional measures are required. Microsoft Teams has such a certification.

  

Use of Calendly

For online appointments, we use the tool Calendly. We redirect website users to a Calendly appointment booking page when they click on a corresponding link (e.g., "Make an appointment" or "Book an initial consultation").  

In order to book an appointment, you must provide us with your full name, email address and company name via the form. This is so that we can send you an appointment invitation. In addition, this information helps us to prepare for the appointment with you in advance so that we can make the best use of your time. Information about your telephone number and your request is voluntary.  

Data processing for the purpose of making an appointment is based on your voluntarily given consent in accordance with Art. 6 para. 1 p. 1 lit. a DSGVO. For the processing of your personal data, the conditions apply, which you can find in section B (2) in this privacy policy. 

You can find more information on the handling of user data in Calendly's privacy policy: https://calendly.com/en/privacy

Calendly is also based in the USA. DPF certification is available.

 
Hotjar

We use Hotjar on our website to analyze the online behavior of our users and to make our website more user-friendly. Hotjar is a tool for analyzing users behavior on the website. Hotjar records interactions such as mouse movements, scrolling activities and clicks. Hotjar uses cookies and other technologies to collect data about the behavior of the users and their end devices (in particular the IP address of the device (is only recorded and stored in anonymized form), screen size, device type (Unique Device Identifiers), information about the browser used, location (country only), to display the preferred language). Hotjar stores this information in a pseudonymized user profile. Further information can be found in Hotjar's privacy policy at https://www.hotjar.com/legal/policies/privacy/.

Legal basis for the processing

The processing of users' personal data is carried out on the basis of a legitimate interest (Art. 6 para. 1 lit. a GDPR) for the analysis, optimization and economic operation of our online offer.

Data transfer

The data collected by Hotjar is transmitted to Hotjar and stored there. In order to ensure the security of the data during transmission, we have concluded an order processing contract (AV contract) with Hotjar, which obliges Hotjar to protect the data of our users and not to pass it on to third parties.

Right to object

Users have the right to object to the collection of their data by Hotjar on our website at any time.



Dealfront

We use Dealfront, a tool to improve our business information and strategies. Dealfront is used on our website to collect and process data that helps us to better understand and engage with our customers and website visitors.

The processing of data by Dealfront includes, but is not limited to, IP addresses, location information derived from IP addresses and information about traffic to and from our website. This data, classified as "log data", is critical to optimizing our website and ensuring robust security measures.

Dealfront collects and uses this log data to operate and maintain its services, helping us to achieve our business goals. This includes detecting threats and providing a safer digital environment for our website visitors.

Data transfer to Dealfront

We share personal data with Dealfront in order to fulfill the above-mentioned purposes. To ensure the protection of your data and to guarantee compliance with the GDPR, we have concluded a data processing agreement (DPA) with Dealfront.

The processing of users' personal data is carried out on the basis of a legitimate interest (Art. 6 para. 1 lit. a GDPR) to ensure user and website security.

All data collected by Dealfront is stored securely on their platform, adhering to the highest standards of data protection and security.

Your data may be shared within the Dealfront group and with external service providers in order to provide you with the requested services or when required by law.

Deletion and storage

Your personal data will be stored for as long as is necessary for the fulfillment of our contractual and legal obligations. The data will then be deleted unless Dealfront has a legitimate interest in further storage.

You have the right to have your data corrected, deleted or restricted if it is incorrect, unnecessary or if you withdraw your consent.

You can find more detailed information about how we handle user data in cooperation with Dealfront here.


Zapier

As part of our marketing activities, we use Zapier, a tool that enables the automation of workflows between different online services. We use it, to transfer data collected in Website Forms to our CRM.

Data collection via Zapier: We collect personal data from our users when they perform certain actions on our website or use interactive functions that are automated via Zapier. Depending on the interaction, the data collected may include names, e-mail addresses and other information necessary for the provision of our services.

Storage and processing: The data collected via Zapier is stored and processed on secure servers in order to provide the services requested by users. Data processing is always carried out in compliance with the highest security standards.

Legal basis: The processing of personal data via Zapier is based on Art. 6 para. 1 lit. a of the General Data Protection Regulation (GDPR), which allows the processing of personal data with the consent of the data subject.

Data transfer to Zapier: In the course of using Zapier, we transfer personal data to Zapier. This is necessary to enable the processes automated by Zapier.

Order processing contract (AV contract): To ensure the security of data and guarantee compliance with data protection regulations, we have concluded an order processing contract with Zapier. This contract regulates the processing of personal data by Zapier on our behalf and ensures that Zapier processes the data exclusively in accordance with our instructions and in compliance with the GDPR.

Right to object: Users have the right to object to their data being collected and processed by us via Zapier at any time. Such an objection can be made by contacting us using the contact details provided in the legal notice. Please note that exercising this right may in some cases mean that we can no longer offer certain services in full.

More information here: https://zapier.com/legal/data-privacy.

Zapier Inc. is based in the USA and also has a DPF certificate.


LinkedIn Insights Tag

The website operator uses the LinkedIn Insight Tag to collect, store and process data about visits by LinkedIn members, including URLs visited, referrers, IP addresses and technical data such as device and browser details. This is done in strict compliance with data protection standards, including the pseudonymization of data such as IP address shortening.

IP addresses are truncated or hashed (if used for cross-device member reachability), and members' direct identifiers are removed within seven days to pseudonymize the data. This remaining pseudonymized data is then deleted within 180 days.

The legal basis for this is Art. 6 para. 1 lit. a GDPR, based on the consent of the users.

A data processing agreement with LinkedIn guarantees the protection of the transferred data. Users can revoke their consent at any time via the cookie declaration at https://www.l-one.de/cookies and object to data collection via their LinkedIn settings, thereby maintaining their control and privacy.

You can find more information here: https://www.linkedin.com/legal/privacy-policy

Linkedin Corporation is based in the USA and also has a DPF certificate.

d) Social media plugins  

We currently use the following social media plug-ins: Xing, LinkedIn, Facebook, which are only loaded if you have previously activated the function by giving your consent. Through the plug-ins, we offer you the opportunity to interact with the social networks and other users. The legal basis for the use of the plug-ins is Art. 6 para. 1 p. 1 lit. a DS-GVO, i.e. the integration only takes place after your consent.  

The plug-in provider stores the data collected about you as usage profiles and uses them for purposes of advertising, market research and/or demand-oriented design of its website. Such an evaluation is carried out in particular (also for users who are not logged in) for the display of needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, whereby you must contact the respective plug-in provider to exercise this right. The data transfer takes place regardless of whether you have an account with the plug-in provider and are logged in there. If you are logged in to the plug-in provider, your data collected from us will be directly assigned to your account with the plug-in provider. If you click the activated button and, for example, link to the page, the plug-in provider also saves this information in your user account and shares it publicly with your contacts. We recommend that you log out regularly after using a social network, but especially before activating the button, as this allows you to avoid an assignment to your profile with the plug-in provider. 

The information collected is stored on servers of the providers, in the case of international providers also outside Europe. For these cases, the provider has, according to its own information, imposed a standard on itself that corresponds to the former EU-US Privacy Shield and has promised to comply with applicable data protection laws in the international transfer of data.   

The revocation of your consent is possible at any time without affecting the permissibility of the processing until the revocation. The easiest way to revoke is via our Consent Manager or via the functions of the social media providers.  

For more information on the purpose and scope of data collection and its processing by the plug-in provider, please refer to the data protection declarations of these providers communicated below. There you will also receive further information on your rights in this regard and setting options for protecting your privacy. Addresses of the respective plug-in providers and URL of the respective privacy notices:   

  1. Meta Platforms Inc, 1601 S. California Ave, Palo Alto, CA 94304, USA ("Facebook") 

An overview of the Facebook plugins and their appearance can be found here: https://developers.facebook.com/docs/plugins http://www.facebook.com/policy.php 

  1. XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany 

For further information, please refer to the data protection information for the XING Share button at: https://www.xing.com/app/share?op=data_protection 

  1. LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA  

You can find this information at http://www.linkedin.com/legal/privacy-policy