Privacy policy
Live. Online. Interactive.
Agenda
- Privacy notice in accordance with Article 13 GDPR
- DATENSCHUTZINFORMATIONEN FÜR NUTZER DER LOTARO-PLATTFORM
1. Privacy notice in accordance with Article 13 GDPR
Name and address of the data controller
The responsible body within the meaning of the General Data Protection Regulation (GDPR) and other data protection regulations is: Lotaro GmbH Dr.-Rehm-Straße 31 82061 Neuried Deutschland
Telefon: +49 1605507897 E-Mail: support@lotaro.de
Name and address of the data protection officer
The data protection officer of the data controller is: Jörg Hermann Freibadstr. 30 81543 München
Telefon: +49 89 200 033 580 E-Mail: info@jmh-datenschutz.de
General information on data processing
Legal basis for processing personal data
In accordance with Article 13 GDPR, we will inform you of the legal basis for our data processing. If the legal basis is not specified in the privacy notice, the following applies: the legal basis for obtaining consent is Articel 6(1)(a) in conjunction with Article 7 GDPR. The legal basis for processing in order to provide our services and fulfil contractual measures, as well as answering inquiries, is Article 6(1) (b) GDPR. The legal basis for processing in order to fulfil our legal obligations is Article 6(1)(c) GDPR. If the processing of your data is necessary to safeguard the legitimate interests of our company or a third party and if your interests, fundamental rights and fundamental freedoms as the data subject do not outweigh the first interest, Article 6(1)(f) GDPR serves as the legal basis for the processing. In the event that vital interests of the data subject or another natural person require the processing of personal data, Article 6(1)(d) GDPR serves as the legal basis.
Data deletion and storage period
We adhere to the principles of data minimisation in accordance with Article 5(1)(c) GDPR and storage limitation according to Article 5(1)(e) GDPR. We only store your personal data for as long as is necessary to achieve the purposes stated here, or as stipulated by the retention periods provided for by law. After the respective purpose no longer applies or after these retention periods have expired, the corresponding data will be deleted as quickly as possible.
Note on data transfer to third countries
We also use tools from companies based in third countries on our website. If these tools are active, your personal data may be transmitted to the servers of the respective companies. The level of data protection in third countries does not usually correspond to EU data protection legislation. This means that there is a risk that your data will be passed on to authorities in these countries. We have no influence on these processing activities.
External links
This website may contain links to third-party websites or to other websites under our responsibility. If you follow a link to any of the websites outside our control, please note that these websites have their own privacy notices. We do not assume any responsibility or liability for these external websites and their privacy notices. Before using these websites, please check whether you agree with their privacy policies. You can recognise external links either by the fact that they are displayed in a colour which is slightly different from the rest of the text or that they are underlined. Your cursor will show you external links when you move it over such a link. Only when you click on an external link will your personal data be transferred to the destination of the link. The operator of the other website will then receive your IP address, the time at which you clicked on the link, the website you were on when you clicked on the link, and other information that you can find in the respective provider’s privacy notice. Please also note that individual links may result in data transfer outside the European Economic Area. This could give foreign authorities access to your data. You may not be entitled to any legal recourse against such data access. If you do not want your personal data to be transferred to the link destination or potentially even accessed by foreign authorities against your will, please do not click on any links.
Rights of data subjects
As a data subject within the meaning of the GDPR, you have the option to assert various rights. The data subject rights arising from the GDPR are the right to information (Article 15), the right to rectification (Article 16), the right to deletion (Article 17), the right to restriction of processing (Article 18), the right to object (Article 21), the right to lodge a complaint with a supervisory authority and the right to data portability (Article 20). Right of revocation:
Some data processing can only take place with your express consent.You have the option to revoke your consent at any time. However, the lawfulness of the data processing up to the point of revocation is not affected by this. Right of objection:
If the processing is based on Article 6(1)(e) or (f) GDPR, you as the data subject can object to the processing of your personal data at any time for reasons arising from your particular situation. You are also entitled to this right in the case of profiling based on these provisions within the meaning of Article 4(4) GDPR. Unless we can prove a legitimate interest for the processing which overrides your interests, rights and freedoms, or the processing serves the assertion, exercise or defence of legal claims, we will refrain from processing your data after the objection has been made. If the processing of personal data serves the purpose of direct marketing, you also have the right to object at any time. The same applies to profiling associated with direct marketing. Here, too, we will no longer process personal data as soon as you raise an objection. Right to lodge a complaint with a supervisory authority:
If you believe that the processing of your personal data violates the GDPR, you have the right to lodge a complaint with a supervisory authority, in particular in the member state of your place of residence, without prejudice to any other administrative or judicial remedy, your place of work or the location of the alleged violation. Right to data portability:
If your data is processed automatically based on consent or fulfilment of a contract, you have the right to receive this data in a structured, common and machine-readable format. You also have the right to request that the data be transferred and made available to another data controller, insofar as this is technically feasible.
Right of access, rectification and erasure:
You have the right to obtain information about the processing of your personal data with regard to the purpose, categories and recipients of the data processing, as well as the duration of storage. If you have any questions on this topic or on other topics regarding personal data, you can of course contact us using the contact options provided in the legal notice. Right to restriction of processing:
You may assert your right to the restriction of processing of your personal data at any time. To do this, you must meet one of the following requirements: You contest the accuracy of the personal data. While the accuracy of the data is being verified, you have the right to demand that its processing is restricted. If processing is unlawful, you can request the restriction of the use of the data as an alternative to deletion. If we no longer need your personal data for the purposes of processing, but you need the data to assert, exercise or defend legal claims, you can request the restriction of processing as an alternative to deletion. If you object to the processing in accordance with Article 21(1) GDPR, we will weigh up your interests against ours. Until this weighing up is completed, you have the right to request the restriction of processing. The effect of restricting processing is that, apart from storage, the personal data may only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of substantial public interest of the Union or a member state.
Provision of the website (web host)
Our website is hosted by:
Amazon.com Inc. 10 Terry Ave N, Seattle 98109, WA USA The server location is Ireland.
When you access our website, we automatically collect and store information in so-called server log files. Your browser automatically transmits this information to our server or our hosting company’s server. These are:
IP address of the website visitor's end device device used host name of the accessing computer visitor's operating system browser type and version name of the retrieved file time of server request amount of data information on whether the retrieval of the data was successful This data is not merged with other data sources. Instead of operating this website on our own server, we may also commission an external service provider (hosting company) to operate it on their own server, which we have named above in this case. The personal data collected by this website will be stored on the hosting company’s servers. In addition to the data mentioned above, the web host also stores for us, for example, contact requests, contact details, names, website access data, meta and communication data, contract data and other data generated via a website. The legal basis for processing this data is Article 6(1)(f) GDPR . Our legitimate interest is the technically error-free presentation and optimisation of this website. If the website is called up in order to enter into contract negotiations with us or to conclude a contract, this serves as a further legal basis (Article 6(1)(b) GDPR). In the event that we have commissioned a hosting company, a order processing contract will have been agreed with this service provider.
Use of Local Storage Items, Session Storage Items and Cookies
Our website uses local storage items, session storage items and/or cookies. Local storage is a mechanism that enables data to be stored within the browser on your end device. This data usually includes user preferences, such as the "day" or "night" mode of a website, and is retained until you manually delete the data. Session storage is very similar to Local storage, whereas the storage duration only lasts during the current session, so until the current tab is closed. The session storage objects are then deleted from your end device. Cookies are information that a web server (server that provides web content) stores on your end device in order to be able to identify this end device. They are either temporarily deleted for the duration of a session (session cookies) and after your visit to a website or permanently (permanent cookies) on your end device until you delete them yourself or they are automatically deleted by your web browser. These objects can also be stored on your end device by third-party companies when you visit our site (third-party requests). This allows us, as the operator, and you, as a visitor to this website, to make use of certain third-party services installed on this website. Examples are the processing payment services or displaying videos on a website. These mechanisms have a variety of uses. They can improve the functionality of a website, control shopping cart functions, increase the security and comfort of website use and carry out analyses regarding visitor flows and behaviour. Depending on their individual functions, they must be classified in terms of data protection legislation. Are they necessary for the operation of the website and intended to provide certain features (shopping cart feature) or serve to optimize the website (e.g. cookies to measure visitor behaviour), then their use is based on Article 6(1)(f) GDPR. As a website operator, we have a legitimate interest in storing local storage items, session storage items and cookies in order to ensure the technically error-free and optimized provision of our services. In all other cases, local storage items, session storage items and cookies are only stored with your express consent (Article 6(1)(a) GDPR). If local storage items, session storage items and cookies are used by third-party companies or for analysis purposes, we will inform you about this separately in this privacy notice. When required, your consent will be requested and can be revoked at any time.
Use of external services
We use external services on our website. External services are services provided by third parties that are used on our website. This can be done for a variety of reasons, such as embedding videos or website security. When using these services, personal data is also passed on to the respective providers of these external services. If we have no legitimate interest in using these services, we will obtain your revocable consent as a visitor to our website before using them (Article 6(1)(a) GDPR).
Analytics
We process website visitors’ personal data in order to analyse user behaviour. Evaluation of this data enables us to compile information on how visitors use individual components of our website. This allows us to increase the user-friendliness of our website. The analysis tools may be used, for example, to create user profiles for the display of targeted or interest-based advertising messages, to recognise our website visitors the next time they visit our website, to measure their click/scroll behaviour and downloads, to create heat maps, to recognise page views, to measure the length of visits to the website or bounce rates, as well as to trace the origin of website visitors (city, country, the website visitors have come from). The analysis tools help us to improve our market research and marketing activities. Processing only occurs if you expressly give consent to this data processing (via our consent banner on the website). The legal basis for this processing is consent Art. 6(1)(a) GDPR. Without your consent, data processing in the manner described above will not take place. If you revoke your consent (e.g. via the consent banner or other options provided on this website), we will stop this data processing. The lawfulness of the processing carried out until the revocation remains unaffected.
Google Analytics
Our website uses the service Google Analytics. The provider of this service is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. The use of this service may result in data transfer to a third country (USA). The provider of this service is certified according to the EU- U.S. Data Privacy Framework and therefore provides an adequate level of data protection.
Further information can be found in the provider's privacy policy at the following URL: https://policies.google.com/privacy.
Microsoft Azure App Insights
Our website uses the service Microsoft Azure App Insights. The provider of this service is Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521, Ireland. As this service is hosted locally on the web server, no data is transferred to third parties.
Content delivery network (CDN)
We use a content delivery network (CDN) to optimise the performance and availability of our website. For this purpose, the service provider who makes this network available will process your IP address and information about when you visited our website. All further information on data processing by this service provider can be found in the company’s privacy notice. This processing is based on our legitimate interest (Article 6(1)(f) GDPR).
Our legitimate interest in using a content delivery network is to be able to display our website as quickly, securely and reliably as possible.
Bootstrap CDN
Our website uses the service Bootstrap CDN. The provider of this service is Prospect One Ltd., Królewska 65A/1, PL-30-081 Krakau, Poland. The use of this service may result in data transfer to a third country (USA).
Further information can be found in the provider's privacy policy at the following URL: https://www.jsdelivr.com/terms/privacy-policy- jsdelivr-net.
CloudFlare
Our website uses the service CloudFlare. The provider of this service is Cloudflare Germany GmbH, Rosental 7, 80331 München, Germany. The use of this service may result in data transfer to a third country (USA). The provider of this service is certified according to the EU- U.S. Data Privacy Framework and therefore provides an adequate level of data protection.
Further information can be found in the provider's privacy policy at the following URL: https://www.cloudflare.com/privacypolicy/.
Hosting
Hosting is the provision of web space and the files on it by a web hosting service.
This involves the transfer and storage of personal data on the web hosting service's servers. In particular, the IP addresses, meta data and communication data of the users as well as data about the website visitor accesses are processed. When a website visitor accesses the page, a connection to the web hosting service’s servers is established. This results in the processing of personal data of the website visitor. This processing is based on our legitimate interest (Article 6(1)(f) GDPR).
Our legitimate interest is to be able to display our website and make it available on the Internet.
Microsoft-Azure
Our website uses the service Microsoft-Azure. The provider of this service is Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521, Ireland. The use of this service may result in data transfer to a third country (USA). The provider of this service is certified according to the EU- U.S. Data Privacy Framework and therefore provides an adequate level of data protection.
Further information can be found in the provider's privacy policy at the following URL: https://privacy.microsoft.com/de- de/privacystatement.
Interface software
Business processes run faster, more cheaply and with fewer errors if they are automated using software via interfaces. This allows them to be efficiently integrated into the company's processes via its own website or social networks. We use interface software on our website to link different applications and to transfer personal data securely from one application to another. Processing only occurs if you expressly give consent to this data processing (via our consent banner on the website). The legal basis for this processing is consent Art. 6(1)(a) GDPR. Without your consent, data processing in the manner described above will not take place. If you revoke your consent (e.g. via the consent banner or other options provided on this website), we will stop this data processing. The lawfulness of the processing carried out until the revocation remains unaffected.
Google Tag Manager Our website uses the service Google Tag Manager. The provider of this service is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. The use of this service may result in data transfer to a third country (USA). The provider of this service is certified according to the EU- U.S. Data Privacy Framework and therefore provides an adequate level of data protection.
Further information can be found in the provider's privacy policy at the following URL: https://policies.google.com/privacy.
Web fonts
This site uses so-called web fonts for the uniform display of fonts, which are provided by an external provider and loaded by the browser when the website is accessed. When web fonts are loaded, the web font provider becomes aware that our website has been accessed from your IP address, as your browser establishes a direct connection to the web font provider. Processing only occurs if you expressly give consent to this data processing (via our consent banner on the website). The legal basis for this processing is consent Art. 6(1)(a) GDPR. Without your consent, data processing in the manner described above will not take place. If you revoke your consent (e.g. via the consent banner or other options provided on this website), we will stop this data processing. The lawfulness of the processing carried out until the revocation remains unaffected.
Google Fonts
Our website uses the service Google Fonts. The provider of this service is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. The use of this service may result in data transfer to a third country (USA). The provider of this service is certified according to the EU- U.S. Data Privacy Framework and therefore provides an adequate level of data protection.
Further information can be found in the provider's privacy policy at the following URL: https://policies.google.com/privacy.
Web security
We use tools that protect against unauthorised access, spam or other attacks on our website. This increases the security of our website. This processing is based on our legitimate interest (Article 6(1)(f) GDPR).
Our legitimate interest is to be able to guarantee the security of our website and to protect ourselves from unauthorised access, spam and other attacks.
Google Recaptcha
Our website uses the service Google Recaptcha. The provider of this service is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. The use of this service may result in data transfer to a third country (USA). The provider of this service is certified according to the EU- U.S. Data Privacy Framework and therefore provides an adequate level of data protection.
Further information can be found in the provider's privacy policy at the following URL: https://policies.google.com/privacy.
2. DATENSCHUTZINFORMATIONEN FÜR NUTZER DER LOTARO-PLATTFORM
Informationen zum Datenschutz über unsere Verarbeitung von personenbezogenen Daten nach Artikel 13, 14 und 21 der Datenschutzgrundverordnung (DSGVO)
Liebe Nutzerin, lieber Nutzer, gemäß den Vorgaben der Art. 13, 14 und 21 der Datenschutz-Grundverordnung (DSGVO) informieren wir Sie hiermit über die Verarbeitung Ihrer personenbezogenen Daten sowie Ihre diesbezüglichen datenschutzrechtlichen Rechte. Um zu gewährleisten, dass Sie in vollem Umfang über die Verarbeitung Ihrer personenbezogenen Daten im Rahmen der Erfüllung eines Vertrags informiert sind, nehmen Sie bitte nachstehende Information zu Kenntnis.
1. VERANTWORTLICHE STELLE IM SINNE DES DATENSCHUTZRECHTS
Verantwortlich im Sinne von Art. 4 Abs. 7 DSGVO sind die Lotaro GmbH und Ihr Arbeitgeber in gemeinsamer Verantwortlichkeit nach Art. 26 DSGVO. Die Kontaktdaten der Lotaro GmbH sind:
Lotaro GmbH Dr.-Rehm-Straße 31 82061 Neuried
E-Mail: support@lotaro.de
2. KONTAKTDATEN UNSERES DATENSCHUTZBEAUFTRAGTEN
Jörg Hermann, externer Datenschutzbeauftragter jmh datenschutzberatung Freibadstr. 30 81543 München E-Mail: info@jmh-datenschutz.de
3. ZWECKE UND RECHTSGRUNDLAGEN DER VERARBEITUNG
Die Lotaro GmbH verarbeitet Ihre Daten, um Ihnen die Lernplattform zur Verfügung zu stellen, Ihre Zugangsdaten und Ihr Lernbudget zu verwalten und Ihren Lernfortschritt zu messen und diesen in einem Reporting Ihrem Arbeitgeber zur Verfügung zu stellen. Außerdem werden in manchen Fällen nach dem Training die Teilnehmer befragt, um die Qualität der Trainings verbessert. Rechtsgrundlage dieser Verarbeitung ist Art. 6 Abs. 1 lit. b DSGVO, die Erfüllung des Vertrages, den die Lotaro GmbH und ihr Arbeitgeber abgeschlossen. Sofern erforderlich und gesetzlich notwendig, verarbeiten wir Ihre Daten über die eigentlichen Vertragszwecke hinaus zur Erfüllung rechtlicher Verpflichtungen gemäß Art. 6 Abs. 1 lit. c DSGVO.
4. KATEGORIEN PERSONENBEZOGENER DATEN
Wir verarbeiten nur solche Daten, die für die Vertragserfüllung notwendig sind. Das sind Ihr Name, berufliche E-Mail-Adresse, Zugangsdaten, die Lernhistorie und ggfs. Fragen und Kommentare, die der Teilnehmer während des Live-Trainings stellt.
5. QUELLEN DER DATEN
Wir verarbeiten personenbezogene Daten, die wir bei der Begründung eines Vertragsverhältnisses von Ihrem Arbeitgeber erhalten haben oder die wir direkt von Ihnen erhalten.
6. EMPFÄNGER DER DATEN
Wir geben Ihre personenbezogenen Daten innerhalb der Lotaro GmbH ausschließlich an die Bereiche und Personen weiter, die diese Daten zur Erfüllung der vertraglichen und gesetzlichen Pflichten benötigen. Ihre personenbezogenen Daten werden im Auftrag der Lotaro GmbH auf Basis von Auftragsverarbeitungsverträgen nach Art. 28 DSGVO und weiterer Sicherheitsgarantien wie dem EU-USA Data Privacy Framework Program verarbeitet. In diesen Fällen ist sichergestellt, dass die Verarbeitung von personenbezogenen Daten im Einklang mit den Bestimmungen der DSGVO erfolgt. Die Empfänger sind der Videodienstanbieter Zoom, Inc. und der Anbieter der Trainings-Software Arlo Software ltd. Außerdem übermittelt die Lotaro GmbH ein Reporting über Ihren Lernfortschritt und die gebuchten Kurse an Ihren Arbeitgeber, der die Reportings ggfs. für Empfehlungen im Rahmen von Mitarbeitergesprächen nutzt. Sofern Sie uns ein Feedback zu dem Videotraining geben, geben wir dieses an den Trainer weiter.
7. ÜBERMITTLUNG IN EIN DRITTLAND
Einige der eingesetzten Dienstleister befinden sich außerhalb des EWR oder haben Muttergesellschaften in den USA. Der Datentransfer ist in diesen Fällen entweder durch einen Angemessenheitsbeschluss der EU (im Fall Arlo Ltd. mit Sitz in UK) oder entsprechenden vertraglichen Sicherheitsgarantien (EU-Standardvertragsklauseln) abgesichert.
8. DAUER DER DATENSPEICHERUNG
Soweit erforderlich verarbeiten und speichern wir Ihre personenbezogenen Daten für die Dauer unserer Geschäftsbeziehung bzw. zur Erfüllung vertraglicher Zwecke und soweit gesetzliche Aufbewahrungsfristen vorliegen bis zum Ablauf der gesetzlichen Aufbewahrungsfristen.
9. IHRE RECHTE
Jede betroffene Person hat das Recht auf Auskunft nach Art. 15 DSGVO, das Recht auf Berichtigung nach Art. 16 DSGVO, das Recht auf Löschung nach Art. 17 DSGVO, das Recht auf Einschränkung der Verarbeitung nach Art. 18 DSGVO, das Recht auf Mitteilung nach Art. 19 DSGVO sowie das Recht auf Datenübertragbarkeit nach Art. 20 DSGVO. Darüber hinaus besteht ein Beschwerderecht bei einer Datenschutzaufsichtsbehörde nach Art. 77 DSGVO, wenn Sie der Ansicht sind, dass die Verarbeitung Ihrer personenbezogenen Daten nicht rechtmäßig erfolgt. Das Beschwerderecht besteht unbeschadet eines anderweitigen verwaltungsrechtlichen oder gerichtlichen Rechtsbehelfs. Sofern die Verarbeitung von Daten auf Grundlage Ihrer Einwilligung erfolgt, sind Sie nach Art. 7 DSGVO berechtigt, die Einwilligung in die Verwendung Ihrer personenbezogenen Daten jederzeit zu widerrufen. Bitte beachten Sie, dass der Widerruf erst für die Zukunft wirkt. Verarbeitungen, die vor dem Widerruf erfolgt sind, sind davon nicht betroffen. Bitte beachten Sie zudem, dass wir bestimmte Daten für die Erfüllung gesetzlicher Vorgaben ggf. für einen bestimmten Zeitraum aufbewahren müssen.
Widerspruchsrecht Soweit die Verarbeitung Ihre personenbezogenen Daten nach Art. 6 Abs. 1 lit. f DSGVO zur Wahrung berechtigter Interessen erfolgt, haben Sie gemäß Art. 21 DSGVO das Recht, aus Gründen, die sich aus Ihrer besonderen Situation ergeben, jederzeit Widerspruch gegen die Verarbeitung dieser Daten einzulegen. Wir verarbeiten diese personenbezogenen Daten dann nicht mehr, es sei denn, wir können zwingende schutzwürdige Gründe für die Verarbeitung nachweisen. Diese müssen Ihre Interessen, Rechte und Freiheiten überwiegen, oder die Verarbeitung muss der Geltendmachung, Ausübung oder Verteidigung von Rechtsansprüchen dienen. In Einzelfällen verarbeiten wir Ihre personenbezogenen Daten, um Direktwerbung zu betreiben. Sie haben das Recht, jederzeit Widerspruch gegen die Verarbeitung zum Zwecke derartiger Werbung einzulegen. Dies gilt auch für das Profiling, soweit es mit dieser Direktwerbung in Verbindung steht. Widersprechen Sie der Verarbeitung zum Zwecke von Direktwerbung, werden wir Ihre personenbezogenen Daten nicht weiter für diese Zwecke verarbeiten.
Um Ihre Rechte in Anspruch zu nehmen, nutzen Sie bitte die Kontaktdaten, die in Punkt 1 angegeben sind.