In the following, we inform you about who is responsible for processing your personal data, for what purpose and to what extent your personal data is processed and what rights you have.
This privacy policy applies to both the distribution and the operation of the kōno App by C. Josef Lamy GmbH.
In the context of the further development of data protection law and technological or organizational changes, our data protection information is regularly reviewed for the need to adapt or supplement it and adapted as necessary.
This data protection notice has the status of 12/12/2022
C. Josef Lamy GmbH
Grenzhöfer Weg 32
69123 Heidelberg
Germany
Michael Gruber
Externer Datenschutzbeauftragter
BSP-SECURITY
datenschutzbeauftragter@lamy.de
Each time you visit the Lamy websites, usage data is transmitted to us or our web hoster/IT service provider by your Internet browser and stored in log data (so-called server log files). This stored data includes
- Time of the call,
- Name of the page called up,
- IP address (masked),
- browser used,
- operating system used and
- HTTP method.
The legal basis for this data processing is our overriding legitimate interest in ensuring the trouble-free operation of our Lamy websites in accordance with Art. 6 para. 1 p. 1 lit f General Data Protection Policy (GDPR).
This personal data is deleted by us after 90 days.
We use different types of cookies. Below you will find information about these different types.
Technically necessary cookies ensure functions without which our websites cannot be used as intended. These are so-called first party cookies that are only used by us. The legal basis is our overriding legitimate interest in accordance with Art. 6 para. 1 p. 1 lit. f GDPR in the error-free functioning of our Lamy websites. This personal data is deleted by us after 30 days at the latest. You can find further information in our cookie banner under "Cookie details".
Functional cookies are not absolutely necessary for the operation of our Lamy websites, but support their user-friendliness, for example by storing language or location settings for a renewed visit to the Lamy websites. The legal basis for the use of these cookies is your consent in accordance with Art. 6 para. 1 p. 1 lit. a GDPR. This personal data is deleted by us after 90 days at the latest. You can find further information in our cookie banner under "Cookie details".
Analysis cookies collect information about how you use websites. This is to improve their attractiveness, content and functionality. For this purpose, the following information is collected, for example
- the number of times a page or sub-pages are accessed,
- the time spent on the website,
- the order of the pages visited
- which search terms led you to our website
- the country, region, and city from which the access occurred
- the percentage of mobile devices accessing the Lamy websites, and
- which areas of a website are of particular interest to you.
The legal basis for the setting of analysis cookies is your consent in accordance with Art. 6 para. 1 p. 1 lit. a GDPR. We delete this personal data after 12 months at the latest. Further information can be found in section 3 "Analysis and marketing" and in our cookie banner under "Cookie details".
Marketing cookies help us to analyze our advertising campaigns with our advertising partners and to create a profile of your interests in order to show you relevant and targeted advertising on other websites. These are so-called third-party cookies that are set by our advertising partners when you visit our Lamy websites. The legal basis for the setting of marketing cookies is your consent in accordance with Art. 6 para. 1 p. 1 lit. a GDPR. This personal data is deleted by us after 12 months at the latest. Further information can be found in section 3 "Analysis and marketing" and in our cookie banner under "Cookie details".
We use Google Analytics on our Lamy websites. Google Analytics is a web analytics service provided by Google LLC. The responsible service provider in the EU is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (Google LLC and Google Ireland Limited hereinafter jointly "Google").
Google Analytics uses cookies to analyze your use of the Lamy website. Google Analytics thus receives the following information about you:
- Online identifiers including cookie identifiers,
- IP addresses,
- device identifiers and
- identifiers assigned by you.
We receive the following information, for example:
- Access numbers to certain pages within the website (so-called click path),
- Information about times of access (so-called dwell time of the user),
- information about pages from which the user accesses the website (so-called referrer URL),
- information about pages via which the user leaves the website (so-called bounce pages),
- information about the regional origin of users (e.g., sorted by city or country of origin), and
- information about the conversion rate of certain sub-pages.
The Lamy websites use Google Analytics with the extension "_anonymizeIp()" (so-called IP masking). This shortens IP addresses before they are transmitted to the USA within member states of the European Union. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and only shortened there.
On behalf of Lamy, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator.
The information collected in this way is usually transferred to a Google server in the USA and stored there. For the USA, there is no adequacy decision pursuant to Art. 45 GDPR, as the USA cannot provide protection of personal data comparable to the GDPR. Access by US authorities to the data stored by Google cannot be ruled out. We have agreed standard contractual clauses with Google that serve as a guarantee for adequate protection of your data. The standard contractual clauses are available at https://workspace.google.com/terms/mcc_terms.html.
The legal basis for this data processing is your consent pursuant to Art. 6 (1) p. 1 lit. a GDPR. Once you have given your consent, you can revoke it at any time and without giving reasons for the future. The legality of the processing carried out based on the consent until the revocation is not affected by the revocation.
By changing the settings in your Internet browser, you can disable or restrict the transmission of cookies. Cookies that have already been stored can be deleted at any time. This can also be done automatically. If cookies are deactivated for our websites, it may no longer be possible to fully use all functions of the websites.
In addition, you can prevent the collection of data generated by the cookie and related to your use of our websites to Google and the processing of this data by Google by downloading and installing the browser plugin available at the following link ((https://tools.google.com/dlpage/gaoptout?hl=de).
For more information on terms of use of Google Analytics and data protection at Google, please visit https://marketingplatform.google.com/about/analytics/terms/de/ and https://policies.google.com/?hl=de.
We delete this personal data after 12 months.
We use Google Ads for online marketing on our Lamy websites. Google Ads is an online advertising system of Google LLC. The responsible service provider in the EU is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (Google LLC and Google Ireland Limited hereinafter jointly "Google").
We use the conversion tracking tool offered by Google Ads. A so-called conversion occurs when you click on one of our Google Ads ads and then interact with us in some other way, for example by making a purchase or signing up for the newsletter. This allows us to see which keywords, ads and campaigns lead to customer actions. Conversion tracking allows us to evaluate and optimize the success of our advertising efforts.
The Google Ads conversion tracking tool uses cookies for this purpose. As soon as you click on one of Lamy's Google Ads ads and thereby reach one of our Lamy websites, Google Ads stores a cookie. This cookie enables Google Ads to recognize your web browser. If you visit our Lamy websites and the conversion cookie has not yet expired, Google and we recognize that you have clicked on a Google Ads ad from Lamy and were thereby redirected to one of the Lamy websites. The cookie with the conversion data is read by Google and we receive statistical evaluations from Google. We do not collect any personal data ourselves. We have no influence on how Google uses the data. However, according to its own information, Google takes care to maintain the confidentiality and security of conversion data.
By means of conversion cookies, we receive the following information:
- Unique cookie ID,
- number of ad impressions per placement (frequency),
- last impression (relevant for post-view conversions) and
- Opt-out information (marking that you no longer wish to be contacted).
The data collected in this way is usually transferred to a Google server in the USA and stored there. For the USA, there is no adequacy decision according to Art. 45 GDPR, since the USA cannot provide protection of personal data comparable to the European GDPR. Access by US authorities to the data stored by Google cannot be ruled out. We have agreed standard contractual clauses with Google that serve as a guarantee for adequate protection of your data. The standard contractual clauses are available at https://workspace.google.com/terms/mcc_terms.html
The legal basis for this data processing is your consent pursuant to Art. 6 (1) p. 1 lit. a GDPR. Once you have given your consent, you can revoke it at any time and without giving reasons for the future. The legality of the processing carried out based on the consent until the revocation is not affected by the revocation.
By changing the settings in your Internet browser, you can disable or restrict the transmission of cookies. Cookies that have already been stored can be deleted at any time. This can also be done automatically. If cookies are deactivated for our Lamy websites, it may no longer be possible to fully use all functions of the Lamy websites.
In addition, you can prevent the collection of data generated by the cookie and related to your use of the Lamy websites (including your IP address) to Google and the processing of this data by Google by downloading and installing the browser plugin available at the following link (https://tools.google.com/dlpage/gaoptout?hl=de).
For more information on terms of use of Google Ads and data protection at Google, please visit https://support.google.com/google-ads/answer/9028179?hl=de&ref_topic=3119071 https://policies.google.com/?hl=de.
This personal data is deleted by us after 12 months.
We use Google Tag Manager for online marketing on our Lamy websites. The Google Tag Manager is an online advertising system of Google LLC. The responsible service provider in the EU is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (Google LLC and Google Ireland Limited hereinafter jointly "Google").
The Google Tag Manager is a tool that we integrate and manage centrally via a user interface. Tags are small sections of code that track your activities, for example. For this purpose, JavaScript code sections are inserted into the source code of our website, which can come from Google-internal products but also from other providers. We use this to track the following:
- IP address
- Location
- Information on operating system and terminal device
The data collected in this way is usually transferred to a Google server in the USA and stored there. For the USA, there is no adequacy decision according to Art. 45 GDPR, since the USA cannot provide protection of personal data comparable to the European GDPR. Access by US authorities to the data stored by Google cannot be ruled out. We have agreed standard contractual clauses with Google that serve as a guarantee for adequate protection of your data. The standard contractual clauses are available at https://workspace.google.com/terms/mcc_terms.html
The legal basis for this data processing is your consent pursuant to Art. 6 (1) p. 1 lit. a GDPR. Once you have given your consent, you can revoke it at any time and without giving reasons for the future. The legality of the processing carried out based on the consent until the revocation is not affected by the revocation.
By changing the settings in your Internet browser, you can disable or restrict the transmission of cookies. Cookies that have already been stored can be deleted at any time. This can also be done automatically. If cookies are deactivated for our Lamy websites, it may no longer be possible to fully use all functions of the Lamy websites.
In addition, you can prevent the collection of data generated by the cookie and related to your use of the Lamy websites (including your IP address) to Google and the processing of this data by Google by downloading and installing the browser plugin available at the following link (https://tools.google.com/dlpage/gaoptout?hl=de).
For more information on terms of use of Google Tag manager and data protection at Google, please visit https://support.google.com/google-ads/answer/9028179?hl=de&ref_topic=3119071 https://policies.google.com/?hl=de.
This personal data is deleted by us after 12 months.
To analyze user behavior on our website, we use the analytics service FullStory, of FullStory Inc, 120 Ottley Dr NE Ste 100, Atlanta, GA 30324, USA ("FullStory").
FullStory records information about the behavior of website visitors, enabling us to analyze it and improve the user experience on our website. In doing so, FullStory processesthe following data:
Usage patterns:
- Clicks
- Mouse movements
- Scrolling
- Typing (except sensitive information)
Tech specs:
- Browser
- Device type
- Operating system
- Viewfinder size
- Script errors
- IP address (can be disabled)
Navigation:
- Pages visited
- Referrers
- URL parameters
- Session duration
The data collected in this way is generally transferred to a FullStory server in the USA and stored there. For the USA, there is no adequacy decision according to Art. 45 GDPR, as the USA cannot provide protection of personal data comparable to the European GDPR. Access by US authorities to the data stored by FullStory cannot be ruled out. We have agreed standard contractual clauses with FullStory that serve as a guarantee for adequate protection of your data. FullStory's privacy statement is available at https://www.fullstory.com/legal/privacy-policy/
The legal basis for data processing is your consent according to Art. 6 para. 1 p. 1 lit. a) GDPR.
You can revoke your consent for data processing at any time with effect for the future by using the following opt-out link: https://www.fullstory.com/optout/.
This personal data will be deleted by us after 12 months.
We use the analysis tool Meta Ads on our Lamy websites. Meat Ads is a service of Meta Platforms Inc. The responsible service provider in the EU is Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (Meta Platforms Inc. and Meta Ireland Limited hereinafter jointly "Meta").
With the help of Meta Ads, we can adapt our advertising measures to your interests. This is done by a snippet of JavaScript code that is triggered and saves your user behavior on our Lamy websites by means of cookies if you have reached the Lamy websites via a Meta Ad. These cookies allow Meta to match your user data with your Facebook account data. If you are logged in as a Facebook user, your visit to our Lamy websites is automatically assigned to your account.
Meta Ads collects the following information, which is passed on to us:
The data collected in this way is usually transferred to a Meta server in the USA and stored there. For the USA, there is no adequacy decision according to Art. 45 GDPR, since the USA cannot provide protection of personal data comparable to the European GDPR. Access by US authorities to the data stored by Facebook cannot be ruled out. We have agreed standard contractual clauses with Facebook that serve as a guarantee for adequate protection of your data. The standard contractual clauses are available at https://www.facebook.com/legal/EU_data_transfer_addendum.
The legal basis for this data processing is your consent pursuant to Art. 6 (1) p. 1 lit. a GDPR. Once you have given your consent, you can revoke it at any time and without giving reasons for the future. The legality of the processing carried out based on the consent until the revocation is not affected by the revocation.
By changing the settings in your Internet browser, you can disable or restrict the transmission of cookies. Cookies that have already been stored can be deleted at any time. This can also be done automatically. If cookies are deactivated for our websites, it may no longer be possible to fully use all functions of the websites.
Provided you are logged in to Facebook, you can change the settings for advertisements yourself at https://www.facebook.com/about/basics/advertising/ad-preferences. You can find the instructions for this at https://de-de.facebook.com/help/568137493302217.
For more information on the terms of use of the Facebook Pixel and data protection at Meta, please visit https://www.facebook.com/policy.php, https://www.facebook.com/legal/terms/dataprocessing/update and https://de-de.facebook.com/legal/terms/businesstools#.
This personal data will be deleted by us after 12 months.
We use the conversion tracking tool LinkedIn Insight Tag on our website. This is a tool of LinkedIn Corp., 2029 Stierlin Court, Mountain View, CA 94043, USA. The responsible service provider in the EU is LinkedIn Ireland Unlimited, Wilton Place, Dublin 2, Ireland ("LinkedIn").
This tool creates a cookie in your web browser, which enables the collection of, among other things, the following data: IP address, device and browser properties, and page events (e.g. page views). This data is encrypted and anonymized within seven days. We also use the tool for retargeting.
The data collected in this way may be transferred to a LinkedIn server in the USA and stored there. For the USA, there is no adequacy decision according to Art. 45 GDPR, since the USA cannot provide protection of personal data comparable to the European GDPR. Access by US authorities to data stored on LinkedIn cannot be ruled out. We have agreed standard contractual clauses with LinkedIn that serve as a guarantee for adequate protection of your data. You can find further information at https://de.linkedin.com/legal/l/dpa, and https://www.linkedin.com/legal/l/eu-sccs, https://www.linkedin.com/help/linkedin/answer/a427660.
The legal basis for this data processing is your consent pursuant to Art. 6 (1) p. 1 lit. a GDPR. You can revoke your consent once given at any time and without giving reasons for the future. The legality of the processing carried out based on the consent until the revocation is not affected by the revocation.
By changing the settings in your Internet browser, you can disable or restrict the transmission of cookies. Cookies that have already been stored can be deleted at any time. This can also be done automatically. If cookies are deactivated for our websites, it may no longer be possible to fully use all functions of the websites.
This personal data will be deleted by us after 12 months.
We use Twitter Ads on our website. These are tools of Twitter Inc. One Cumberland Place, Fenin Street, Dublin 2 D02 AX07, Ireland.
For example, timelines, embedded tweets, buttons or hashtags are used. We use these functions for targeting. Log data, browser cookie IDs, the ID of your terminal device, hashed e-mail addresses and information about which pages you have visited on Twitter and what actions you have performed are stored. This takes place even if you do not have a Twitter account. If you are logged into your Twitter account, Twitter collects further data. Twitter itself uses the data within and outside of Twitter.
The legal basis for this data processing is your consent pursuant to Art. 6 (1) p. 1 lit. a GDPR. Once you have given your consent, you can revoke it at any time and without giving reasons for the future. The legality of the processing carried out based on the consent until the revocation is not affected by the revocation.
By changing the settings in your Internet browser, you can disable or restrict the transmission of cookies. Cookies that have already been stored can be deleted at any time. This can also be done automatically. If cookies are deactivated for our websites, it may no longer be possible to use all the functions of the websites in full.
For more information, please visit https://twitter.com/en/privacy.
Twitter allows you to deactivate personalized advertising at https://optout.aboutads.info/?c=2&lang=EN when you use Twitter via a browser.
This personal data will be deleted by us after 12 months.
We use on our website the automation tool of Celonis, Inc., One World Trade Center, 87th Floor, New York, NY, 10007, USA.
We use the automation tool to forward data in encrypted form for other GDPR approved tools. Based on your consent, name, email address, end device and type of employment are stored.
The data collected in this way may be transferred to a LinkedIn server in the USA and stored there. For the USA, there is no adequacy decision according to Art. 45 GDPR, since the USA cannot provide protection of personal data comparable to the European GDPR. Access by US authorities to data stored on Celonis Inc. cannot be ruled out. We have agreed standard contractual clauses with LinkedIn that serve as a guarantee for adequate protection of your data. You can find further information at https://www.make.com/en/privacy-notice.
The legal basis for this data processing is your consent pursuant to Art. 6 (1) p. 1 lit. a GDPR. Once you have given your consent, you can revoke it at any time and without giving reasons for the future. The legality of the processing carried out based on the consent until the revocation is not affected by the revocation.
By changing the settings in your Internet browser, you can disable or restrict the transmission of cookies. Cookies that have already been stored can be deleted at any time. This can also be done automatically. If cookies are deactivated for our websites, it may no longer be possible to use all the functions of the websites in full.
This personal data will be deleted by us after 12 months.
We use Typeform from TYPEFORM SL, C/Bac de Roda, 163 (Local), 08018 Barcelona Spain (Typeform) for our contact form. This allows us to provide you with an easy way to contact us.
For this purpose, we share the following personal data with Typeform:
Mandatory data are marked with an *.
Typeform is a recipient of your personal data and acts as a processor for us. The processing of the data provided in this section is not required by law or contract. Without your consent and the transmission of your personal data, we cannot provide you with a contact form. However, you have the possibility to contact us at the following e-mail address info@lamy.de. The data will be stored exclusively for the purpose of transmitting inquiries and responding to them. The obligatory data serve the allocation and the answer of your request.
In addition, Typeform collects the following personal data with the help of cookies: Information about your terminal device (IP address, device information, operating system, browser settings). Furthermore, usage data is collected such as date and time when you used the contact form. Typeform needs this data to ensure the presentation of the contact form and its functionality.
This corresponds to Typeform's legitimate interest (pursuant to Art. 6 para. 1 p. 1 lit. f GDPR) and serves the performance of the contract (pursuant to Art. 6 para. 1 p. 1 lit. b GDPR). You can find more information at: https://help.typeform.com/hc/en-us/articles/360029581691-What-happens-to-my-data.
The legal basis for this processing is your consent pursuant to Art. 6 para. 1 p. 1 lit. a GDPR. You can revoke your consent to the processing of your personal data at any time. The revocation can be made via the specified contact options. Your data will be processed as long as a corresponding consent exists. By declaring the revocation, the lawfulness of the processing carried out so far is not affected.
You can find more information on objection and removal options vis-à-vis Typeform at: https://admin.typeform.com/to/dwk6gt.
This personal data will be deleted by us after 12 months.
For our newsletter service we use the service provider Sendinblue GmbH, Köpenicker Straße 126, 10179 Berlin ("Sendinblue"). Information about Sendinblue can be found at https://de.sendinblue.com/datenschutz-uebersicht/.
If you enter your e-mail address in the box provided for newsletter registration on the landing page and click the checkbox to receive the newsletter, you consent to us processing your e-mail address for this purpose. When registering to receive the newsletter, in addition to your e-mail address, your IP address, your name, and with your consent your occupation, employer type, personal motivation to use the App, your gender as well as the date and time of the request will be stored to provide evidence in the event of misuse of the e-mail address used.
The legal basis for the data processing is your consent in accordance with Art. 6 Para. 1 S. 1 lit. GDPR. You can revoke your consent once given at any time and without giving reasons for the future (by e-mail to datenschutzbeauftragter@lamy.de or via the unsubscribe link provided in each e-mail). The lawfulness of the processing carried out based on the consent until the revocation is not affected by the revocation.
After revocation of the consent, we will delete the data transmitted by you via the request, unless and to the extent that legal, in particular commercial and tax law retention periods are opposed or another legal basis exists.
When you download this app, certain personal data required for this purpose will be transmitted to the corresponding App Store (Apple App Store) or the respective other app provider.
In particular, the e-mail address, user name, customer number of the downloading account, the individual device identification number, payment information and the time of download are transmitted to the App Store or the respective other app provider.
We have no influence on the collection and processing of this data, which is carried out exclusively by the app store selected by you. Accordingly, we are not responsible for this collection and processing; the responsibility for this lies solely with the App Store or the respective other app provider.
As a payment service provider and A part of our tax obligations, we use Stripe Technology Europe Ltd, The One Building, 1, Lower Grand Canal Street, Dublin 2, Ireland.
For this, the data required for the processing of payments and for the invoice, such as name, e-mail address, date of birth and means of payment are processed. If required for tax obligations, the address, tax identification number, company information, as well as the company's online transaction history and sales taxes collected, total tax payments to date, and other relevant information required for processing the business user's tax returns are also processed.
The legal basis for this is Art. 6 para. 1 p. 1 lit. b, f GDPR. You can find more information under https://stripe.com/, https://stripe.com/de/payments, https://stripe.com/de/payments/checkout, https://stripe.com/de/billing, https://stripe.com/de/invoicing, https://stripe.com/de/legal/dpa, https://stripe.com/de/tax, https://stripe.com/de/privacy, and https://stripe.com/de/legal/ssa.
The storage period is based on the legal requirements for tax-relevant data.
We can only provide you with the benefits of our app if certain data required for app operation is processed by us during use.
In order for our app to function properly, your access to the following data or functions is required:
- Automation
- Bluetooth
- Operating aids
- Focus
- Control center and menu bar
- Display
- Volume control
- Lock screen
In addition, access to the following data or functions is based on your consent:
- Installing a browser extension for Chrome, Safari, Firefox and other web browsers
- Installing Apple Shortcuts
- Media and Apple Music
- calendar
- Full disk access
- Files and folders
You can activate or deactivate access to these data or functions at any time.
The legal basis for this is Art. 6 para. 1 p. 1 lit. b GDPR as far as the processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
If this processing is based on your consent the legal basis is Art. 6 para. 1 p. 1 lit. a GDPR. You can revoke your consent to the processing of your personal data at any time. The revocation can be made via the specified contact options. Your data will be processed as long as a corresponding consent exists. By declaring the revocation, the lawfulness of the processing carried out so far is not affected.
Your personal data will be stored as long as the contract is valid. After termination of the contract, the data will be deleted after 6 months at the latest, unless legal regulations stipulate a longer retention period.
We use the following AWS Amazon Web Service to host the app, as Codebase of the app, and to distribute the app
- Amazon EKS
- Elastic Load Balancing
- Amazon Simple Queue Service
- Amazon EC2
- Amazon RDS for MySQL
- Amazon CloudWatch
- Amazon Elastic Container Registry
- Amazon Simple Email Service
We process the following data:
Demographic Data
- Name
- questionnaire analysis
- Email address
Marketing-related Data
- UTM Parameter
Payment-related Data
- IP Address & location
- Subscribed/Purchased Product
- Date of purchase
Product Data
- Behavioral data on usage of the product
- Blocked URLs
- Name of Modes
- To be opened URLs
- Blocked Application
- To be opened Application
- Start & End Time Activated Mode on Device
- Device & System Information
The legal basis for this is Art. 6 para. 1 p. 1 lit. b GDPR as far as the processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
If this processing is based on your consent the legal basis is Art. 6 para. 1 p. 1 lit. a GDPR. You can revoke your consent to the processing of your personal data at any time. The revocation can be made via the specified contact options. Your data will be processed as long as a corresponding consent exists. By declaring the revocation, the lawfulness of the processing carried out so far is not affected.
Your personal data will be stored as long as the contract is valid. After termination of the contract, the data will be deleted after 12 months at the latest, unless legal regulations stipulate a longer retention period.
Regarding Google Analytics and Google Tag Manager, please refer to above.
You have the right
- to request information about your personal data processed by us in accordance with Art. 15 GDPR. In particular, you may request information about the purposes of processing, the categories of personal data processed, as well as the categories of recipients to whom your data have been or will be disclosed. The full scope of your right to information can be found in Art. 15. GDPR.
- In accordance with Art. 16 GDPR, to demand the immediate correction of inaccurate or incomplete personal data stored by us.
- In accordance with Art. 17 GDPR, to request the deletion of your personal data stored by us, unless the processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the assertion, exercise or defense of legal claims.
- In accordance with Art. 18 GDPR, to request the restriction of the processing of your personal data, insofar as the accuracy of the data is disputed by you, the processing is unlawful, but you object to its deletion and we no longer need the data, but you require it for the assertion, exercise or defense of legal claims or you have objected to the processing in accordance with Art. 21 GDPR.
- In accordance with Art. 20 GDPR, to receive your personal data that you have provided to us in a structured, common and machine-readable format or to request that it be transferred to another controller.
- In accordance with Art. 7 (3) GDPR, to revoke your consent given to us at any time. The lawfulness of the processing carried out on the basis of the consent until the revocation is not affected by the revocation.
- object to the processing of your personal data in accordance with Art. 21 GDPR, provided that your personal data is processed on the basis of legitimate interests in accordance with Art. 6 (1) p. 1 lit. f GDPR and insofar as there are grounds for doing so that arise from your particular situation or the objection is directed against direct advertising. In the latter case, you have a general right to object, which will be implemented by us without specifying a particular situation.
- In accordance with Art. 77 GDPR, to complain to a supervisory authority. The competent supervisory authority is:
Der Landesbeauftragte für den Datenschutz und Informationsfreiheit
Baden-Württemberg
Königstraße 10a
70173 Stuttgart
Deutschland
Tel.: 0711 / 615541 – 0
Fax: 0711 / 615541 – 15
https://www.baden-wuerttemberg.datenschutz.de/.
Date 12-12-2022
BY USING OR ACCESSING THE SERVICES IN ANY MANNER, YOU ACKNOWLEDGE THAT YOU ACCEPT THE PRACTICES AND POLICIES OUTLINED IN THE POLICIES, AND YOU HEREBY CONSENT THAT WE WILL COLLECT, USE, AND SHARE YOUR INFORMATION IN THE FOLLOWING WAYS. IF YOU DO NOT AGREE WITH THIS PRIVACY POLICY, YOU MAY NOT USE THE SERVICES. IF YOU USE THE SERVICES ON BEHALF OF ANOTHER INDIVIDUAL OR ENTITY YOU REPRESENT THAT YOU ARE AUTHORIZED BY SUCH INDIVIDUAL OR ENTITY TO ACCEPT THIS PRIVACY POLICY ON SUCH INDIVIDUAL’S OR ENTITY’S BEHALF. YOU REPRESENT AND WARRANT THAT THE INFORMATION THAT YOU ARE INPUTTING IS ACCURATE. Please also refer to the Terms of Use, which are expressly incorporated as if fully recited herein.
The California Consumer Privacy Act of 2018 (“CCPA”) and other California privacy laws provide certain rights for California residents with respect to their privacy, including right to notice, right to access, right to opt out (or right to opt in) of the sale of personal information, if applicable, right to request deletion, and right to equal services and prices. Because your privacy is important to us and as part of our commitment to you as a valued customer, we voluntarily extend the same rights that are available under CCPA and other California privacy laws to all consumers. Any terms defined in the CCPA have the same meaning when used in this notice.
Information We Collect
We collect information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or device (“personal information”). In particular, we may have collected the following categories of personal information from consumers within the last twelve (12) months:
A real name, email address, telephone number, postal address, online identifier, user ID, device ID, domain server, type of device/operating system, browser used to access our services, Internet Protocol address, account name, driver's license number, passport number, or other similar identifiers.
A real name, email address, telephone number, postal address, passport number, driver's license or state identification card number, insurance information (including insurance carrier, insurance plan, member ID, group ID, payer ID), education, employment, employment history, medical information, or health insurance information. Some personal information included in this category may overlap with other categories.
Age, race, ethnicity, color, ancestry, national origin, citizenship, zip code, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information).
Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.
Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep or exercise data.
Browsing history, search history, information on a consumer's interaction with a website, application, or advertisement, referring webpage/source through which you access our services, non-identifiable request IDs, and statistics associated with the interaction between device or browser and our services.
Approximate location (city and state) of the device from which you access out services.
Audio, electronic, visual, thermal, olfactory, or similar information.
Current or past job history.
Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records.
Profile reflecting a person's preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.
Collected? YES
Medical history and health information you provide us, including health conditions, healthcare providers visited, reasons for visit, dates of visit, booking and appointment data (including appointment date/time, provider information, appointment procedure, whether or not user is a new patient for a particular provider).
Collected? NO
Personal Data in emails, letters or online forms that you send or submit to us.
Collected? YES
Personal information does not include:
We obtain the categories of personal information listed above from the following categories of sources:
Use of Personal Information
We may use or disclose the personal information we collect for one or more of the following business purposes:
We will not collect additional categories of personal information or use the personal information we collected for materially different, unrelated, or incompatible purposes without providing you notice.
Sharing Personal Information
We may disclose your personal information to a third party for a business purpose. When we disclose personal information for a business purpose, we enter a contract that describes the purpose and requires the recipient to both keep that personal information confidential and not use it for any purpose except performing the contract.
In the preceding twelve (12) months, we have disclosed the following categories of personal information for a business purpose:
Category A: Identifiers.
Category B: California Customer Records personal information categories.
Category C: Protected classification characteristics under California or federal law.
Category F: Internet or other similar network activity.
Category G: Geolocation Data.
Category I: Professional or employment-related information.
Category L: Medical Data.
Category M: Other Identifying Information That You Voluntarily Chose to Provide.
We disclose your personal information for a business purpose to the following categories of third parties:
In the preceding twelve (12) months, we have not sold any personal information.
Your Rights and Choices
The CCPA provides consumers (California residents) with specific rights regarding their personal information. This section describes your CCPA rights and explains how to exercise those rights.
Access to Specific Information and Data Portability Rights
You have the right to request that we disclose certain information to you about our collection and use of your personal information over the past 12 months. Once we receive and confirm your verifiable consumer request, we will disclose to you:
Deletion Request Rights
You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request, we will delete (and direct our service providers to delete) your personal information from our records, unless an exception applies.
We may deny your deletion request if retaining the information is necessary for us or our service providers to:
Exercising Access, Data Portability, and Deletion Rights
To exercise the access, data portability, and deletion rights described above, please submit a verifiable consumer request to us by email sent to team@lamykono.com.
Only you or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child.
You may only make a verifiable consumer request for access or data portability twice within a 12-month period. The verifiable consumer request must:
We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you. Making a verifiable consumer request does not require you to create an account with us. We will only use personal information provided in a verifiable consumer request to verify the requestor's identity or authority to make the request.
Response Timing and Format
We endeavor to respond to a verifiable consumer request within 45 days of its receipt. If we require more time (up to 90 days), we will inform you of the reason and extension period in writing. If you have an account with us, we will deliver our written response to that account. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option. Any disclosures we provide will only cover the 12-month period preceding the verifiable consumer request's receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.
We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
Non-Discrimination
We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not:
Changes to Our Privacy Notice
We reserve the right to amend this privacy notice at our discretion and at any time. When we make changes to this privacy notice, we will notify you by email or through a notice on our website homepage.
Contact Information
If you have any questions or comments about this notice, our Privacy Statement, the ways in which we collect and use your personal information, your choices and rights regarding such use, or wish to exercise your rights under California law, please do not hesitate to contact us at:
Phone: +1 (646) 998-4244
Email: team@lamykono.com
Postal Address: Lamy Inc., 452 W Broadway, New York, New York, 10012