DATA PROTECTION

1. Data controller
We, Lumics GmbH & Co. KG (Weg beim Jäger 193, 22335 Hamburg, Germany) (hereinafter also referred to as “Lumics”, “we”, “us”), inform you in the following about the processing of your personal data when you use our website: http://lumics-consulting.de/ (“website”).
If you have further questions about data protection in connection with our website or the services offered there, please contact our data protection officer at e-mail address: info@lumics-consulting.de 
2. Scope, purpose and legal basis for processing personal data
We collect and use personal data directly from our users, but also from other sources in the following situations (as shown below):

2.1 Provision of the website and logfile creation
When users visit our website, our system automatically collects data and information from the computer system of the accessing computer during each visit to our Internet website. The following data (“technical information”) are collected:
(1) Information on the browser type and version used to adapt the website to a mobile or desktop version. The data are not saved. We collect and use this technical information for the purposes of (network) security (for example, to enable us to combat cyberattacks), marketing and a better understanding of the needs of our users, as well as to continually improve our website and to enable the respective user to access the website at his computer. The legal basis for the temporary storage of the data is Art. 6 (1) (f) of the General Data Protection Regulation (GDPR).

2.2 Use of the services offered on our website
We offer a number of different services on our Internet website. In order to provide them we have to collect and process the personal data of the user or our customer.

2.2.1 Your online application
After entering and transmitting your data, they are sent directly to the server of our external service provider via an encrypted connection. All data are encrypted on the basis of the SSL protocol. If you log in after your registration with the user data provided, the SSL encryption protocol will be used for this purpose.

2.3 Our legitimate interests in processing personal data If Art. 6 (1) (f) GDPR is the legal basis for the processing, our legitimate interests, in addition to the purposes stated above, are:
• Protection of the company against material and immaterial damages.
• Professionalism (of our products and services)
• Cost optimisation (control and reduction)

2.4 Other processing obligations
If we are required to do so by law, we process personal data to meet retention requirements under commercial or tax law or to fulfil statutory security requirements (for example § 7 of the Aviation Security Act (LuftSiG). You will find further information on retention periods at: “Duration of the data processing”.

2.5 Obligation to provide personal data
For legally prescribed or contractual requirements, we have marked the respective input fields, which you need to fill out, in the input screens on our website so that we can provided the contract or service you desire.


3. Duration of data processing
Your personal data are deleted as soon as they are no longer required for the specified purposes. It is possible that personal data are kept for the period during which claims may be asserted against Lumics (statutory limitation period of three to thirty years). In addition, personal data are stored to the extent and as long as Lumics is obliged to do so by law. Corresponding proof and retention obligations arise from the Commercial Code, Tax Code and Money Laundering Act, among others. The storage periods are up to ten years accordingly.


4. Right to object according to Art. 21 GDPR
You have the right, for reasons relating to your particular situation, to lodge an objection at any time to the processing of your personal data based on Art. 6 (1) (e) or (f) GDPR; this also applies to profiling based on these provisions.

The data controller no longer processes your personal data, unless the controller can show compelling, legitimate reasons for the processing that override your interests, rights and freedoms, or the processing is used for the assertion, exercise or defence of legal claims.

If your personal data is processed to engage in direct marketing, you have the right to lodge an objection against the processing of your personal data for such marketing purposes; this also applies to profiling, if related to such direct marketing.

If you object to the processing for direct marketing purposes, then your personal data will no longer be processed for these purposes.

You have the opportunity in conjunction with the use of information society services – notwithstanding Directive 2002/58/EC – to exercise your right to object by means of automated procedures using technical specifications.


5. Disclosure of personal data to third parties
In order to offer you our products and services, based on our contractual obligations or in accordance with our legitimate interests, we may have to disclose your personal data to third parties inside or outside the Lufthansa Group. These recipients may be categorised as follows: service providers for the collection of applications. Personal data may be transmitted to third countries or international organisations. For your protection and the protection of your personal data, appropriate safeguards in accordance and in keeping with statutory requirements are provided for such data transmissions (particularly the application of EU standard contractual clauses), or an adequacy decision has been issued by the EU (Art. 45 GDPR).

You will find information on EU standard contractual clauses at: http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2010:039:0005:0018:DE:PDF. The EU Commission provides relevant information on its adequacy decisions at: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/adequacy-protection-personal-data-non-eu-countries_en#dataprotectionincountriesoutsidetheeu.
You may also request a copy of the security precautions used at: info@lumics-consulting.de.
Furthermore, we are legally obliged to provide personal data to German and international authorities, Art. 6 (1) (c) GDPR in conjunction with local and international regulations and agreements.


6. Rights of the data subjects
An important concern for Lumics is to make our processes fair and transparent. Therefore, it is essential that data subjects can exercise the following rights, besides the right to object, when the respective legal requirement is met:
- Right to information, Art. 15 GDPR
- Right to correction, Art. 16 GDPR
- Right to deletion (“right to be forgotten”), Art. 17 GDPR
- Right to restrict the processing, Art. 18 GDPR
- Right to data portability, Art. 20 GDPR

To exercise your right, you may use e-mail to contact: info@lumics-consulting.de. In order to process your request and for identification purposes, we would like to point out that we will process your personal data in accordance with Art. 6 (1) (c) GDPR.

Moreover, you have the right to lodge a complaint with a supervisory authority. The supervisory authority for Lumics is:
Der Hamburgische Beauftragte für Datenschutz und Informationsfreiheit
Klosterwall 6 (Block C), 20095 Hamburg
Tel.: (040) 42854-4040
E-mail: mailbox@datenschutz.hamburg.de


7. Consent
If you have given us a consent to process your personal data, we would like to indicate that you may revoke this consent at any time. If you have given us the consent on this website, please visit the page, on which you originally gave the consent in order to revoke the consent in the settings. In all other cases or if you have problems revoking your consent on this Internet website, you may contact: info@lumics-consulting.de. Please note that the consent revoked by you will only have future effect and has no influence on the lawfulness of the processing in the past. In some cases, despite your revocation, we are entitled to continue to process your personal data on another legal basis – e.g. to fulfil a contract.


8. Disclaimer and limits of these privacy notices
These data protection notices apply only to processing of the website: http://lumics-consulting.de/. Other websites are not covered by these data protection notices and provide their own specific data protection notices.