Privacy Policy

Date: May 7th 2023

lelect | 101skills GmbH
Rostocker Str. 68
20099 Hamburg
mail@lelect.com

We develop data-saving and privacy-friendly applications and tools with passion from Germany.

As a German quality provider, lelect places the utmost importance on the protection and security of your data, and is committed to the principle of data minimization. Personal data is only stored for the purpose of communication and participation in projects, as well as for providing our internet services. The collection and storage of personal data is carried out in compliance with the applicable data protection regulations in accordance with the European General Data Protection Regulation (GDPR).

We are happy to provide you with detailed information below on how your data is treated with care and diligence.

Basic information on data processing and legal bases

This privacy policy informs you about the nature, scope and purpose of the processing of personal data within our online offering and the associated websites, functions and content (hereinafter jointly referred to as „online offering“ or „website“). The privacy policy applies regardless of the domains, systems, platforms and devices (e.g. desktop or mobile) on which the online offering is executed.

The terms used, such as „personal data“ or its „processing,“ refer to the definitions in Art. 4 of the General Data Protection Regulation (GDPR).

Personal data of users processed within the scope of this online offering includes inventory data (e.g. names and addresses of customers), contractual data (e.g. services used, names of contact persons, payment information), usage data (e.g. the visited pages of our online offering, interest in our products) and content data (e.g. entries in contact forms).

The term „user“ includes all categories of persons affected by data processing. These include our business partners, customers, interested parties and other visitors to our online offering. The terms used, such as „user,“ are to be understood in a gender-neutral manner.

We only process personal data of users in compliance with the applicable data protection regulations. This means that user data is only processed if there is a legal basis for processing. This includes, in particular, when data processing is necessary for the provision of our contractual services (e.g. processing of orders) and online services, if there is a legal obligation to do so, if the user has given their consent, and based on our legitimate interests (i.e. interest in the analysis, optimization and economic operation and security of our online offering in accordance with Art. 6 para. 1 lit. f. GDPR, as well as the collection of access data and use of third-party services).

We would like to point out that the legal basis for consents is Art. 6 para. 1 lit. a. and Art. 7 GDPR, the legal basis for the processing for the performance of our services and the execution of contractual measures is Art. 6 para. 1 lit. b. GDPR, the legal basis for the processing for the fulfillment of our legal obligations is Art. 6 para. 1 lit. c. GDPR, and the legal basis for the processing for the protection of our legitimate interests is Art. 6 para. 1 lit. f. GDPR.

Security measures

We take organizational, contractual, and technical security measures in accordance with the state of the art to ensure that the provisions of data protection laws are complied with and to protect the data processed by us against accidental or intentional manipulation, loss, destruction, or unauthorized access by third parties.

Disclosure of data to third parties and third-party providers.

Disclosure of data to third parties is only carried out within the framework of legal requirements. We only disclose user data to third parties if, for example, this is necessary for contractual purposes under Art. 6 para. 1 lit. b) GDPR, or based on legitimate interests pursuant to Art. 6 para. 1 lit. f. GDPR for the economic and effective operation of our business operations. If we use subcontractors to provide our services, we take appropriate legal precautions and corresponding technical and organizational measures to ensure the protection of personal data in accordance with the relevant legal provisions.

If content, tools, or other means from other providers (hereinafter collectively referred to as „third-party providers“) are used within the scope of this data protection declaration and their stated location is in a third country, it must be assumed that a data transfer to the states of the third-party providers takes place. Third countries are countries in which the GDPR is not directly applicable law, i.e., generally countries outside the EU or the European Economic Area. The transfer of data to third countries takes place either if an adequate level of data protection, consent of the users or other legal permission exists.

Provision of contractual services

We process inventory data (e.g., names as well as contact data of users), contractual data (e.g., services used, names of contact persons, payment information) for the purpose of fulfilling our contractual obligations and services pursuant to Art. 6 para. 1 lit. b. GDPR.

As part of the registration process, the necessary mandatory information is communicated to the users. User accounts are not public and cannot be indexed by search engines. If users have terminated their user account, their data with respect to the user account will be deleted, subject to retention being necessary for commercial or tax reasons pursuant to Art. 6 para. 1 lit. c GDPR. It is up to the users to secure their data before the end of the contract in the event of termination. We are entitled to irretrievably delete all data stored about the user during the term of the contract.

As part of registration and re-registration as well as the use of our online services, we store the IP address and the time of the respective user action. The storage is based on our legitimate interests as well as the users‘ interest in protection against misuse and other unauthorized use. These data are not disclosed to third parties, except if necessary for the pursuit of our claims or there is a legal obligation pursuant to Art. 6 para. 1 lit. c GDPR.

We process usage data (e.g., the visited web pages of our online offer, interest in our products) and content data (e.g., entries in the contact form or user profile) for advertising purposes in a user profile, in order to display product information to the user, for example, based on their previously used services.

Contact

When contacting us (via contact form or email), the user’s information will be processed according to Art. 6 para. 1 lit. b) GDPR for the purpose of processing the contact request and its handling.
The user’s information may be stored in our customer relationship management system („CRM system“) or comparable request organization.

Collection of access data and log files

Based on our legitimate interests within the meaning of Art. 6 para. 1 lit. f GDPR, we collect data on every access to the server on which this service is located (so-called server log files). The access data includes the name of the accessed website, file, date and time of access, amount of data transferred, message about successful access, browser type and version, the user’s operating system, referrer URL (the previously visited page), IP address and the requesting provider.
Log file information is stored for a maximum of three days for security reasons (e.g. to investigate misuse or fraudulent activity) and then deleted. Data whose further storage is necessary for evidentiary purposes is excluded from deletion until the respective incident has been finally clarified.

Cookies & Reach Measurement

Cookies are information that is transmitted from our web server or third-party web servers to the web browser of the user and stored there for later retrieval. Cookies can be small files or other types of information storage.
We use „session cookies“ that are only stored for the duration of the current visit to our online presence (e.g. to enable the storage of your login status or the shopping cart function and thus to enable the use of our online offer at all). In a session cookie, a randomly generated unique identification number is stored, a so-called session ID. In addition, a cookie contains information about its origin and storage period. These cookies cannot store any other data. Session cookies are deleted when you end the use of our online offer, e.g. by logging out or closing the browser.

Users will be informed about the use of cookies within the context of pseudonymous reach measurement in this privacy policy. If users do not want cookies to be stored on their computer, they are asked to deactivate the corresponding option in their browser’s system settings. Stored cookies can be deleted in the browser’s system settings. The exclusion of cookies may lead to functional limitations of this online offer.

Users can object to the use of cookies for reach measurement and advertising purposes via the deactivation page of the Network Advertising Initiative (http://optout.networkadvertising.org/) and additionally the US-American website (http://www.aboutads.info/choices) or the European website (http://www.youronlinechoices.com/uk/your-ad-choices/).

Newsletter

We offer the possibility to subscribe to our newsletter on our website. After subscribing, we will regularly inform you about the latest news regarding our offers. A valid email address is required for the newsletter registration. To verify the email address, you will first receive a registration email that you need to confirm via a link (double opt-in). If you subscribe to the newsletter on our website, we process personal data such as your email address and name based on your consent, which you have given. The processing is based on the legal basis of Art. 6 para. 1 letter a GDPR. You can revoke your consent at any time with effect for the future, for example via the „unsubscribe“ link in the newsletter or by contacting us through the channels mentioned above. The lawfulness of the data processing operations carried out before the revocation remains unaffected.

When you register for the newsletter, we also store your IP address as well as the date and time of the registration. The processing of this data is necessary to be able to provide evidence of your consent. The legal basis is derived from our legal obligation to document your consent (Art. 6 para. 1 letter c in conjunction with Art. 7 para. 1 GDPR).

Furthermore, we analyze the reading behavior and opening rates of our newsletter. We evaluate the data generated upon delivery and retrieval of our emails in an aggregated and anonymized form (delivery rate, opening rate, click-through rates, unsubscribe rate, bounce rate, visits, conversions) in order to measure the use and success of the emails. The legal basis for analyzing our newsletter is Art. 6 para. 1 letter f GDPR, and the processing serves our legitimate interest in optimizing our newsletter. You can object to this at any time by contacting one of the contact channels mentioned above.

On the other hand, we also analyze data that is generated when you retrieve and use these emails (opening time, clicked hyperlinks, downloaded documents) as well as motion data on downstream web pages, in connection with your email address, in order to provide you with personalized information in the future that best reflects your interests and needs. We use the collected anonymous as well as personal data to provide you with personalized content and individualized information in our promotional emails and downstream web pages. The legal basis for data processing in the context of emails is Art. 6 para. 1 letter a GDPR. You can revoke your consent at any time with effect for the future, for example via the „unsubscribe“ link in the newsletter or by contacting us through the channels mentioned above.

For the management of subscribers, the distribution of the newsletter, and the analysis, we use the service Sendinblue (Sendinblue GmbH). Therefore, we transmit your email address to the service provider. If you do not want your data to be processed by this service provider, you should not subscribe to the newsletter or unsubscribe from it.

Integration of third-party services and content

Based on our legitimate interests (i.e. interest in analyzing, optimizing, and economically operating our online offering within the meaning of Art. 6 para. 1 lit. f. DSGVO), we use content or service offers from third-party providers to integrate their content and services, such as videos or fonts (hereinafter uniformly referred to as „content“). This always requires that the third-party providers of this content perceive the IP address of the users, as they could not send the content to their browser without the IP address. The IP address is therefore necessary for the display of this content. We make every effort to only use content whose respective providers use the IP address solely for the delivery of the content.
The following overview provides an overview of third-party providers and their content, along with links to their privacy policies, which provide further information on the processing of data and, in some cases already mentioned here, opt-out options (so-called opt-out):

  • If our customers use third-party payment services (such as PayPal or Sofortüberweisung), the terms and privacy policies of the respective third-party providers apply, which can be accessed within the respective websites or transaction applications.
  • The payment processing is carried out by the payment service provider paddle.com, 18-29 Mora Street, London, EC1V 8BT, United Kingdom, subject to the terms and conditions at https://www.paddle.com/legal/terms.
  • We use the server hosting services of Scalingo SAS („Scalingo“), 3 place de Haguenau, 67000 Strasbourg, France. Scalingo stores data exclusively in France and is certified according to ISO 27001. More information can be found in the privacy policy: https://scalingo.com/data-processing-agreement.
  • We use the services of OpenAI L.L.C. („OpenAI“), 3180 18th Street, San Francisco, CA 94110, USA, and REPLICATE INC., 2261 market street, San Francisco, CA 94114, USA for the lelect AI assistance. No personal data of our users is processed. More information can be found in the privacy policy of OpenAI: https://openai.com/privacy/ or the privacy policy of Replicate: https://replicate.com/privacy.
  • For providing videos, we use the provider Vimeo Inc., 555 West 18th Street, New York, New York 10011. Privacy policy: https://vimeo.com/privacy.
  • For hosting files, we use Scaleway S.A.S., BP 438, F-75366 Paris Cedex 08. Privacy policy: https://www.scaleway.com/en/privacy-policy/.
  • For hosting vector data, we use Qdrant Solutions GmbH, Chausseestraße 86, 10115 Berlin. Privacy policy: https://qdrant.tech/legal/privacy-policy/.

Users‘ rights

Users have the right to request free information about the personal data that we have stored about them. In addition, users have the right to correct incorrect data, restrict processing, and delete their personal data, if applicable, to assert their rights to data portability, and in the event of unlawful data processing, to file a complaint with the responsible supervisory authority. Users can also revoke their consent, generally with effect for the future.

Data deletion

The data stored with us will be deleted as soon as they are no longer necessary for their intended purpose and there are no legal storage obligations to the contrary. If the users‘ data is not deleted because it is necessary for other and legally permissible purposes, its processing is restricted. This means that the data is blocked and not processed for other purposes. This applies, for example, to users‘ data that must be retained for commercial or tax law reasons. According to legal requirements, the storage is carried out for 6 years in accordance with § 257 para. 1 HGB (commercial books, inventories, opening balance sheets, annual financial statements, commercial letters, accounting documents, etc.) and for 10 years in accordance with § 147 para. 1 AO (books, records, management reports, accounting documents, commercial and business letters, documents relevant for taxation, etc.).

Right of objection

Users can object to future processing of their personal data in accordance with legal requirements at any time. The objection may be made in particular against processing for the purposes of direct advertising.


Changes to the privacy policy

We reserve the right to change the privacy policy to adapt it to changed legal situations or changes in the service or data processing. However, this only applies with regard to declarations of data processing. If users‘ consent is required or if the privacy policy contains provisions regarding the contractual relationship with the users, the changes will only