1. Name and address of the responsible person
The responsible person within the meaning of the basic data protection regulation and other national data protection laws of the member states as well as other data protection regulations is:
LASOS Lasertechnik GmbH
2. Name and address of the data protection officer
The data protection officer of the responsible person is:
IT-Consultant & Datenschutz
ERFA-Kreisleiter der GDD in Thüringen
3. General for data processing
3.1 Scope of processing of personal data
In principle, we process personal data of our users only insofar as this is necessary to provide a functioning website and our content and services. The processing of personal data of our users takes regularly place only with the consent of the user. An exception applies in cases where the processing of the data is permitted
3.2 Legal basis for the processing of personal data
Insofar as we obtain the consent of the data subject for processing of personal data, Art. 6 para. 1 lit. a EU General Data Protection Regulation (GDPR) is the legal basis for the processing of personal data. In the processing of personal data necessary for the performance of a contract to which the data subject is
a party, the legal basis is Art. 6 para. 1 lit. b GDPR. This also applies to processing operations required to carry out pre-contractual actions.
Insofar as processing of personal data is required to fulfill a legal obligation to which our company relies, Art. 6 para. 1 lit. c GDPR is the legal basis.
If processing is necessary to secure the legitimate interests of our company or a third party, and if the interests, fundamental rights and freedoms of the data subject do not prevail over the first interest, Art. 6 para. 1 lit. f GDPR applies as legal basis.
3.2.1 Data deletion and storage duration
The personal data of the data subject will be deleted or blocked as soon as the purpose of the storage is deleted. In addition, such storage may take place if provided by the European or national legislator in EU regulations, laws or other regulations to which the controller is subject. A blocking or deletion of the data
will also be provided if a storage period is prescribed by the previously mentioned standards expires, unless there is a need for further storage of the data for conclusion of a contract or fulfillment of the contract.
4. Provision of the website and creation of log files
4.1 Description and scope of data processing
Each time our website is accessed, our system automatically collects data and information from the computer system of the calling computer.
The following data is collected thereby:
- Information about the browser type and version used by Typo3
- The user’s operating system through Typo3
- The IP address of the user through Typo3
- Date and time of access by Typo3
- Websites from which the user’s system accesses the website through Typo3
The data is also stored in the log files of our system. A storage of this data together with other personal data of the user does not take place.
4.2 Legal basis for data processing
Legal basis for the temporary storage of data and log files is Art. 6 para. 1 lit. f GDPR.
4.3 Purpose of the data processing
The temporary storage of the IP address by the system is necessary to enable delivery of the website to the computer of the user. For this purpose, the IP address of the user must be stored for the duration of the session.
Storage in log files is done to ensure the functionality of the website. In addition to this the data helps to optimize the website and the secure the safety of our systems. In this context an evaluation of the data for marketing purposes takes not place.
Our legitimate interest relies mainly in this sense of data processing according to Art. 6 para. 1 lit. f GDPR.
4.4 Duration of storage
The data is deleted as far as the purpose of their collection is achieved. In the case of the collection of the data for the provision of the website it is when the respective session is completed. In the case of storing the data in log files, the data is deleted after seven days at latest. An additional storage is possible. In this case, the IP addresses of the users are deleted or alienated, so that an assignment of the calling client is no longer possible.
4.5 Objection and disposal option
The collection of the data in the log file is mandatory for the operation of the website, so that there is no option of objection for the user.
5.1 Description and scope of data processing
The following data is stored and transmitted in the cookies:
- the Typo3 session ID
5.2 Legal basis for data processing
The legal basis for the processing of personal data using cookies is Art. 6 para. 1 lit. f GDPR.
5.3 Purpose of the data processing
- Identification of the user session through the server
- Preventing attacks on the server
In these purposes relies our legitimate interest in the processing of personal data according to Art. 6 para. 1 lit. f GDPR.
5.4 Duration of storage, objection and removal opportunity
also be done automatically. If cookies are disabled for our website, it may be not possible to use all features of the website.
5.5 Cookie / Consent Banner
We use the “Real Cookie Banner” consent tool to manage the cookies and similar technologies used (tracking pixels, web beacons, etc.) and the relevant consents. Details on how “Real Cookie Banner” works can be found at https://devowl.io /de/rcb/datenverarbeitung/.
The legal basis for the processing of personal data in this context is Art. 6 (1) (c) GDPR and Art. 6 (1) (f) GDPR. Our legitimate interest is the management of the cookies and similar technologies used and the relevant consents.
The provision of personal data is neither contractually required nor necessary for the conclusion of a contract. You are not obliged to provide the personal data. If you do not provide the personal data, we cannot manage your consents.
6. E-mail contact
6.1 Description and scope of data processing
On our website buttons are available with which a request can be sent to us via a pre-defined mask. If a user realizes this possibility, the data entered in the e-mail will be transmitted to us and stored. The information is:
- E-mail address
- Requested product
- Text of the request
All information is voluntary.
In this context, there is no disclosure of the data to third parties. The data is used exclusively for processing the conversation.
6.2 Legal basis for data processing
Legal basis for the processing of the data is in the presence of the consent of the user Art. 6 para. 1 lit. a GDPR.
The legal basis for the processing of the data transmitted in the course of sending an e-mail is Art. 6 para. 1 lit. f GDPR.
If the e-mail contact aims to conclude a contract, then the additional legal basis for the processing of data is Art. 6 para. 1 lit. b GDPR.
6.3 Purpose of the data processing
The processing of the personal data from the e-mail serves only to process the contact. This is the necessary legitimate interest in the processing of the data.
6.4 Duration of storage
The data will be deleted as soon as it is no longer necessary for the purpose of its collection. For the personal data sent by e-mail, this appears when the respective conversation with the user has ended. The conversation is ended when it can be inferred from the circumstances that the relevant facts have been finally clarified.
The additional personal data collected during the sending process will be deleted at the latest after a period of seven days.
6.5 Objection and removal opportunity
The user has the possibility to withdraw his consent to the processing of the personal data at any time. If the user contacts us by e-mail, he may object to the storage of his personal data at any time. In such a case, the conversation cannot continue. All personal data stored in the course of contacting will be deleted in
7. Google Analytics
7.1 Description and scope of data processing
We use the component Google Analytics on our website. Google Analytics is a web analytics service provided by Google Inc., 1600 Amphitheater Pkwy, Mountain View, CA 94043-1351, USA. Web analytics is the collection and analysis of data about the behavior of users on our website. Among other things, a web
analysis service collects data on which website the user came to a website, which subpages of the website were accessed or how often and for which length of stay a subpage was viewed.
We use the addition “_gat._anonymizeIp” for web analysis via Google Analytics. By this addition the IP address of the user will be shortened by Google and thus anonymized, if the access to our website is from a member state of the European Union or from another state party to the agreement on the European
Economic Area. An assignment of the shortened address to a specific or identifiable person is no longer possible.
Google Analytics places a cookie on the user’s computer. By using this cookie Google is enabled to analyze the usage of our website. Each time one of the pages of this website is called, the Internet browser on the user’s computer is automatically caused by the respective Google Analytics component to transmit data to
Google for the purpose of online analysis. In the course of this technical process, Google receives knowledge about personal data, such as the IP address of the data subject, which, among other things, helps Google to understand the origin of visitors and clicks.
The cookie stores personally identifiable information, such as access time, the location from which the access was made and the frequency of site visits by the user. Each time a user visits our website, this information, including the IP address of the Internet connection used by the data subject, is transmitted to Google in the United States. This personal information is also stored by Google in the United States. Google may transfer such personal data collected through the technical process to third parties.
7.2 Legal basis for data processing
The legal basis for processing the data is Art. 6 para. 1 lit. f GDPR.
7.3 Purpose of the data processing
The purpose of using Google Analytics is to analyze traffic flows on our website. Google uses the data and information obtained to evaluate the use of our website, to compile online reports showing the activities on our websites and to provide other services related to the use of our website. This allows us to optimize
our website further for the user.
In these purposes relies our legitimate interest in the processing of personal data according to Art. 6 para. 1 lit. f GDPR.
7.4 Duration of storage
The data stored via Google Analytics will be deleted automatically after 56 weeks.
7.5 Objection and removal opportunity
The user can prevent the storage of cookies through our website, as already stated, at any time by means of a corresponding setting of the Internet browser used and thus permanently contradict the storage of cookies. In addition, a cookie already stored by Google Analytics can be deleted at any time via the Internet
browser or other software programs.
Furthermore, it is possible for the user to object to the collection of data generated by Google Analytics and the processing of this data by Google and to prevent such. To do this, the user must download and install a browser add-on via https://tools.google.com/dlpage/gaoptout. This browser add-on automatically informs
Google Analytics after installation that no data and information about the user’s visits of websites shall not be transmitted to Google. The installation of the browser add-on is a contradiction. If the user’s system is deleted, formatted and reinstalled in the future, the user must reinstall the browser add-on to disable
7.6 Further information
8. Processing of data in countries outside the European Economic Area
If we process data in third countries (non-EU / EEA countries) or transmit them to companies in third countries, we will only do so if authorized by you or by law. If the Commission does not have an adequacy decision in accordance with Art. 45 GDPR for the affected third country, so if there is no adequate level of
data protection in the third country, we ensure via contractual provisions (standard EU data protection clauses) or other suitable guarantees within the meaning of Art. 46 GDPR that your privacy and personal data are protected in an appropriate and legal manner also in the company in the third country.
9. Security of your personal data
LASOS Lasertechnik GmbH uses technical and organizational security measures to protect your personal data from accidental or intentional manipulation, loss, destruction or access by unauthorized persons. Our security measures are continuously improved according to technological developments.
10. Rights of the data subject
If your personal data is processed, you as the data subject have the following rights towards the controller.
To assert your rights below, please contact:
LASOS Lasertechnik GmbH
Tel. +49 3641 2944 -0
Fax. +49 3641 2944 -300
10.1 Right to Information
You may ask the person in charge to confirm if personal data concerning you is processed by us.
If such processing is available, you can request information from the responsible person about the following
- the purposes for which the personal data are processed;
- the categories of personal data being processed;
- the recipients or categories of recipients to whom the personal data relating to you have been disclosed or will be disclosed;
- the planned duration of the storage of your personal data or, if specific information is not available, criteria for determining the duration of storage;
- the existence of a right to correction or cancellation of personal data concerning you, a right to restriction of processing by the controller or a right to object to such processing;
- the existence of a right of appeal to a supervisory authority;
- all available information on the source of the data if the personal data is not collected from the data subject;
- the existence of automated decision-making including profiling under Article 22 (1) and (4) GDPR and, at least in these cases, meaningful information about the logic involved as well as the scope and intended impact of such processing on the data subject.
You have the right to request information about whether your personal information relates to a third country or an international organization. In this relation, you can request the appropriate guarantees in accordance with. Art. 46 GDPR in connection with the transfer.
10.2 Right to rectification
You have a right to rectification and / or completion to the controller, if the processed personal data is incorrect or incomplete. The processor must make the correction without delay.
10.3 Right to restriction of processing
You may request the restriction of the processing of your personal data under the following conditions:
- if you contest the accuracy of your personal information for a period of time that enables the controller to verify the accuracy of your personal information;
- the processing is unlawful and you refuse the deletion of the personal data and demand instead the restriction of the use of the personal data;
- the controller no longer needs the personal data for the purposes of processing, but you need it to assert, exercise or defend legal claims; or
- if you have objected to the processing according to Art. 21 para. 1 GDPR and it is not certain yet whether the legitimate reasons of the controller outweigh your reasons.
If the processing of personal data concerning you has been restricted, this data – accept of its storage – may only be used with your consent or for the purpose of asserting, exercising or defending legal claims or protecting the rights of another natural or legal person or for reasons of important public interest of the Union or a Member State.
If the processing was restricted according to the previously mentioned requirements, you will be informed by the person in charge before the restriction is lifted.
10.4 Right to cancellation
10.4.1 Cancellation obligations
You may require the controller to delete your personal information without delay, and the controller is required to delete that information immediately if one of the following applies:
- Personal data concerning you is no longer necessary for the purposes for which they were collected or otherwise processed.
- You withdraw your consent, on which the processing relied according to Art. 6 para. 1 lit. a or Art. 9 para. 2 lit. GDPR and there is no other legal basis for this processing.
- You object the processing according to Art. 21 para. 1 or Art. 21 para. 2 GDPR and there are no prior justifiable reasons for the processing.
- Your personal data have been processed unlawfully.
- The deletion of your personal data shall be required to fulfill a legal obligation under Union law or the law of the Member States to which the controller is subject.
- The personal data concerning you were collected in relation to information society services offered according to Art. 8 para. 1 GDPR.
10.4.2 Information to third parties
If the person in charge has made the personal data concerning you public, he is obligated to delete this data according to Article 17 para. 1 GDPR. He shall take appropriate measures, taking into account available technology and implementation costs, to inform data controllers who process the personal data that you
have been identified as being affected, requesting deletion of all links to such personal data or of copies or replications of such personal data.
The right to cancellation does not exist if the processing is necessary
- to exercise the right to freedom of expression and information;
- to fulfill a legal obligation required by the law of the Union or of the Member States to which the controller is subject or to carry out a task which is in the public interest or in the exercise of official authority conferring on the controller has been;
- for reasons of public interest in the field of public health according to Art. 9 para. 2 lit. h and Art. 9 para. 3 GDPR;
- for archival purposes of public interest, scientific or historical research purposes or for statistical purposes according to Article 89 para. 1 GDPR, to the extent that the law referred to in subparagraph (a) is likely to render impossible or seriously affect the achievement of the objectives of that processing, or
- to assert, exercise or defend legal claims.
10.5 Right to information
If you have the right of rectification, cancellation or restriction of processing to the controller, he is obliged to notify all recipients to whom your personal data have been disclosed of this correction or deletion of the data or restriction of processing, unless: this proves to be impossible or involves a disproportionate effort.
You have a right to the controller to be informed about these recipients.
10.6 Data transferability
You have the right to receive personally identifiable information you provide to the controller in a structured, common and machine-readable format. In addition, you have the right to transfer this data to another person without hindrance by the controller for providing the personal data, provided that
- the processing is based on a consent according to Art. 6 para. 1 lit. a or Art. 9 para. 2 lit. a GDPR or on a contract according to Art. 6 para. 1 lit. b GDPR and
- the processing is done by automated means.
In exercising this right, you also have the right to obtain that your personal data relating to you are transmitted directly from one person to another, so far as this is technically feasible. Freedoms and rights of other persons may not be affected.
The right to data portability does not apply to the processing of personal data necessary for the performance of a task in the public interest or in the exercise of official authority delegated to the controller.
10.7 Right of objection
You have the right to takes objection against the processing of your personal data at any time, for reasons that arise from your particular situation, which arises from Art. 6 para. 1 lit. e or f GDPR; this also applies to profiling based on these provisions. The controller will no longer process the personal data concerning you unless he can demonstrate compelling legitimate reasons for processing that outweigh your interests, rights and freedoms, or the processing is for the purpose of enforcing, exercising or defending legal claims.
If the personal data relating to you are processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for the purpose of such advertising; this also applies to profiling insofar as it is associated with such direct mail.
If you object to processing for direct marketing purposes, your personal data will no longer be processed for these purposes.
Regardless of Directive 2002/58 / EC, you have the option, in the context of the use of information society services, of exercising your right to object through automated procedures that use technical specifications.
10.8 Right to object the data protection consent declaration
You have the right to withdraw your data protection declaration at any time. The objection of consent does not affect the legality of the processing carried out on the basis of the consent until the objection.
10.9 Automated decision on a case-by-case basis including profiling
You have the right not to be subjected to a decision based only on automated processing – including profiling – that will have legal effect or affect you in a similar manner. This does not apply if the decision
- is required for the conclusion or performance of a contract between you and the controller,
- is permitted by Union or Member State legislation to which the controller is subject, and where such legislation contains appropriate measures to safeguard your rights, freedoms and legitimate interests, or
- with your explicit consent.
However, these decisions must not be based on special categories of personal data under Art. 9 para. 1 GDPR, unless Art. 9 para. 2 lit. a or g GDPR is effective and reasonable measures have been taken in order to protect the rights and freedoms and your legitimate interests.
With regard to the cases statet in (1) and (3), the controller shall take appropriate measures to uphold the rights and freedoms and their legitimate interests, including at least the right to obtain the intervention of a person by the controller, to express his / her own position and heard on challenge of the decision.
10.10 Right to complain to a supervisory authority
Without prejudice to any other administrative or judicial remedy, you shall have the right to complain to a supervisory authority, in particular in the Member State of its residence, place of work or place of alleged infringement, if you believe that the processing of the personal data concerning you violates the GDPR.
The supervisory authority to which the complaint has been submitted shall inform the complainant of the status and results of the complaint, including the possibility of a judicial remedy according to Article 78 of the GDPR.