LexCom Privacy Statement



Protecting your personal data is of the utmost concern to us.

We generally refers to LexCom Informationssysteme GmbH (Rüdesheimer Str. 23, 80686 Munich, Germany, mail@lexcom.de). If you have a user agreement with us in the United Kingdom, your contractual partner may, depending on the content of your contract documents, be LexCom Information Systems Ltd (Unit C3 Arena Business Centre, 9 Nimrod Way, Wimborne, BH21 7UH , United Kingdom, mail@lex-com.net). This Privacy Statement applies both for LexCom Informationssysteme GmbH and for LexCom UK Limited (hereinafter referred to jointly as “LexCom”) as controllers within the meaning of data protection law.

This Privacy Statement is intended to inform you about LexCom’s policy regarding your personal data when you use

This Privacy Statement supplements LexCom’s General Terms and Conditions governing the use of the relevant LexCom software and LexCom web services.

1. LexCom’s Policy for Processing Your Personal Data

LexCom has adopted the following policies with a view to protecting your personal data during the use of the LexCom website, LexCom software and web services: 

2. Terms and Definitions in the Privacy Statement

LexCom uses certain fixed terms in this Privacy Statement, which are defined as follows:

3. What does LexCom know about you, what do you allow LexCom to do, and how is your personal data handled?

3.1 Registration information

When you register to use the LexCom web services and software, LexCom has to process certain personal data from you as your registration information. First and foremost, this information is your:

LexCom must process this registration information in order to fulfil the requirements of your contract with LexCom (GDPR Art. 6 (1) b)), as the LexCom software and LexCom web services can only work properly with this information.

The following applies to the LexCom partslink24, etkainfo, etosinfo, myasainfo and mantisinfo web services: the administrator of a company ID may create further users and therefore view the company ID/ID of these users. LexCom will never pass on this data to any third party and/or disclose it to such third parties in any other way.

Furthermore, you need to fill in certain mandatory fields during registration, for example, your first name, surname, the name and address of your company, and your e-mail address (the mandatory fields of the LexCom web services may vary). LexCom must also process this registration information in order to fulfil the requirements of your contract with LexCom (GDPR Art. 6 (1) b)). LexCom needs this information in order to contact you about any issues related to payment or performance of contracts, and to mail you the LexCom software (if you order a DVD version).

LexCom may use the registration information collected, in particular your e-mail address, to provide you with important information regarding the current contractual relationship (such as changes in support structures, announcements regarding new program versions and important features). This processing is necessary for the fulfilment of the contract pursuant to Art. 6 (1) b) GDPR. In addition, LexCom may use this information to provide you with news and help topics regarding the use of the LexCom products that you have licensed. This processing constitutes a legitimate interest on the part of LexCom pursuant to Art. 6 (1) f) GDPR. In addition, LexCom may use your email address to send you offers and promotions. This processing applies exclusively to offers for LexCom’s own or similar goods and/or services. This processing also constitutes a legitimate interest on the part of LexCom pursuant to Art. 6 (1) f) GDPR. In addition, LexCom may contact you to inquire about your use of and satisfaction with existing products and/or functions. This processing also constitutes a legitimate interest on the part of LexCom pursuant to Art. 6 (1) f) GDPR

The collected user data may be evaluated internally by LexCom and forwarded to dealers/order recipients, manufacturers and/or importers. This process serves the purpose of providing an overview of the orders received as well as measuring the success and amount of usage and thus the product and sales optimization for the benefit of the user. This constitutes a legitimate interest for LexCom in accordance with GDPR Art. 6 (1) f)).

In addition, you may enter optional information, which you may edit or delete at any time.

LexCom will delete your registration information as soon as it no longer has any legitimate interest in processing it (for example to verify possible claims after termination of the contract; this constitutes a legitimate interest for LexCom in accordance with GDPR Art. 6 (1) f)), unless the applicable commercial or tax laws obligate LexCom to retain the data (GDPR Art. 6 (1) c)). This obligation to retain data remains in effect for an additional ten years after the end of the contractual relationship. Every six months, we check whether there is a legitimate interest in retaining the data.

3.2 Payment data

Where necessary, LexCom processes your payment data, such as credit card or bank details, for the purpose of payment handling and accounting as necessary for the selected mode of payment. To the extent necessary to process your transaction, your payment data will be provided to the service providers Wirecard (please see the Wirecard privacy policy at https://www.wirecardbank.com/GDPR) and Allpago as well as banks (Deutsche Bank, Danske Bank, Credit Suisse) or may be collected directly and processed by these organisations. Your payment data is stored in order to enable payment handling and accounting for the automatic extension of your subscription. We process your credit card data in accordance with the PCI DSS security standard. That means, for example, that LexCom never stores your credit card data as plain text.

LexCom must process this payment data in order to fulfil the requirements of your contract with LexCom (GDPR Art. 6 (1) b)). LexCom needs this information in order to contact you about any issues related to payment or performance of contracts.

LexCom will delete your saved payment data as soon as it no longer has any legitimate interest in processing it (for example to verify possible claims after termination of the contract; this constitutes a legitimate interest for LexCom in accordance with GDPR Art. 6 (1) f)), unless the applicable commercial or tax laws obligate LexCom to retain the data (GDPR Art. 6 (1) c)). This obligation to retain data remains in effect for an additional ten years after the end of the contractual relationship. Every six months, we check whether there is a legitimate interest in retaining the data.

3.3 Order data

The LexCom software and the LexCom web services may provide the option to order spare parts from other LexCom users. The personal data processed for this purpose is referred to here as “order data”. LexCom transfers the data collected from you on a case by case basis within the LexCom software and LexCom web services used to the respective order recipients. This processing enables you to use valuable services and is therefore at least within the legitimate interest of LexCom pursuant to Art. 6 (1) f) GDPR.

The order data collected during the course of the initiated orders may be forwarded to dealers/order recipients, manufacturers and/or importers. This process serves the purpose of providing an overview of the orders received as well as measuring the success and amount of usage and thus the product and sales optimization for the benefit of the user. This constitutes a legitimate interest for LexCom in accordance with GDPR Art. 6 (1) f)).

LexCom will delete your order information as soon as it no longer has any legitimate interest in processing it (for example to verify possible claims after termination of the contract; this constitutes a legitimate interest for LexCom in accordance with GDPR Art. 6 (1) f)), unless the applicable commercial or tax laws obligate LexCom to retain the data (GDPR Art. 6 (1) c)). This obligation to retain data remains in effect for an additional ten years after the end of the contractual relationship. Every six months, we check whether there is a legitimate interest in retaining the data.

3.4 Contact by e-mail or using contact forms

LexCom processes the data entered via the contact forms available on the LexCom website, in the LexCom software and LexCom web services as well as the data received via the contact email addresses provided to handle your request or concern. Under no circumstances will this data be processed for any other purpose. Your personal data is processed on the basis of Art. 6 (1) b) GDPR.

LexCom will delete the personal data transferred within the requests as soon as it no longer has any legitimate interest in processing it (for example to verify possible claims after termination of the contract; this constitutes a legitimate interest for LexCom in accordance with GDPR Art. 6 (1) f)), unless the applicable commercial or tax laws obligate LexCom to retain the data (GDPR Art. 6 (1) c)). This obligation to retain data remains in effect for an additional ten years after the end of the contractual relationship. Every six months, we check whether there is a legitimate interest in retaining the data.

4. Cookies and Pixel Tags

“Cookies” are small files that enable us to store some specific information related to you as a user on your PC or other terminal device when you use the LexCom web services. For example, cookies help us to determine the frequency of use and the number of actual users of our web services, analyse the user behaviour on our website, assess the effectiveness of advertising, increase security, and design our web services so that they are as convenient, efficient and interesting for you as possible. LexCom has to process the following personal data in order to pursue these legitimate interests (GDPR (Art. 6 (1) f)). Only you and LexCom have access to these cookies, which are used for the purposes described below.

When you log in (with your company ID/ID and/or user name and password), the LexCom web services utilise session cookies with which you can be identified for the duration of your visit. The session cookies expire automatically after the end of your session, meaning that they are deleted.

In addition, the LexCom web services use permanent cookies. These cookies store information about visitors accessing the LexCom web services repeatedly (for example, company ID, user name, language, time stamp of previous access). The purpose of these permanent cookies is, firstly, to present you with the relevant web service in the correct language even before you have logged in. Secondly, they enable you to return directly to your previous session if you did not log out after the last time you used the LexCom web service. The cookies we set do not generate an individual profile of your user behaviour. The cookies are automatically deleted within four weeks of your last session.

Under certain circumstances, you may disable the storage of cookies or restrict it to specific websites in your browser, or set your browser to notify you as soon as a cookie is sent. You may also delete cookies from your terminal device at any time. However, please note that the use of LexCom web services is not possible if user cookies are rejected.

We utilise pixel tags, web beacons, clear GIFs or similar mechanisms (“pixel tags”). A pixel tag is an image file or a link to an image file that is inserted into the code of the web page but not stored on your terminal device (e.g. computer, smartphone etc.). Pixel tags enable us, for example, to count the number of users who visit our web pages after clicking online advertisements. In this way, pixel tags help us optimise the efficiency of our web pages, and revise and optimise our offers and publicity activities. Our use of pixel tags does not involve any reference to any person; nor does any personalised tracking occur. Pixel tags usually work in conjunction with cookies. If you turn off cookies, the pixel tag will simply detect an anonymous website visit.

5. Log Files

Each time you open the LexCom website and whenever you log in to the LexCom software or LexCom web services, access data is saved in a log file. The data stored includes the IP address, LexCom company ID, user name, session ID, login time and cookies.

LexCom requires this log data, firstly, to detect and correct any technical problems such as defective links or program bugs, i.e. to improve and develop the LexCom software and LexCom web services. Secondly, LexCom needs this log data to detect any illegal and/or improper use of the LexCom software or LexCom web services. For this reason, LexCom reserves the right to use the log data if there is evidence that users have used the LexCom software and/or LexCom web services in a way that is illegal or violates the contract. This serves to protect the LexCom users, the security of their user data and LexCom itself.

LexCom has to process the following personal data in order to pursue these legitimate interests (GDPR (Art. 6 (1) f)).

The log files are stored in our data centre for twelve months and then automatically deleted.

6. Transmission to Third Countries

We process the aforementioned personal data in the European Union and, in some cases, in Brazil, China and Japan. Data is only processed in these third countries in accordance with the EU’s standard data protection clauses as defined in GDPR Art. 46. You can view these clauses at the following link: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/model-contracts-transfer-personal-data-third-countries_de

7. Availability of the Privacy Statement

You can retrieve and print out this Privacy Statement from any page of the LexCom website and the websites of each LexCom web service or within the LexCom software by clicking the “Privacy” link.

8. Assertion of Claims and Rights

In accordance with the applicable data protection legislation, you have the right to information about your data (GDPR Art. 15), to rectification of it (GDPR Art. 16) and to deletion of it (GDPR Art. 17) or to restriction of its processing (GDPR Art. 18), as well as to data portability (GDPR Art. 20).

You can retrieve and print out this Privacy Statement from any page of the LexCom website and the websites of each LexCom web service or within the LexCom software by clicking the “Privacy” link.

 

LexCom Informationssysteme GmbH
– Data Protection Officer –
Rüdesheimer Strasse 23
80686 Munich
Germany
privacy@lexcom.de

 

You also have the right to file a complaint with the supervisory authority responsible for data protection if you believe that LexCom has failed to comply with the applicable data protection legislation.

9. Right to Object

You have the right to object to the processing of personal data that refers to you under the terms of items 4 and 5 of this Privacy Statement (i.e. processing in accordance with GDPR Art. 6 (1) f) for reasons resulting from your specific situation at any time. In this case, LexCom will no longer process the personal data unless LexCom can demonstrate that it has compelling legitimate grounds for the processing, which override your interests, rights and freedoms, or if the processing serves the establishment, exercise or defence of legal claims.