Private policy

We take data protection seriously

Protecting your privacy when processing your personal data is an important matter for us. When you visit our website, our web servers save the IP of your internet service provider, the website from which you visit us, the web pages you visit on our site and the date and duration of the visit. This information is necessary for the technical operation and secure functioning of our website. A personalised analysis of this data will not be performed.

If you provide us with data through a contact form, it will be stored on our servers as part of our data backup measures. We will only use your data to process your request. Your data will be kept strictly confidential, and we will not disclose your data to third parties.

Controller:
Le Crobag GmbH & Co. KG
Jürgen-Töpfer-Straße 46
D-22763 Hamburg, Germany
Tel. +49 40 89 093 100
Email: mail@lecrobag.de

Personal data

Personal data are data related to you. These include your name, address and email address. You do not need to disclose any personal data in order to visit our website. In some cases, we may require your name, address, and additional information to provide you with the requested service.

The same applies if we supply you with information material upon request or if we answer your queries. In these cases we will always point this out to you. We only store the data that you have automatically or voluntarily provided to us.

When you use any of our services, we generally collect only the data necessary to provide you with our services. We may ask you for additional information, but this is voluntary. Whenever we process personal data, our purpose is to provide you with our services or to pursue our commercial objectives.

Communication

When we are contacted (e.g., through a contact form, email, telephone, or social media), we process the information provided by the individuals making the queries to respond to their contact requests and any requested measures.

We respond to contact requests as part of contractual or pre-contractual relationships to fulfil our contractual obligations or to respond to (pre)contractual inquiries. Furthermore, it is based on our legitimate interests of responding to these queries.

Types of data processed:

user data (e.g., names, addresses), contact data (e.g, email, telephone numbers), content data (e.g., entries in online forms).

Data subjects:

communication partners.

Purposes of processing:

contact requests and communication.

Legal basis:

performance of a contract and pre-contractual inquiries (Article 6 (1) (b)
GDPR), legitimate interests (Article 6 (1) (f) GDPR).

Automatically saved data

Server log files

The website provider automatically collects and stores data in server log files, which your browser automatically transmits to us. These include:

date and time of the server request
name of the requested file
page from which the file was requested
access status (file transferred, file not found, etc.)
web browser and operating system used
full IP address of the requesting computer
amount of data transferred

The data obtained in this way will not be linked to other data sources. The processing is carried out in accordance with Article 6 (1) (f) GDPR, based on our legitimate interest in improving the stability and functionality of our website.

For reasons of technical security, in particular, to prevent attacks on our web server, we store this data for short periods of time. This data cannot be used to identify any particular individual. After seven days at the latest, the data will be anonymised by truncating the IP address at the domain level to ensure that it can no longer be used to identify an individual user. In anonymous form, the data is also processed for statistical purposes; we will not associate the data with other databases or transfer the data to third parties, whether in whole or in part.

Cookies

When you visit our website, we may store information on your computer in the form of cookies. Many cookies contain a so-called cookie ID. A cookie ID is a unique identifier of the cookie. It consists of a character string through which websites and servers can be assigned to the specific browser in which the cookie was stored. This allows the visited websites and servers to distinguish the concrete browser of the data subject from other browsers that contain other cookies. A specific browser can be recognised and identified using the unique cookie ID.

By using session cookies, the controller can provide the users of this website with a user-friendly service that would not be possible without the setting of cookies. Without consent, we only use technically necessary cookies on the legal basis of legitimate interest in accordance with Article 6 (1) (f) GDPR.

We only use personal cookies to improve our website or for marketing/advertising purposes with your consent. On your first visit, you can voluntarily agree to the tracking or analysis through the displayed cookie banner. Where appropriate, your data will be passed on to partners or third parties. These cookies will only be stored with your explicit consent; the legal basis will then be your consent in accordance with Article 6 (1) (a) GDPR.

You can change your cookie settings at any time by clicking on the following link:

Cookie-Manager

ConsentManager

Our website uses the consent technology provided by ConsentManager to obtain and document your consent for storing certain cookies on your device or for using certain technologies in compliance with data protection laws and regulations. The provider of this technology is Jaohawi AB, Haltegelv gen 1b, 72348 Vasteras, Sweden, website: https://www.consentmanager.de (hereinafter referred to as "ConsentManager"). When you visit our website, a connection is established to the servers of ConsentManager to obtain your consent and other declarations regarding the use of cookies. ConsentManager then stores a cookie in your browser to associate the granted consents or their revocation with your browser. The data collected in this way is stored until you request its erasure, delete the ConsentManager provider cookie yourself, or the data is no longer required for the purpose for which it was originally stored. The statutory retention obligations remain unaffected.

ConsentManager is used to obtain the legally required consent for the use of cookies. The legal basis for this is Article 6 (1) (c) GDPR.

We have concluded a data processing agreement (DPA) with the above-mentioned provider in accordance with Article 28 GDPR. This is an agreement required under data protection laws and regulations, which ensures that the provider only processes personal data of our website visitors in accordance with our instructions and in compliance with GDPR.

Use of Microsoft services for web analysis and advertising purposes

We use the following technologies from Microsoft Ireland Operations Ltd., One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521, Ireland ("Microsoft"). Data processing takes place on the basis of an agreement between joint controllers in accordance with Article 26 GDPR. The information automatically collected by Microsoft technologies about your use of our website is usually transferred to a server of Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA and stored there.

The European Commission has not issued an adequacy decision for the USA. Our cooperation is based on standard data protection clauses of the European Commission.

For further information on data processing by Microsoft, please refer to Microsoft's privacy policy Microsoft

Microsoft Advertising

For advertising purposes in Bing, Yahoo, and MSN search results, as well as on third-party websites, we set the Microsoft Advertising Remarketing cookie when you visit our website.

This cookie, based on the pages you have visited, enables interest-based advertising through the automatic collection and processing of data (such as IP address, visit time, device and browser information, and information about your use of our website), using a pseudonymous cookie ID.

For website analysis and event tracking, we use Microsoft Advertising Universal Event Tracking (UET) to measure your subsequent usage behaviour if you arrive on our website through a Microsoft Advertising ad. This allows us to create pseudonymous usage profiles. We may use cookies and collect data (such as IP address, visit time, device and browser information, as well as information about your use of our website based on predefined events like visiting a webpage or subscribing to a newsletter) to facilitate the creation of these pseudonymous usage profiles. If your Internet-enabled devices are linked to your Microsoft account and you have not deactivated the "interest-based advertising" setting in your Microsoft account, Microsoft can create reports on usage behaviour (in particular, cross-device user numbers), even if you switch devices. This is known as "cross-device tracking”. We do not process any personal data in this regard. We only receive statistics generated based on Microsoft UET.

Facebook Pixel

This website uses Facebook's visitor action pixel for conversion tracking purposes. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. According to Facebook, however, the data collected is also transferred to the USA and other third countries.

This tool can be used to track the visitors' actions after they click on a Facebook ad to reach the provider's website. This makes it possible to measure the effectiveness of Facebook ads for statistical and market research purposes and to optimise future ads.

The data collected are anonymous to us as the operator of this website and we cannot use it to identify any particular user. However, the data are stored and processed by Facebook, which may link it to your Facebook profile and Facebook may use the data for its own advertising purposes, in accordance with Facebook's privacy policy. This will allow Facebook to display ads both on Facebook and on third-party websites. We as the operator of the website have no control over how this data is used.

The use of this service is based on your consent in accordance with Article 6 (1) (a) GDPR and Article 25 (1) of the German Telecommunications-Telemedia Data Protection Act (TTDSG). You can withdraw your consent at any time.

The data transfer to the USA is based on the standard contractual clauses of the EU Commission. For details, please refer to:

EU data transfer

Standard contract terms

Where personal data is collected on our website and transmitted to Facebook using the tool described here, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland are joint controllers (Article 26 GDPR). Joint responsibility is limited to collecting the data and passing it on to Facebook. The processing by Facebook after the data has been transmitted is not part of the joint responsibility. Our joint obligations have been set out in a joint processing agreement. The text of the agreement is available here..

Under this agreement, we are responsible for providing data protection information when using the Facebook tool and for ensuring the privacy-compliant implementation of the tool on our website. Facebook is responsible for the data security of Facebook products. You can exercise your rights as a data subject (e.g. requests for information) regarding the data processed by Facebook directly with Facebook. If you exercise your rights as a data subject with us, we are obliged to forward this to Facebook.

Please refer to Facebook's privacy policy to learn more about protecting your privacy:.

You can also deactivate the “custom audiences” remarketing feature in the ads settings section here. To do this, you must be logged into Facebook.

Google Web Fonts (local hosting)

For uniform representation of fonts, this page uses web fonts provided by Google. Google Fonts are installed locally. There is no connection to Google servers.

For further information about Google Web Fonts, please refer here or Google's privacy policy at Google.

Font Awesome (lokales Hosting)

This page uses Font Awesome to ensure consistent display of fonts. Font Awesome is installed locally. There is no connection to Fonticons, Inc. servers.

For more information about Font Awesome, please refer to Font Awesome’s privacy policy at: Font Awesome.

Bootstrap CDN
A web service from StackPath, LLC, 2021 McKinney Avenue, Suite 1100, 75201 Texas, USA (hereinafter: referred to as Bootstrap CDN) is loaded on our website.

We use this data to ensure the full functionality of our website. The legal basis for data processing is Article 6 (1) (f) GDPR. The legitimate interest lies in ensuring the error-free functioning of the website.

The standard contractual clauses concluded between us and StackPath, LLC serve as the legal basis for the transmission to a third country without an adequacy decision. In accordance with Article 46 GDPR, this fulfils the requirement of appropriate safeguards within the meaning of the GDPR.

The data will be erased as soon as it is no longer required for the purpose for which it was originally collected. For more information on the handling of the transferred data, please refer to Bootstrap CDN’s privacy policy.

jsDelivr

The standard contractual clauses concluded between us and jsDelivr serve as the legal basis for the transfer to a third country without an adequacy decision. In accordance with Article 46 GDPR, this fulfils the requirement of appropriate safeguards within the meaning of the GDPR.

The data will be erased as soon as it is no longer required for the purpose for which it was originally collected.

NEW RELIC

We have integrated the New Relic JS Agent on our website. New Relic JS Agent is a service provided by New Relic, Inc., which develops cloud-based software that allows website and application owners to track the performance of their services.

New Relic JS Agent allows us to track and improve the stability of our services by monitoring the system and code errors.

In doing so, your IP address and activities performed on our website are collected. In this case, your data will be passed on to the operator of New Relic JS Agent, New Relic, Inc., San Francisco, California, USA.

The use of New Relic JS Agent is based on our legitimate interests, i.e. interest in optimising our services in accordance with Article 6 (1) (f) GDPR.

The specific storage duration of the processed data is not influenced by us, but is determined by New Relic, Inc. For more information, please refer to the New Relic JS Agent’s privacy policy.

Security

We have implemented technical and organisational security measures to protect your data from loss, destruction, tampering, and unauthorised access. All our employees and service providers working for us are obliged to comply with the applicable data protection laws.

Whenever we collect and process personal data, it is encrypted before it is transmitted. This means that your data cannot be misused by third parties. Our technical and organisational measures are constantly being improved, and our privacy policies are regularly revised. Please make sure you have the latest version.

What data is processed and from which sources does this data originate?

We process the data that we have received from you in the context of contract initiation or fulfillment, based on your consent, or as part of your application or employment with us.

Personal data include:

Your master/contact data for customers this includes, for example, first and last name, address, contact details (email address, telephone number, fax), bank details

Forapplicants and employees , this includes, for example, first and last name, address, contact details (email address, telephone number, fax), date of birth, data from your CV and job references, bank details, religious affiliation, photographs.

For business partners, this includes, for example, the name of their legal representatives, company name, commercial register number, VAT number, company number, address, contact details of the contact person (email address, telephone number, fax), bank details.

For visitors to our company, this includes the name and signature.

We also process the following other personal data:

information about the type and content of contract data, order data, sales and document data, customer and supplier history and consultation documents,
advertising and sales data,
Information from your electronic communications with us (e.g., IP address, log-in data),
other data that we have received from you as part of our business relationship (e.g., during customer meetings),
We also process data that we generate ourselves from master data, contact data, and other data sources, such as customer needs and potential analyses.
documentation of your consent for receiving newsletters, for example.
photographs taken during events.

3. For what purposes and on what legal basis do you process data?

We process your data in accordance with the provisions of the General Data Protection Regulation (GDPR) and the Federal Data Protection Act 2018, as amended:

to fulfil (pre-)contractual obligations (Article 6 (1) (b) GDPR):
The processing of your data is carried out for the online contract processing or in one of our branches, for the purpose of processing your employment with our company. The data is processed, in particular, when initiating business and implementing contracts with you.
to fulfil legal obligations (Article 6 (1) (c) GDPR):
Processing of your data is necessary for the purpose of fulfilling various legal obligations, e.g., arising from the German Commercial Code or the Tax Code.
to protect legitimate interests (Article 6 (1) (f) GDPR):
Due to a balancing of interests, data processing can take place beyond the actual implementation of the contract to protect our legitimate interests or those of third parties. Data processing to protect legitimate interests takes place, for example, in the following cases:
- advertising or marketing
- measures for business management and further development of services and products.
- maintaining a group-wide customer database to improve customer service
- as part of legal action.
- sending non-promotional information and press releases.
Based on your consent (Article 6 (1) (a) GDPR):
- If you have given us consent to process your data, e.g., to publish photos, competitions, etc.

Processing of personal data for advertising purposes

You can object to the use of your personal data for advertising purposes at any time, whether in full or to specific measures, without incurring any costs other than the transmission costs at the basic rates.

Under the legal requirements set out in Section 7 (3) of the Act against Unfair Competition (UWG), we are entitled to use the email address that you provided when entering the contract for direct marketing of our own similar goods or services. You will receive these product recommendations from us irrespective of whether you have subscribed to a newsletter.

If you do not wish to receive such recommendations from us by email, you can object to the use of your address for this purpose at any time without incurring any costs other than the transmission costs at the basic rates. All you have to do is to send us a communication in writing or electronic form. What is more, every email always contains an unsubscribe link.

Who receives my data?

If we use a service provider for data processing purposes, we remain responsible for the protection of your data. All processors are contractually obliged to treat your data confidentially and only process the for the purpose of providing the services. The processors engaged by us will receive your data if they need the data to provide their respective service. These are, for example, IT service providers that we need for the operation and security of our IT systems as well as advertising and address publishers for our own advertising campaigns.

This data will be made available to the group companies where this is necessary to implement the contract. The storage of customer data is company-related and separate, whereby our parent company can act as a service provider for the individual participating companies.

In case of a legal obligation or for the purpose of legal proceedings, authorities, courts, as well as external auditors may be recipients of your data.

In addition, insurance companies, banks, credit agencies and service providers may be recipients of your data for the purpose of initiating and implementing contracts.

For how long will my data be stored?

We process your data until the termination of the business relationship or the expiration of applicable legal retention periods (such as those specified in the Commercial Code, Tax Code, or Working Hours Act); furthermore, we retain the data until the resolution of any potential legal disputes in which the data may be required as evidence.

Will personal data be transferred to a third country?

In principle, we do not transmit any data to a third country. In individual cases, data will only be transmitted on the basis of an adequacy decision by the European Commission, standard contractual clauses, appropriate safeguards or your express consent.

What data protection rights do I have?

You have the right of access, rectification, erasure or restriction of the processing of your stored data at any time, right to object to processing, right to data portability and the right to lodge a complaint in accordance with the requirements of data protection laws and regulations.

Right of access:

You can request information from us as to whether and to what extent we process your data.

Right to rectification:

If we process your data that is incomplete or incorrect, you can request that we rectify or complete it at any time.

Right to erasure:

You can request us to erase your data if we are processing it unlawfully or if the processing interferes disproportionately with your legitimate interests. Please note that there may be reasons that prevent immediate erasure, e.g., in the case of statutory retention requirements.

Irrespective of whether you exercise your right to erasure, we will delete your data immediately and completely, provided there is no legal or statutory obligation to retain the data..

Right to restriction of processing:

You can ask us to restrict the processing of your data if

you contest the accuracy of the data for a period of time that enables us to verify the accuracy of the data.
the processing of the data is unlawful, but you refuse to delete it and instead request a restriction of data use,
we no longer need the data for the intended purpose, but you still need this data to establish or defend legal claims, or
you have lodged an objection to the processing of the data.

Right to data portability:

SYou have the right to receive the data concerning you, which you have provided to us in a structured, commonly used and machine-readable format and you have the right to transmit those data to another controller without hindrance from us, where

the processing is based on consent from you or on a contract between us, and
the processing is carried out by automated means.

If it is technically feasible, you can request that we transfer your data directly to another controller.

Right to object:

If we process your data based on our legitimate interest, you can object to this data processing at any time; this would also apply to profiling based on these provisions. We will then no longer process your data, unless we can demonstrate compelling reasons for the processing worth protecting, which prevail over your interests, rights and freedoms, or the processing serves to enforce, exercise or defend legal claims. You can object to the processing of your data for the purpose of direct advertising at any time without stating any reasons.

Right to lodge a complaint:

If you are of the opinion that we are infringing German or European data protection laws when processing your data, please contact us so that we can clarify any issues. You also have the right to contact the supervisory authority responsible for you, the respective state supervisory data protection authority.

If you wish to exercise any of these rights against us, please contact our data protection officer. If in doubt, we may request additional information to confirm your identity..

Am I obliged to provide data?

The processing of your data is necessary to conclude or to implement your contract with us. If you do not provide us with this data, we will usually have to refuse to conclude the contract or will no longer be able to perform an existing contract and will therefore have to terminate it. However, you are not obliged to give your consent to data processing with regard to data that is not relevant for the implementation of the contract or is not required by law.

Changes to this privacy policy

We reserve the right to change our privacy policy if this becomes necessary due to new technologies. Please make sure you have the latest version. If we make any fundamental changes to this privacy policy, we will announce them on our website.

Interested parties and visitors to our website can address any data protection-related queries to:

Herrn Christian Volkmer
Projekt 29 GmbH & Co. KG
Ostengasse 14
93047 Regensburg, Germany

Tel.: +49 941 2986930
Fax: +49 941 29869316
E-Mail: anfragen@projekt29.de
Internet: www.projekt29.de