1. Information about the Collection of Personal Data
1.1 This document contains information about the collection of personal data when using our website and/or when contacting us personally or via other media. Personal data refers to all the data that can be linked to you personally, including name, mailing address, email addresses, or user behavior.
The controller as defined in Article 4(7) of the EU General Data Protection Regulation (GDPR) is:
Am Oberwald 8
Phone: +49 7222 1002-0
Fax: +49 7222 1002-7101
Email: info(at)lawo.com (also see our Legal section).
Our data protection officer is Wolf-Werner Alebrand.
You can reach him at lawo(at)kramerdatenschutz.de
or at our mailing address to the attention of “Data Protection Officer”.
1.2 When you contact us by using one of our websites, by way of personal conversation, by business card, by telephone, by email or through one of our contact forms, we store the data you provide (especially your email address, name, address and phone number if provided) in order to respond to your questions. In this case, the legal basis for processing is GDPR Article 6(1) point (a). If the information is necessary for the performance of a contract to which you are party or in order to take steps prior to entering into a contract, the legal basis for processing also includes GDPR Article 6(1) point (b).
We will delete data collected in this context once we no longer need to store it, or we will restrict processing if required by data retention laws.
Please note that any transmission of data over the internet (e.g., when communicating by email) may be susceptible to security vulnerabilities. Complete, 100% protection of data from third-party access is impossible.
1.3 We use external service providers to process your data in some cases. These service providers have been carefully selected and hired by us. They are required to follow our instructions and are regularly monitored.
2. Collection of Personal Data When Visiting our Website
2.1 When you visit our website for informational purposes, that is, if you don’t register or otherwise provide us with information, we will only collect the personal data that your browser transfers to our server. If you view our website, we will collect the following data:
- Name of your internet service provider
- Website from which you linked to our website
- Pages you visited on our website
- Date and duration of your visit
- IP address
- Date and time of the request
- Time zone difference from Greenwich Mean Time (GMT)
- Content of the request (specific page)
- Access status/HTTP status code
- Data volume transferred
- Referring website
- Browser type including language and version used
- Operating system and its interface
- Websites accessed by the user’s system from our website
The data is stored in our system’s log files. We do not store the data together with the user’s other personal data nor do we analyze the data for marketing purposes.
2.2 The legal basis for the collection and storage of this data is GDPR Article 6(1) point (f).
2.3 The data is technically necessary for us to display our website to you and to ensure our website’s stability and security. The data is stored in log files to ensure the website remains functional. The data also helps us optimize the website and keep our IT systems secure.
These purposes constitute our legitimate interest in processing the data.
2.4 The data is erased as soon as it is no longer needed to achieve the purpose for which it was collected. If the data is collected for the purpose of providing the website, it will be erased when the session is done. If the data is stored in log files, it will be erased after no more than seven days. It may also be stored for a longer period, however. In this case, the IP addresses of the users will be erased or masked so that they can no longer be traced back to the requesting client.
2.5 We are required to collect the data used in providing our website and to store the data in log files in order to operate the website. The user, in other words, cannot object to our collection and storage of the data. If you do not want your data to be collected and stored, we recommend leaving the website.
3. Collection of Other Personal Data in Cookies When Visiting our Website
3.1 Cookies are also stored on your computer when you use our website.
Cookies are small text files that are associated with your browser, stored on your hard drive and used to provide certain information to the entity who placed the cookie on your computer (in this case: Lawo). Cookies cannot execute programs or infect your computer with viruses. Cookies are used to make our internet presence more effective and user-friendly and to analyze how users behave on our website.
3.2 There are different types of cookies. Their purpose and operation are explained below.
Session cookies are deleted automatically when you close the browser. They store a “session ID” that is used to assign various requests from your browser to one particular session. Session cookies allow us to recognize your computer if you return to our website. They are deleted when you log out or close your browser.
Persistent cookies, by contrast, are automatically deleted after a specific period that may vary from one cookie to the next. You can delete persistent cookies at any time by adjusting your browser’s security settings.
3.3 The legal basis for the processing of personal data with cookies is GDPR Article 6(1) point (f). The legal basis for the processing of personal data with cookies for analytical purposes is GDPR Article 6(1) point (a) as long as you have consented to it.
Analytical cookies are used to improve the quality of our website and its content. They tell us how our website is used and enable us to continually improve it. When data is collected for the purpose of analyzing how users navigate our website, it is pseudonymized by special technology. Pseudonymization makes it impossible to trace the data back to the requesting user. This data is not stored together with users’ other personal data.
These purposes constitute our legitimate interest in processing the personal data pursuant to GDPR Article 6(1) point (f).
3.5 Cookies are stored on the user’s computer and are sent by the computer to our server.
That means you, the user, have full control over how cookies are used. You can disable cookies or restrict how they are shared in your web browser settings. Cookies already on your computer can be deleted at any time either manually or automatically. However, if you disable cookies for our website, you may not be able to use our website’s full functionality.
4. Use of Our Downloads Section
In this case, the legal basis for processing is GDPR Article 6(1) point (a). If the information is necessary for the performance of a contract to which you are party or in order to take steps prior to entering into a contract, the legal basis for processing also includes GDPR Article 6(1) point (b).
4.2 You can voluntarily store more information in order to enjoy better service. If you do this, the data you provide along with your IP address and registration date and time will be stored until you revoke your consent. You can delete all the data at any time, including any customer account that you may have created for yourself.
4.3 The purpose of using this data is to provide services.
4.4 The data is erased as soon as it is no longer required to achieve the purpose for which it was collected. That means it is stored for as long as the service is used. If the data is associated with a contract under which money or other valuable consideration changed hands, we are required by tax and accounting laws to retain your address, payment and order data for ten years.
5. Registration for Our Other Newsletters
5.1 You can subscribe to our newsletters with your consent. Our newsletters inform you of our current news, offers, products and services. If you wish, we can also notify you of new updates for certain software or firmware. The advertised goods and services are specified in the declaration of consent.
5.2 We use a double opt-in process for newsletter registration. This method lets us verify that you own the email address you have provided and want to receive the newsletter. It consists of sending an email to your stated email address after registration in which we ask you to confirm that you do in fact want to receive the newsletter. The address will only be actively added to the subscriber list if you confirm your registration. If you do not confirm, your information will be placed on a do not contact list and automatically erased after one month.
We use the data for the sole purpose of sending you requested information and offers.
The newsletter software we use is Newsletter2Go. Your data will be transferred to Newsletter2Go GmbH. Newsletter2Go is prohibited from selling your data or using it for any purpose other than sending you newsletters that you have agreed to receive. Newsletter2Go is a German certified provider that was selected based on the requirements of the General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG).
More information is available here: https://www.newsletter2go.com/information-for-newsletter-recipients/
5.3 The legal basis for the collection, storage and use of the data is GDPR Article 6(1) point (a).
5.4 Your email address is the only information that you absolutely have to provide in order to get the newsletter. Your name and gender are optional and will be used to address you personally. Once you provide confirmation, we will store the data for the purpose of sending you the (personalized) newsletter.
The purpose of the double opt-in method is to verify your registration and identify potential misuse of your personal data. We also store your IP addresses and the points in time when you registered and confirmed your subscription.
5.5 You can revoke your consent to the storage and use of your data and e-mail address for sending out the newsletter at any time. There are several ways to revoke your consent, including clicking the “Unsubscribe” link in the newsletter or sending a mail to Lawo AG, Dept. Newsletter, Am Oberwald 8, 76437 Rastatt.
5.6 The data is erased as soon as it is no longer required to achieve the purpose for which it was collected. In the case of our newsletter, it is stored for as long as your newsletter subscription is active.
6. Data Privacy for Job Applications and the Application Process
6.1 When a job application is submitted, we collect and process the personal data you provide about applicants for the purpose of conducting the application process. Data may be processed electronically, particularly if you send us your application documents electronically by email, via a web form on our website or with a similar method.
6.2 The legal basis for this data use is GDPR Article 6(1) point (a) and point (b).
6.3 If we hire you under an employment contract, we will save the data you have given to us for the purpose of administering the employment relationship in conformity with the law.
If we do not hire you, the application documents will be deleted after the expiration of the two-month period for lodging claims under the German General Act on Equal Treatment [Allgemeines Gleichbehandlungsgesetz (AGG)] unless the controller has another legitimate interest in retaining them. Another legitimate interest includes the obligation to show proof in a lawsuit brought for a violation of the General Act on Equal Treatment.
7. Our Online Presence in Social Media
7.1. Lawo maintains a presence in various social networks and platforms (e.g. Facebook, Twitter, etc.) in order to communicate with customers and prospects and inform them of various activities and services. Any use of these networks and platforms is subject exclusively to the terms, conditions and data processing policies of the respective operators, and not to ours.
8. Use of Social Media Plug-Ins
8.1 We currently use Facebook, Twitter and LinkedIn plug-ins. These plug-ins are configured to work with a “two-click system”. In this system, your personal data is not automatically transferred to the plug-in providers the moment you access our website. You can identify the plug-in provider by the initial letter or logo shown on the box. We give you the option of communicating directly with the plug-in provider by clicking this button. However, the provider is only notified that you have accessed this page on our website when you activate the associated field by clicking it. The provider will then also receive the data described in Section 2 of this policy. In Facebook’s case, its German subsidiary states that your IP address is anonymized immediately after being collected. When you activate the plug-in, in other words, your personal data is transferred to and stored by the plug-in provider (which may be in the United States if the provider is a U.S. company). Since the plug-in provider collects much of its data through cookies, we recommend deleting all the cookies in your browser’s security settings before clicking the grayed-out box.
8.2 We have no control over the data collected or the data processing operations nor do we know the full extent to which data is collected, the purposes for which it is processed, or how long it is stored. We also have no information on whether, when or how plug-in providers erase the data they collect.
8.3 Each plug-in provider stores data collected on you in user profiles that it uses for advertising, market research and/or to tailor its website to market needs. This analysis (which even includes users who are not logged in) is mainly done to show targeted advertising and tell other users in the social network about what you have done on our website. You can object to the creation of user profiles by contacting the plug-in provider. The plug-ins allow you to interact with social networks and other users so that we can improve our website and provide a more engaging user experience. The legal basis for the use of plug-ins is GDPR Article 6(1) point (f).
8.4 Data is transferred whether or not you have an account with the plug-in provider and are logged into the provider’s social network. If you are logged into the social network, the personal data that we have collected on you will be linked directly to your account with the plug-in provider. If you press the activated button and then, say, link to the page, the plug-in provider will store this information in your user account as well and publicly share it with your contacts. We recommend that you regularly log out after using a social network but particularly before activating the button so that your activity is not associated with the user profile that the plug-in provider has created on you.
8.5 To learn more about the purpose and extent to which the plug-in provider collects and processes data, please see the provider’s privacy policies, which we have linked to below. The policies also contain more information on your rights and ways to adjust your settings to protect your privacy.
8.6 Here are the addresses of the plug-in providers as well as the links to their privacy policies:
a) Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA;
More information on data collection: http://www.facebook.com/help/186325668085084, http://www.facebook.com/about/privacy/your-info-on-other#applications and http://www.facebook.com/about/privacy/your-info#everyoneinfo.
Facebook is EU-US Privacy Shield certified, see https://www.privacyshield.gov/EU-US-Framework.
b) Twitter, Inc., 1355 Market St, Suite 900, San Francisco, California 94103, USA;
Twitter is EU-US Privacy Shield certified, see https://www.privacyshield.gov/EU-US-Framework.
c) LinkedIn Corporation, 2029 Stierlin Court, Mountain View, California 94043, USA;
LinkedIn is EU-US Privacy Shield certified, see https://www.privacyshield.gov/EU-US-Framework.
9. Embedding of YouTube Videos
9.1 Our website contains embedded YouTube videos that are stored on http://www.YouTube.com and can be played without leaving our website. All the videos have been embedded in “privacy-enhanced mode” which means that YouTube will not receive any data on you as the user if you do not play the videos. The data specified in Paragraph 2 is not transferred until you play the videos. We have no control over this transfer of data.
9.2 When you play a video, YouTube is notified that you have accessed a website page containing the embedded video. It also receives the data described in Section 2 of this policy. This happens whether or not you have a YouTube account or are logged into a YouTube account. If you are logged in with Google, your data will be linked to your account. If you do not want this data to be linked to your YouTube profile, you will have to log out before activating the button. YouTube stores your data in user profiles that it uses for advertising, market research and/or to tailor its website to market needs. This analysis (which even includes users who are not logged in) is mainly done to show targeted advertising and notify other users in the social network about what you have done on our website. You can object to the creation of user profiles by contacting YouTube.
Google processes your personal data in the United States and is EU-US Privacy Shield certified, see
10. Embedding of Google Maps
10.1 Our website uses Google Maps, which lets us show you interactive maps within our website and give you convenient access to map functions.
10.2 When you visit our website, Google is notified that you have accessed a website page containing Google Maps. It also receives the data described in Section 2 of this policy. This happens whether or not you have a Google account or are logged into a Google account. If you are logged in with Google, your data will be linked to your account. If you do not want this data to be linked to your Google profile, you will have to log out before activating the button. Google stores your data in user profiles that it uses for advertising, market research and/or to tailor its website to market needs. This analysis (which even includes users who are not logged in) is mainly done to show targeted advertising and notify other users in the social network about what you have done on our website. You can object to the creation of user profiles by contacting Google.
Google processes your personal data in the United States and is EU-US Privacy Shield certified, see
11. Use of Google Analytics
11.1 This website uses Google Analytics, a web analytics service provided by Google Inc. (“Google”). Google Analytics uses “cookies,” which are text files placed on your computer to help the website analyze how you use the site. The information generated by the cookie about your use of the website will generally be transmitted to and stored on a Google server in the United States. If IP anonymization is activated on this website, Google will, however, truncate your IP address beforehand within the member states of the European Union or within other states party to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the United States and truncated there. By request of this website’s operator, Google will use this information for the purposes of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage for the website operator.
Google will not associate the IP address transmitted by your browser as part of Google Analytics with any other data held by Google.
11.2 You may refuse to store cookies by changing your browser settings; please note, however, that you may not be able to use the full functionality of this website in this case. You can also prevent the data generated by the cookie with regard to your use of the website (including your IP address) from being collected and processed by Google by downloading and installing the browser plug-in available at the following link: http://tools.google.com/dlpage/gaoptout.
11.3 This website uses Google Analytics with the extension “anonymizeIp()”. This extension ensures that IP addresses are only processed in truncated form and so cannot be linked to a person. The extension therefore prevents you from being identified by any of the data collected on you because it immediately deletes personal data.
11.4 We use Google Analytics to regularly analyze and improve the use of our website. The analytical statistics allow us to improve our online presence and give you a more engaging user experience. On the rare occasions when personal data is transferred to the United States, Google is EU-US Privacy Shield certified, see https://www.privacyshield.gov/EU-US-Framework.
The legal basis for the use of Google Analytics is GDPR Article 6(1) point (f).
11.5 Third-party provider information: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001. Terms of Service: http://www.google.com/analytics/terms/us.html,
12. Use of web fonts
13. Your Rights
13.1 You have the following rights with respect to your personal data:
- Right of access, GDPR Article 15
- Right to rectification and erasure, GDPR Article 16 and Article 17
- Right to restriction of processing, GDPR Article 18
- Right to data portability, GDPR Article 20.
13.2 You also have the right to file a complaint about our processing of your personal data with a data protection regulator (such as the State Commissioner for Data Protection and Freedom of Information for Baden-Württemberg, www.baden-wuerttemberg.datenschutz.de).
13.3 You can revoke your consent to the processing of your data at any time, GDPR Article 7(3). A revocation will affect the lawfulness of the processing of your personal data from the moment you communicate it to us.
You can also object to your personal data being processed for advertising and data analysis purposes at any time. You can communicate your objection to us at the following address:
Am Oberwald 8
13.4 You can object to any processing of your personal data that is based on a balance of interests, GDPR Article 21. This includes processing that is not necessary for the performance of a contract to which you are a party, which we will present in the subsequent description of the functions. When you submit your objection, please include the reasons why we should not process your personal data as we have done. If your objection is warranted, we will review the facts and either stop or modify our data processing or provide the compelling legitimate grounds that allow us to continue processing your personal data.