- Spanish grammarBusiness Spanish
This translation is for information purposes only and does not necessarily accurately reflect the original German meaning. In the event of discrepancies or inconsistencies between the English version of this text and translations, the German version is binding.
1 PRIVACY STATEMENT FOR LENGALIA
We treat personal data under the Germany Data Protection Act (incorporating the EU General Data Protection Regulation - GDPR) to our global operations unless the local equivalent laws are stronger. Also, we apply the personal data under the provisions of the California Consumer Privacy Act (CCPA) in our operations in California.
3 DECLARATION OF CONSENT
- What data Lengalia collects and what we do with it.
- What technologies we use for provision and personalization.
- What data protection rights you have and how you can exercise them.
The trust of our users is important to us. Lengalia therefore wishes to provide its users with full information on the processing of their personal data at all times. If any queries remain unanswered by this privacy statement or if more detailed information is required on any point, please contact the following address at any time.
Author of this page:
Lengalia, José Delgado
Schmarjestr. 42 22767
email: mail (@) lengalia.com
You can also reach our Data Protection Supervisor and other data protection-related contacts via these contact details. In this context, we process data exclusively for the purpose of communicating with you. The legal basis for the data processing is the performance of the contract pursuant to Article 6(1)(b) GDPR.
GET IN TOUCH
We collect your personal data when you provide it to us of your own accord, e.g. when you contact us. This information is communicated on a voluntary basis and in these cases is initiated by you. Insofar as this involves information regarding communication channels (email address, telephone number), we will use these channels to contact you in accordance with your request.
Legal basis for data processing
The legal basis for processing the data that you transmit to us in the course of contacting us is Art. 6 (1) sentence 1 lit. f DSGVO.
Purpose of data processing
The purpose of processing your data is to handle and respond to your request.
Duration of storage
We will delete the data we have received in the course of contacting you as soon as it is no longer required to achieve the purpose for which it was collected, i.e. your request has been fully processed and no further communication with you is required or requested.
Possibility of objection and removal
If a user contacts us by email, they can object to the storage of their personal data at any time.
5 WHAT RIGHTS DO YOU HAVE?
- Withdrawal of consent in accordance with Article 7(3) GDPR (e.g. you can contact us to withdraw consent and stop receiving the newsletter)
- Right of Access in accordance with Article 15 GDPR (e.g. you can contact us to find out which data of yours we have saved)
- Rectification in accordance with Article 16 GDPR (e.g. you can contact us if your email address has changed and you want us to update it)
- Erasure in accordance with Article 17 GDPR (e.g. you can contact us if you want us to delete any of your data that we have saved)
- Restriction of processing in accordance with Article 18 GDPR (e.g. you can contact us if you do not want us to delete your email address but only want to receive emails that are strictly necessary)
- Data portability in accordance with Article 20 GDPR (e.g. you can contact us to obtain the data we have saved on you in a compressed format as you may want to provide the data to another website)
- Objection in accordance with Article 21 GDPR (e.g. you can contact us if you do not consent to one of the advertising or analytical procedures listed in this document)
- Right to lodge a complaint with the relevant supervisory authority in accordance with Article 77(1) GDPR (e.g. in the event of a complaint you could contact the data protection supervisory authority in your state directly)
Supervisory authority in Hamburg
Der Hamburgische Beauftragte für Datenschutz und Informationsfreiheit
Your rights concerning the processing of your personal data
To exercise your rights, you must send us a request in writing, either by post or email. If you would also like to speak to someone in person, you can contact us by telephone. You will need to provide:
. proof of identity
. proof of address
. any additional details we need to locate the information you have requested (for example, details regarding Lengalia or staff that you have had contact with and when).
We will not start looking for your information until we confirm your identity.
6 DELETION OF DATA AND STORAGE PERIOD
If not otherwise noted, we delete personal data as soon as it is no longer needed. Your data will also be locked or deleted if a storage period set out by law expires, unless the data must be kept in order to complete or fulfil a contract. Some data may have to be stored for a longer time period if the law requires it. You can, of course, request information regarding the personal data we have saved on you at any time.
Right to erasure - 'right to be forgotten'
After your access period to our Learning portal has finished, your data will be completely deleted after 90 days (both your personal data and data concerning your learning progress connected to your account). You also have the option of deleting your data yourself at any time during your period of access under ‘Profile‘. This is because the personal data are no longer necessary in relation to the purposes for which they were collected.
The legal basis is your consent in accordance with the European data protection requirements from Article 17(1) GDPR.
7 LOG FILES
If you visit our website, we do not collect any personal data, with the exception of the data that your browser transmits to enable you to visit the website. The website provider -Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen (Germany)- automatically collects and stores information that your browser automatically transmits to us in "log files". These are:
- type and version of browser used,
- operating system,
- date and time of server requests,
- number of visits,
- time spent on the website,
- website previously visited,
- IP address of users is anonymised before being stored.
As a protective measure in favour of your privacy, we delete or anonymize the IP address after specified periods. Therefore, other related data can no longer be traced back to you and may only serve anonymous, statistical purposes for the optimization of our website. The purpose of the temporary storage of the data is a technical necessity for establishing the connection, and the correct and error-free display of our website. The IP address and the technical data already mentioned are needed to display the website, to prevent display problems for visitors and to correct error messages.
The legal basis is the so-called legitimate interest which has been examined in the context of the aforementioned protective measures and in accordance with the European data protection requirements from Article 6(1)(f) GDPR.
What is Cloudflare?
A content delivery network (CDN), as provided by Cloudflare, is nothing more than a network of servers that are connected to each other. Cloudflare has deployed servers around the world, which ensure websites can appear on your screen faster. Simply put, Cloudflare makes copies of our website and places them on its own servers. Thus, when you visit our website, a load distribution system ensures that the main part of our website is delivered by a server that can display our website to you as quickly as possible. The CDN significantly shortens the route of the transmitted data to your browser. Thus, Cloudflare does not only deliver our website’s content from our hosting server, but from servers from all over the world. Cloudflare is particularly helpful for users from abroad, since pages can be delivered from a nearby server. In addition to the fast delivery of websites, Cloudflare also offers various security services, such as DDoS protection, or the web application firewall.
Why we use Cloudflare on our website?
Which data is stored by Cloudflare?
Cloudflare generally only transmits data that is controlled by website operators. Therefore, Cloudflare does not determine the content, but the website operator themselves does. Additionally, Cloudflare may collect certain information about the use of our website and may process data we send or data which Cloudflare has received certain instructions for. Mostly, Cloudflare receives data such as IP addresses, contacts and protocol information, security fingerprints and websites’ performance data. Log data for example helps Cloudflare identify new threats. That way, Cloudflare can ensure a high level of security for our website. As part of their services, Cloudflare process this data in compliance with the applicable laws. Of course, this also includes the compliance with the General Data Protection Regulation (GDPR).
Cloudflare also works with third party providers. They may however only process personal data after the instruction of Cloudflare and in accordance with the data protection guidelines and other confidentiality and security measures. Without explicit consent from us, Cloudflare will not pass on any personal data.
How long and where is the data stored?
Cloudflare stores your information primarily in the United States and the European Economic Area. Cloudflare can transfer and access the information described above, from all over the world. In general, Cloudflare stores domains’ user-level data with the Free, Pro and Business versions for less than 24 hours. For enterprise domains that have activated Cloudflare Logs (previously called Enterprise LogShare or ELS), data can be stored for up to 7 days. However, if IP addresses trigger security warnings in Cloudflare, there may be exceptions to the storage period mentioned above.
How can I erase my data or prevent data retention?
Cloudflare only keeps data logs for as long as necessary and in most cases deletes the data within 24 hours. Cloudflare also does not store any personal data, such as your IP address. However, there is information that Cloudflare store indefinitely as part of their permanent logs. This is done to improve the overall performance of Cloudflare Resolver and to identify potential security risks. You can find out exactly which permanent logs are saved here. All data Cloudflare collects (temporarily or permanently) is cleared of all personal data. Cloudflare also anonymise all permanent logs.
If you have consented to the use of Cloudflare, your consent is the legal basis for the corresponding data processing. According to Art. 6 paragraph 1 lit. a (Consent) your consent is the legal basis for the processing of personal data, as can occur when it is collected by Cloudflare.
We also have a legitimate interest in using Cloudflare to optimise our online service and make it more secure. The corresponding legal basis for this is Art. 6 para. 1 lit.f GDPR (legitimate interests). Nevertheless, we only use Cloudflare if you have given your consent to it.
Cloudflare also processes data in the USA, among other countries. We would like to note, that according to the European Court of Justice, there is currently no adequate level of protection for data transfers to the USA. This can be associated with various risks to the legality and security of data processing.
Cloudflare uses standard contractual clauses approved by the EU Commission as basis for data processing by recipients based in third countries (outside the European Union, Iceland, Liechtenstein, Norway and especially in the USA) or data transfer there (= Art. 46, paragraphs 2 and 3 of the GDPR). These clauses oblige Cloudflare to comply with the EU‘s level of data protection when processing relevant data outside the EU. These clauses are based on an implementing order by the EU Commission. You can find the order and the clauses here.
You can find more information about data protection at Cloudflare here.
Data Processing Agreement (DPA) Cloudflare
In accordance with Article 28 of the General Data Protection Regulation (GDPR), we have entered into a Data Processing Agreement (DPA) with Cloudflare. This contract is required by law because Cloudflare processes personal data on our behalf. It clarifies that Cloudflare may only process data they receive from us according to our instructions and must comply with the GDPR. You can find the link to the Data Processing Agreement (DPA) here.
9 PROVISION OF THE LENGALIA LEARNING PORTA
- The provision, personalization and needs-based design of our website
- Ensuring the general security, operability and stability of our services, including defense against attacks
- Non-promotional communication with you on technical, security and contract-related topics (e.g. fraud alerts, account blocking or contract changes)
Insofar as the purpose is the performance of a contract agreed with you or the provision of a service requested by you, the legal basis is Article 6(1)(b) GDPR. Otherwise, the legal basis is Article 6(1)(f) GDPR, whereby our legitimate interests lie in the above-mentioned purposes.
10 YOUR LENGALIA ACCOUNT
The use of our learning portal Spanish language courses, requires registration on our website. When you register with us, we collect and store the basic data you enter, such as (user) name, email address, and your password, as required fields as part of the registration process. We may receive further information from you about the learning portal, e.g. in your personal profile.
As a protective measure, the transmission of the data you enter, as happens when you visit the rest of the learning portal, takes place via an encrypted connection. After successful confirmation, your data will be stored until you decide to delete either individual data or the entire user account. The purpose of the requested data is the creation of a user account for the use of extended functions on the website. Registration is voluntary and can be revoked or the user data deleted at any time.
11 USE OF THE LENGALIA LEARNING PORTAL
Using the information you provide when you pay for a course, we create a personal profile for you. This profile contains the following information: title, first name and surname, street, postcode, town/city, country and email address. Furthermore, the email addresses of course participants, or those employed by companies, schools and institutions who are using the learning platform, will be taken. You will need your email address to log in. We use your email address to communicate with you within the framework of our contract. We use your first and last names in order to directly address you when using the learning platform. We need your address in order to fulfil our contractual duties for you. When we send you your access details and your bill via email, we include your address at the top of these documents. You can delete your profile information at any time. If you delete your profile you will only be able to use the service again after paying for a new course. Your learning progress (learning statistics) and all contents of the learning tools will all be reset.
b) Learning statistics
While you practise, Lengalia automatically creates statistics which record and analyze the progress of your learning. In your statistics, we save and make use of data that is needed by other learning tools (for example, ‘Vocabulary trainer‘, Verb conjugator‘, ‘correct mistakes‘). In your statistics, these tools would not be useable if the data were not available. Therefore, we save and use the results of the progress you made whilst practising. Your learning statistics are only visible to you and to the Lengalia teacher or Lengalia team responsible for you. If you use an online course in the context of your company, a school or any other institution the teacher (supervisor) may be appointed by Lengalia or by your company, school, or institution respectively. The legal basis for the data processing is the fulfillment of the contract according to Article 28 GDPR.
12 PERSONAL VOCABULARY TRAINER
Lengalia offers a personal vocabulary trainer that allows users to transfer their own vocabulary in order to repeat and learn later. This data is not visible to other users.
The legal basis for the data processing is the fulfillment of the contract according to Article 6(1)(b) GDPR.
On our website we use the service of the company DeepL GmbH, Maarweg 165, 50825 Köln (Germany). Our legitimate interest in using this service is to translate user requests quickly. When using DeepL, the texts and/or documents you submit are not stored permanently and are only kept temporarily to the extent necessary for the creation and transmission of the translation. After the translation has been transmitted to you, both the submitted texts and/or documents and their translations will be deleted. This data cannot be viewed by other users. The use of DeepL is optional.
The legal basis for the use of this service is our legitimate interest pursuant to Article 6(1)(b) GDPR.
14 VOICE RECORDER
In order for us to check your pronunciation, we use voice recognition systems. For this purpose, we store the audio recordings you make for a short period of time and delete them immediately after evaluation. To do this, we first need authorized access to the microphone of your terminal device. Your audio recordings are then processed via an interface and subsequently evaluated. Lengalia does not store these audio recordings after evaluation with regard to the accuracy of your pronunciation.
The legal basis for the aforementioned data processing is the fulfillment of the contract pursuant to Article 6(1)(b) GDPR.
Our website uses "Matomo", a web analytics service provided by InnoCraft Ltd, 150 Willis St, 6011 Wellington, New Zealand. The information collected is stored only on our server and is not shared with third parties. The following data is stored:
- two bytes of the user's IP address
- the webpage that was visited
- the website from which the user accessed our website (referrer)
- the subpages
- the time spent on the website
- the frequency with which the website is accessed
The legal basis for the use of this service is Art. 6 para. 1 p. 1 lit. f GDPR - legitimate interest. Our legitimate interest is the optimisation of our website, the improvement of our offers and online marketing.
We use the customer service software Zendesk. The provider of this service is the American company Zendesk, Inc., 989 Market St, San Francisco, CA 94103, USA.
Zendesk also processes data in the USA, among other countries. We would like to note, that according to the European Court of Justice, there is currently no adequate level of protection for data transfers to the USA. This can be associated with various risks to the legality and security of data processing.
Zendesk uses standard contractual clauses approved by the EU Commission as the basis for data processing by recipients based in third countries (i. e. outside the European Union, Iceland, Liechtenstein, Norway, and thus especially in the USA) or data transfer there (= Art. 46, paragraphs 2 and 3 of the GDPR). Standard Contractual Clauses (SCC) are legal templates provided by the EU Commission. Their purpose is to ensure that your data complies with European data privacy standards, even if your data is transferred to and stored in third countries (such as the USA). With these clauses, Zendesk commits to comply with the EU‘s level of data protection when processing relevant data, even if it is stored, processed and managed in the USA. These clauses are based on an implementing order by the EU Commission. You can find the order and the standard contractual clauses here.
Further information on data processing and the standard contractual clauses at Zendesk can be found here.
For this purpose, our website records the necessary data, (e.g. first name, last name, email) so we can provide you with the information you require. The use of Zendesk is optional. If you do not agree to Zendesk collecting your data, we offer alternative ways for you to contact us to submit service requests by phone or email.
The legal basis for the use of this service is our legitimate interest pursuant to Article 6(1)(f) GDPR. Our legitimate interest in using this service is to be able to answer user inquiries quickly and efficiently. Zendesk uses their data only to forward your requests to us. It will not be passed on to third parties.
17 EMAIL DELIVERY VIA AMAZON SES
For the management of our email traffic we use the service “Amazon Simple Email Service” of the technical service provider Amazon Web Services, Inc., 410 Terry Avenue North, Seattle WA 98109, USA (“Amazon SES”). Amazon SES operates as a platform for organizing, sending and receiving e-mails and enables the connection to various mail service providers and mail clients. When we send emails using Amazon SES, your email address and name data is first transmitted to Amazon Web Services servers and then forwarded to the actual mail client for the purpose of sending. The server locations of Amazon Web Services are within the EU (Frankfurt).
The legal basis for the processing of data using Amazon SES is our legitimate interest in the best possible technical organization and handling of our email traffic, as well as optimizing the provision of content and deliverability pursuant to Art. 6 (1) lit. f GDPR.
18 FACEBOOK PIXEL
We exclusively want to show our products or services to persons, who are interested in them. With the aid of the Facebook pixel, our advertising measures can get better adjusted to your wishes and interests. Therefore, Facebook users get to see suitable advertisement (if they allowed personalised advertisement). Moreover, Facebook uses the collected data for analytical purposes and for its own advertisements.
If you are registered at Facebook, you can change the settings for advertisements yourself here. If you are not a Facebook user, you can manage your user based online advertising here. You have the option to activate or deactivate any providers there.
If you want to learn more about Facebook’s data protection, we recommend you the view the company’s in-house data policies.
The processing of your personal data is based on a voluntary and informed consent pursuant to Art. 6 para. 1 S 1 lit. a GDPR, which you have given by selecting within the cookie banner. You can revoke your consent at any time with effect for the future by changing your selection in the cookie settings.
What exactly are cookies?
Every time you surf the internet, you use a browser. Common browsers are for example Chrome, Safari, Firefox, Internet Explorer and Microsoft Edge. Most websites store small text-files in your browser. These files are called cookies.
Cookies save certain parts of your user data, such as e.g. language or personal page settings. When you re-open our website, your browser submits these “user specific” information back to our site. Thanks to cookies, our website knows who you are and offers you the settings you are familiar to. In some browsers every cookie has its own file, in others such as Firefox, all cookies are stored in one single file.
There are both first-party cookies and third-party coookies. First-party cookies are created directly by our site, while third-party cookies are created by partner-websites (e.g. Google Analytics). Every cookie is individual, since every cookie stores different data. The expiration time of a cookie also varies – it can be a few minutes, or up to a few years. Cookies are no software-programs and contain no computer viruses, trojans or any other malware. Cookies also cannot access your PC’s information.
Which types of cookies are there?
- Essential Cookies: These cookies are necessary to ensure the basic function of a website. They are needed when a user for example puts a product into their shopping cart, then continues surfing on different websites and comes back later in order to proceed to the checkout. Even when the user closed their window priorly, these cookies ensure that the shopping cart does not get deleted.
- Purposive Cookies: These cookies collect info about the user behaviour and record if the user potentially receives any error messages. Furthermore, these cookies record the website’s loading time as well as its behaviour within different browsers.
- Target-orientated Cookies: These cookies care for an improved user-friendliness. Thus, information such as previously entered locations, fonts or data in forms stay saved.
- Advertising Cookies: These cookies are also known as targeting-Cookies. They serve the purpose of delivering individually adapted advertisements to the user. This can be very practical, but also rather annoying.
Upon your first visit to a website you are usually asked which of these cookie-types you want to accept. Furthermore, this decision will of course also be saved in a cookie.
How can I delete cookies?
Chrome: Clear, enable and manage cookies in Chrome
Safari: Manage cookies and website data in Safari
Firefox: Clear cookies and site data in Firefox
Internet Explorer: Delete and manage cookies
Microsoft Edge: Delete cookies in Microsoft Edge
If you generally do not want to allow any cookies at all, you can set up your browser in a way, to notify you whenever a potential cookie is about to be set. This gives you the opportunity to manually decide to either permit or deny the placement of every single cookie. The settings for this differ from browser to browser. Therefore, it might be best for you to search for the instructions in Google. If you are using Chrome, you could for example put the search phrase “delete cookies Chrome” or “deactivate cookies Chrome” into Google.
How is my data protected?
20 TLS ENCRYPTION WITH HTTPS
We use https to transfer information on the internet in a tap-proof manner (data protection through technology design Article 25 Section 1 GDPR). With the use of TLS (Transport Layer Security), which is an encryption protocol for safe data transfer on the internet, we can ensure the protection of confidential information. You can recognise the use of this safeguarding tool by the little lock-symbol, which is situated in your browser’s top left corner, as well as by the use of the letters https (instead of http) as a part of our web address.
We have integrated YouTube videos to our website. Therefore, we can show you interesting videos directly on our site. YouTube is a video portal, which has been a subsidiary company of Google LLC since 2006. The video portal is operated by YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. When you visit a page on our website that contains an embedded YouTube video, your browser automatically connects to the servers of YouTube or Google. Thereby, certain data are transferred (depending on the settings). Google is responsible for YouTube’s data processing and therefore Google’s data protection applies.
The legal basis is your consent pursuant to Article 6(1)(f) GDPR.
22 GOOGLE FONTS
Google Fonts from Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, a font collection from Google, are used to visually improve the typeface. These fonts are transferred to your browser's storage folder and activated when you access this website or other websites. If this is not supported, the text on the website will only be displayed in a standard font. To enable this, a request is sent to domains such as fonts.googleapis.com or fonts.gstatic.com, which contains your IP address for technical reasons. However, your data will not be merged with other data or traced back to you personally.
The legal basis is the so-called legitimate interest, which has been examined in order to pursue the purpose and within the framework of the aforementioned protective measures, as well as in accordance with the European data protection requirements from Article 6(1)(f) GDPR.
23 GOOGLE ANALYTICS
If you have given your consent, this website uses Google Analytics, a web analysis service of Google LLC. The responsible service provider in the EU is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (‘Google‘).
Scope of processing
We use the function User-ID. The User ID allows us to assign a unique, permanent ID to one or more sessions (and the activities within these sessions) and to analyze user behaviour across devices.
We use Google Signals. This allows Google Analytics to collect additional information about users who have activated personalized ads (interests and demographic data). Also, ads can be delivered to these users in cross-device remarketing campaigns.
We use the function 'anonymizeIP' (so-called IP-Masking): Due to the activation of IP-anonymization on this website, your IP-address will be shortened by Google within member states of the European Union or in other signatory states of the Agreement on the European Economic Area. Only in exceptional cases the full IP address will be transferred to a Google server in the USA and shortened there. The IP address transmitted by your browser within the framework of Google Analytics is not merged with other data from Google.
During your website visit the following data will be collected:
- The pages you visit, your ‘click behaviour‘
- Achievement of ‘website goals‘ (conversions, e.g. newsletter registrations, downloads, purchases)
- Your user behaviour (for example clicks, dwell time, bounce rates)
- Your approximate location (region)
- Your IP address (in abbreviated form)
- Technical information about your browser and the end devices you use (e.g. language settings, screen resolution)
- Your internet provider
- The referrer URL (via which website/advertising medium you came to this website)
Purposes of processing
On behalf of the operator of this website, Google will use this information to evaluate your (pseudonymous [not user id]) use of the website and to compile reports on website activity. The reports provided by Google Analytics serve to analyse the performance of our website and the success of our marketing campaigns.
The data recipient is: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, as data processor. For this purpose we have concluded a contract with Google. Google LLC, headquartered in California, USA, and, if applicable, US authorities can access the data stored at Google.
Transfer to third countries
A transfer of data to the USA cannot be excluded. Duration of storage The data sent by us and linked to cookies is automatically deleted after 14 months. Data is automatically deleted once a month as soon as the storage period is reached.
You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) to Google and the processing of this data by Google by:
a. not consenting to cookies or
b. downloading and installing the browser add-on to disable Google Analytics here.
By setting your browser software accordingly you can also prevent the storage of cookies. If your browser is set to refuse all cookies, the functionality of this and other websites may be limited.
Legal basis and right of withdrawal
24 GOOGLE ADS AND GOOGLE CONVERSION TRACKING
We use Google Ads as an online marketing measure, to advertise our products and services. Thus, we want to draw more people’s attention on the internet to the high quality of our offers. As part of our advertising measures with Google Ads, we use the conversion tracking of Google LLC., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”) on our website. With the aid of this free tracking tool we can tailor our advertising offer better to your interests and needs. In the following article we will explain, why we use conversion tracking, what data gets saved and how you can prevent this data retention.
What is Google Ads conversion tracking?
Google Ads (previously Google AdWords) is the internal online advertising sxstem of the company Google LLC. We are convinced of our offer‘s quality and would like as many people as possible to discover our website. For this, Google Ads offers the best platform within the online environment. Of course, we also want to get an overview of the cost-benefit factor of our advertising campaigns. Thence, we use Google Ads’ conversion tracking tool.
But what is a conversion actually? A conversion occurs, when you turn from an interested visitor into an acting website visitor. This happens every time you click on our ad and then make another action, such as paying a visit to our website. With Google’s conversion tracking tool, we can understand what happens after a user clicks our Google ad. It shows us for instance if products get bought, services are used or whether users have subscribed to our newsletter.
Why do we use Google Ads conversion tracking on our website?
We use Google Ads to show our offer also across other websites. Our aim is for our advertising campaigns to reach only those people, who are interested in our offers. With the conversion tracking tool, we see what keywords, ads, ad groups and campaigns lead to the desired customer actions. We see how many customers interact with our ads on a device, to then convert. With this data we can calculate our cost-benefit-factor, measure the success of individual ad campaigns and therefore optimise our online marketing measures. With the help of the obtained data we can give our website a more interesting design and customise our advertising offer better to your needs.
What data is stored with Google Ads conversion tracking?
For a better analysis of certain user actions, we have integrated a conversion tracking tag, or code snippet to our website. Therefore, if you click one of our Google ads, a Google domain stores the cookie “conversion” on your computer (usually in the browser) or on your mobile device. Cookies are little text files that save information on your computer.
At this point we want to reiterate, that we have no influence on how Google use the collected data. According to Google, the data are encrypted and saved on a secure server. In most cases, conversion cookies expire after 30 days, and do not transmit any personalised data. The cookies named “conversion“ and “_gac“ (which is used with Google Analytics) have an expiry date of 3 months.
How can I delete my data or prevent data retention?
You have the possibility to opt out of Google Ads’ conversion tracking. The conversion tracking can be blocked by deactivating the conversion tracking cookie via your browser. If you do this, you will not be considered for the statistic of the tracking tool. You can change the cookie settings in your browser anytime. Doing so, works a little different in every browser. If you generally do not want to allow any cookies at all, you can set up your browser to notify you whenever a potential cookie is about to be set. This lets you decide upon permitting or denying the cookie’s placement. By downloading and installing the browser plugin here you can also deactivate all “advertising cookies”. Please consider that by deactivating these cookies, you cannot prevent all advertisements, only personalised ads.
The storage of “Conversion” cookies and the use of this tracking tool are based on Art. 6 Sect. 1 lit. f GDPR. The website operator has a legitimate interest in the analysis of user patterns, in order to optimize the operator’s web offerings and advertising. If a corresponding agreement has been requested (e.g. an agreement to the storage of cookies), the processing takes place exclusively on the basis of Art. 6 para. 1 lit. a GDPR; the agreement can be revoked at any time.
25 GOOGLE TAG MANAGER
Why do we use Google Tag Manager for our website?
Everybody knows: Being organised is important! Of course, this also applies to maintenance of our website. In order to organise and design our website as well as possible for you and anyone who is interested in our products and services, we rely on various tracking tools, such as Google Analytics.
What data is saved by Google Tag Manager?
We allowed Google via the account settings for the Tag Manager to receive anonymised data from us. However, this exclusively refers to the use of our Tag Manager and not to your data, which are saved via code sections. We allow Google and others, to receive selected data in anonymous form. Therefore, we agree to the anonymised transfer of our website data. However, even after extensive research we could not find out what summarised and anonymous data it is exactly that gets transmitted. What we do know is that Google deleted any info that could identify our website. Google combines the data with hundreds of other anonymous website data and creates user trends as part of benchmarking measures. Benchmarking is a process of comparing a company’s results with the ones of competitors. As a result, processes can be optimised based on the collected information.
How long and where is the data saved?
When Google stores data, this is done on Google’s own servers. These servers are located all over the world, with most of them being in America. Here you can read in detail where Google’s servers are. In our individual data protection texts on the different tools you can find out how long the respective tracking tools save your data.
How can I delete my data or prevent data retention?
Google Tag Manager itself does not set any cookies but manages different tracking websites’ tags. In our data protection texts on the different tracking tools you can find detailed information on how you can delete or manage your data.
Google actively participates in the EU-U.S. Privacy Shield Framework, which regulates safe transfer of personal data. You can find more information here. If you want to learn more about Google Tag Manager, we recommend you to read here.
The legal basis for use of this service is your consent as laid out in Article 6(1)(a) GDPR, and consent is granted via our cookie banner. Consent can be withdrawn at any time via cookie management.
26 WHEN IS DATA PASSED ON?
Data collected by us will only be passed on if:
- You have given your express consent in accordance with Article 6(1)(a) GDPR
- The disclosure is necessary for the assertion, exercise or defense of legal claims pursuant to Article 6(1)(f) GDPR and there is no reason to assume that you have an overriding interest worthy of protection in not having your data disclosed
- We are legally obligated to disclose your data pursuant to Art. 6 Par. 1 Sentence 1 lit. c GDPR or
- This is legally permissible and necessary according to Article 6(1)(b) GDPR for the processing of contractual relationships with you or for the implementation of pre-contractual measures that take place at your request In addition, disclosure may take place in connection with official inquiries, court decisions and legal proceedings if it is necessary for legal prosecution or enforcement.
27 PAYMENT SERVICE PROVIDER
What is Stripe?
The technology company Stripe offers payment solutions for online payments. Stripe enables us to accept credit and debit card payments in our webshop while it handles the entire payment process. A major advantage of Stripe is that you never have to leave our website or shop during the payment process. Moreover, payments are processed very quickly via Stripe.
Why do we use Stripe on our website?
We of course want to offer the best possible service with both our website and our integrated online shop. After all, we would like you to feel comfortable on our site and take advantage of our offers. We know that your time is valuable and therefore, payment processing in particular must work quickly and smoothly. In addition to our other payment providers, with Stripe we have found a partner that guarantees secure and fast payment processing.
What data are stored by Stripe?
If you choose Stripe as your payment method, your personal data (transaction data) will be transmitted to Stripe where it will be stored. These data include the payment method (i.e. credit card, debit card or account number), bank sort code, currency, as well as the amount and the payment date. During a transaction, your name, email address, billing or shipping address and sometimes your transaction history may also be transmitted. These data are necessary for authentication. Furthermore, Stripe may also collect relevant data for the purpose of fraud prevention, financial reporting and for providing its services in full. These data may include your name, address, telephone number as well as your country in addition to technical data about your device (such as your IP address).
Stripe does not sell any of your data to independent third parties, such as marketing agencies or other companies that have nothing to do with Stripe. However, data may be forwarded to internal departments, a limited number of Stripe’s external partners or for legal compliance reasons.
How long and where are the data stored?
Generally, personal data are stored for the duration of the provided service. This means that the data will be stored until we terminate our cooperation with Stripe. However, in order to meet legal and official obligations, Stripe may also store personal data for longer than the duration of the provided service. Furthermore, since Stripe is a global company, your data may be stored in any of the countries Stripe offers its services in. Therefore, your data may be stored outside your country, such as in the USA for example.
How can I delete my data or prevent data retention?
Stripe is still a participant of the EU-U.S. Privacy Shield Framework which regulated correct and secure transfer of personal data until July 16, 2020. However, since the European Court of Justice declared the agreement to be invalid, the company no longer relies on this agreement, but still acts according to the principles of Privacy Shield.
You can choose to pay using PayPal in our online shop. PayPal is provided by PayPal (Europe) S.à.r.l. & Cie. S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg. If you select PayPal as your payment method, your personal data will automatically be transmitted to PayPal. PayPal acts as an online payment service provider and payment processing takes place directly with PayPal.
We provide PayPal with our Merchant ID so the payment can be transferred to us. The personal data transmitted to PayPal is data related to the relevant order (first name, surname, address, email, IP address) or other data required to process the purchase contract (such as product, period of access, invoice amount, taxes and other billing information). After payment has been made, a feedback message is sent to our website to confirm the payment has been successful.
The transmission of your data is necessary for payment processing via PayPal and is intended to confirm your identity and to administer your payment order. The legal basis for the aforementioned data processing is the fulfillment of the contract pursuant to Article 6(1)(b) GDPR
Lengalia might contain links to other internet sites. We are not responsible for the private practices on other internet sites. We encourage our users to read through every privacy setting on every internet site individually before giving away any personal data.
29 AGE LIMIT FOR THE USE OF LENGALIA
The Lengalia offer is not aimed at children under 16 years of age. The Lengalia offer is also not offered to children whose age makes the processing of their personal data illegal or requires the consent of their parents to the processing of their personal data in accordance with the general data protection regulation (GDPR) or other local laws.
It is also pointed out that persons under 18 years of age always require the permission of parents or legal guardians in order to use the service. If you are under 16 years of age, do not provide us with any personal data. If you are a parent of a child under the age limit and you notice that your child has submitted personal data to Lengalia, please contact us using the contact form.
30 DATA SECURITY
Lengalia takes adequate security measures to protect the user's data. When you enter confidential data (e.g. passwords) we encode them by using secure SSL technology. Lengalia employs safety precautions to guarantee that your data are protected against loss, modification or misuse. To this end, Lengalia works with constantly updated firewalls meeting the industry standard as well as other security systems. At the same time, the user should be aware of the fact that one hundred per cent protection against attacks cannot be guaranteed because of the continual appearance of new viruses and other means of attacking the protected data systems of internet services. Lengalia will instigate civil and criminal proceedings against any attack by hackers and the like and will inform the users of any cases in which their data have been compromised.
31 PUBLICATION AND AMENDMENTS
32 INDIVIDUALS IN THE EEA
Over and above the aforementioned rights, you are entitled to submit a grievance with a relevant authority if you suspect a breach in our personal information handling procedures. We would be grateful if in the first instance you would contact us by email to allow us to investigate any misgivings.
33 CALIFORNIA AND NEVADA RESIDENTS (CCPA)
It is incumbent upon us to provide additional information to residents of California and Nevada regarding how their personal data is used and shared by us. If this applies to you, you may have additional rights regarding the way in which your data is used by us. We have laid out in the following section the details specific to California for your information.
Under certain state laws, the way in which we disclose your personal information could be viewed as a 'sale' of personal information. Those who reside in California or Nevada are entitled to refuse the sale of their personal information. If you are able to provide proof of residency in California or Nevada, you can contact us via email to request you opt-out of any possible future sales under California and Nevada law. You will hear from us regarding your request as soon as is feasibly possible and within no more than 30 days. If we are unable to comply with this time period due to some unforeseen reason, we will inform you of this as soon as possible.
CA Personal Information
We gather specific categories and pieces of data regarding individuals that, in California, are viewed as "CA Personal Information". These are as follows:
. Direct and indirect identifiers such as full name, personal or professional contact details, home address, telephone number, email, unique personal identifier, IP, device and online activity data, sex, demographics, username and password to our website or service;
. Commercial information such as records of products or services purchased or obtained, or purchasing or consuming histories or tendencies;
Use of CA Personal Information
Use of CA Personal Information Sold or Disclosed For Business Purposes
Within the preceding 12-month period, it is possible that we have “sold” (as per the CCPA) some categories of CA Personal Information or disclosed CA Personal Information for business purposes.
California Consumer Rights
Residents of California may have the following rights to their CA Personal Information (exemptions may apply):
(i) The right to access the CA Personal Information we collect, use, share, or sell;
(ii) The right to deletion of the aforementioned CA Personal Information;
(iii) The right to refuse the sale of the CA Personal Information we hold;
(iv) The right to request details of the CA Personal Information we have "sold" (as per the CCPA) or shared for commercial purposes within the preceding 12-month period.
Exercising California consumer rights
Residents of California who wish to exercise any of these rights must do one of the following:
(a) submit a request via our contact form;
(b) access their account to update any necessary information and/or to submit a request;
Once you have submitted your request, we may ask you to provide further details, such as proof of ID, to allow us to confirm your identity and corroborate your request. We do not accept responsibility for requests that are submitted incorrectly or that do not provide sufficient detail. You will not be discriminated against in the prices or products we offer you as a result of making a request regarding your rights to your CA Personal Information. It is important to remember that you are restricted by law to a certain number of requests per year.
Do Not Sell My Personal Information
Last updated and effective as of: January 1, 2023