Privacy Policy


1 PRIVACY STATEMENT FOR LENGALIA
We treat personal data under the Germany Data Protection Act (incorporating the EU General Data Protection Regulation - GDPR) to our global operations unless the local equivalent laws are stronger. Also, we apply the personal data under the provisions of the California Consumer Privacy Act (CCPA) in our operations in California.
We operate the website www.lengalia.com along with our learning portal learning.lengalia.com and subdomains blog.lengalia.com/spanisch-lernen-online/, support.lengalia.com/hc/en-gb and collect certain data from our visitors and customers as necessary. With this privacy policy, Lengalia would like to explain how your personal data is processed and in what form some of this data may be accessible to other users.
In the following privacy policy, you will learn what we do with your personal data and why. We will also tell you how we protect your data, when the data will be deleted and what rights you have under data protection law.

2 SCOPE OF THIS PRIVACY POLICY

The German version of this privacy policy is deemed to be the basis for using the Lengalia’s online-service. Its translation into English, Spanish, French, Italian and Portuguese is provided for information purposes only. In case of contradictions, the only legally binding version of the document (which can be viewed here) is the German version.

3 DECLARATION OF CONSENT
By using the service offered on the Lengalia website you automatically agree to the following privacy policy. Your declaration of consent will be recorded by us. 
You can withdraw your declaration of consent at any time via email, however not in retrospect. Withdrawing your consent means that you may no longer use any of the services provided by Lengalia. In addition to the data processing on our website, we explain in this privacy policy the data processing in the services we offer for which our customers can register.
This privacy policy will explain:
- What data Lengalia collects and what we do with it.
- What technologies we use for provision and personalization.
- What data protection rights you have and how you can exercise them.

4 CONTACT
The trust of our users is important to us. Lengalia therefore wishes to provide its users with full information on the processing of their personal data at all times. If any queries remain unanswered by this privacy statement or if more detailed information is required on any point, please contact the following address at any time.
Author of this page:
Lengalia, José Delgado
Schmarjestr. 42 22767
Hamburg
email: mail (@) lengalia.com
You can also reach our Data Protection Supervisor and other data protection-related contacts via these contact details. In this context, we process data exclusively for the purpose of communicating with you. The legal basis for the data processing is the performance of the contract pursuant to Article 6(1)(b) GDPR.

GET IN TOUCH
We collect your personal data when you provide it to us of your own accord, e.g. when you contact us. This information is communicated on a voluntary basis and in these cases is initiated by you. Insofar as this involves information regarding communication channels (email address, telephone number), we will use these channels to contact you in accordance with your request.
Legal basis for data processing
The legal basis for processing the data that you transmit to us in the course of contacting us is Art. 6 (1) sentence 1 lit. f DSGVO.
Purpose of data processing
The purpose of processing your data is to handle and respond to your request.
Duration of storage
We will delete the data we have received in the course of contacting you as soon as it is no longer required to achieve the purpose for which it was collected, i.e. your request has been fully processed and no further communication with you is required or requested.
Possibility of objection and removal
If a user contacts us by email, they can object to the storage of their personal data at any time.

5 WHAT RIGHTS DO YOU HAVE?
- Withdrawal of consent in accordance with Article 7(3) GDPR (e.g. you can contact us to withdraw consent and stop receiving the newsletter)
- Right of Access in accordance with Article 15 GDPR (e.g. you can contact us to find out which data of yours we have saved)
- Rectification in accordance with Article 16 GDPR (e.g. you can contact us if your email address has changed and you want us to update it)
- Erasure in accordance with Article 17 GDPR (e.g. you can contact us if you want us to delete any of your data that we have saved)
- Restriction of processing in accordance with Article 18 GDPR (e.g. you can contact us if you do not want us to delete your email address but only want to receive emails that are strictly necessary)
- Data portability in accordance with Article 20 GDPR (e.g. you can contact us to obtain the data we have saved on you in a compressed format as you may want to provide the data to another website)
- Objection in accordance with Article 21 GDPR (e.g. you can contact us if you do not consent to one of the advertising or analytical procedures listed in this document)
- Right to lodge a complaint with the relevant supervisory authority in accordance with Article 77(1) GDPR (e.g. in the event of a complaint you could contact the data protection supervisory authority in your state directly)

Supervisory authority in Hamburg
Der Hamburgische Beauftragte für Datenschutz und Informationsfreiheit
Ludwig-Erhard-Straße 22
20459 Hamburg

Your rights concerning the processing of your personal data
To exercise your rights, you must send us a request in writing, either by post or email. If you would also like to speak to someone in person, you can contact us by telephone. You will need to provide:
. proof of identity
. proof of address
. any additional details we need to locate the information you have requested (for example, details regarding Lengalia or staff that you have had contact with and when).
We will not start looking for your information until we confirm your identity.

6 DELETION OF DATA AND STORAGE PERIOD
If not otherwise noted, we delete personal data as soon as it is no longer needed. Your data will also be locked or deleted if a storage period set out by law expires, unless the data must be kept in order to complete or fulfil a contract. Some data may have to be stored for a longer time period if the law requires it. You can, of course, request information regarding the personal data we have saved on you at any time.

Right to erasure - 'right to be forgotten'
After your access period to our Learning portal has finished, your data will be completely deleted after 90 days (both your personal data and data concerning your learning progress connected to your account). You also have the option of deleting your data yourself at any time during your period of access under ‘Profile‘. This is because the personal data are no longer necessary in relation to the purposes for which they were collected.
The legal basis is your consent in accordance with the European data protection requirements from Article 17(1) GDPR.

7 LOG FILES
If you visit our website, we do not collect any personal data, with the exception of the data that your browser transmits to enable you to visit the website. The website provider -Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen (Germany)- automatically collects and stores information that your browser automatically transmits to us in "log files". These are:
- type and version of browser used,
- operating system,
- date and time of server requests,
- number of visits,
- time spent on the website,
- website previously visited,
- IP address of users is anonymised before being stored.
As a protective measure in favour of your privacy, we delete or anonymize the IP address after specified periods. Therefore, other related data can no longer be traced back to you and may only serve anonymous, statistical purposes for the optimization of our website. The purpose of the temporary storage of the data is a technical necessity for establishing the connection, and the correct and error-free display of our website. The IP address and the technical data already mentioned are needed to display the website, to prevent display problems for visitors and to correct error messages.
The legal basis is the so-called legitimate interest which has been examined in the context of the aforementioned protective measures and in accordance with the European data protection requirements from Article 6(1)(f) GDPR.

8 CLOUDFLARE SSL, CDN & WAF
We use Cloudflare by the company Cloudflare, Inc. (101 Townsend St., San Francisco, CA 94107, USA) on this website to enhance its speed and security. For this, Cloudflare uses cookies and processes user data. Cloudflare, Inc. is an American company that offers a content delivery network and various security services. These services take place between the user and our hosting provider. In the following, we will try to explain in detail what all this means. More detailed information about GDPR and Cloudflare can be found on the GDPR pages of Cloudflare.
What is Cloudflare?
A Content Delivery Network (CDN), as provided by Cloudflare, is nothing more than a network of servers connected via the Internet. Cloudflare has distributed such servers all over the world to bring websites faster to your screen. Simply put, Cloudflare makes copies of our website and places them on their own servers. When you visit our website now, a load balancing system ensures that the majority of our website is delivered from the server that can display our website the fastest. The distance of the data transfer to your browser is considerably shortened by a CDN. Thus the content of our website is delivered to you by Cloudflare not only from our hosting server, but from servers all over the world. The use of Cloudflare is especially helpful for users from abroad, because here the page can be delivered from a server nearby. Besides the fast delivery of websites Cloudflare also offers various security services like DDoS protection or the Web Application Firewall.
Why we use Cloudflare on our website?
Of course we want to offer you the best possible service with our website. Cloudflare helps us to make our website faster and more secure. Cloudflare offers us web optimizations as well as security services such as DDoS protection and web firewall. This includes a reverse proxy and the content distribution network (CDN). Cloudflare blocks threats and limits abusive bots and crawlers that waste our bandwidth and server resources. By storing our website in local data centers and blocking spam software, Cloudflare allows us to reduce our bandwidth usage by about 60%. Delivering content from a data center near you and some web optimizations performed there reduces the average loading time of a website by about half. According to Cloudflare, the setting "I'm Under Attack Mode" can be used to mitigate further attacks by displaying a JavaScript calculation task that must be solved before a user can access a web page. Overall, this makes our website much more powerful and less susceptible to spam or other attacks.
Which data is stored by Cloudflare?
Cloudflare generally only forwards those data that are controlled by website operators. The contents are therefore not determined by Cloudflare, but always by the website operator himself. In addition, Cloudflare may collect certain information about the use of our website and process data that is sent by us or for which Cloudflare has received appropriate instructions. In most cases, cloudflare receives data such as contact information, IP addresses, security fingerprints, DNS protocol data and performance data for web pages derived from browser activity. For example, log data helps cloudflare to detect new threats. So Cloudflare can guarantee a high security protection for our website. Cloudflare processes these data within the framework of the services in compliance with the applicable laws. This naturally includes the General Data Protection Regulation (GDPR).
For security reasons Cloudflare also uses a cookie. The cookie (__cfduid) is used to identify individual users behind a shared IP address and to apply security settings for each individual user. This cookie is very useful, for example, if you use our website from a location where there are a number of infected computers. However, if your computer is trustworthy, we can recognize this by the cookie. So you can surf through our website unhindered, despite infected PCs in the area. It is also important to know that this cookie does not store any personal data. This cookie is essential for the cloudflare security features and cannot be disabled.
Cookies from Cloudflare
Cloudflare also works together with third party providers. They may only process personal data under instructions from Cloudflare and in accordance with the privacy policy and other confidentiality and security measures. Cloudflare will not pass on any personal data without our explicit consent.
How long and where is the data stored?
Cloudflare stores your information mainly in the USA and the European Economic Area. Cloudflare can transmit and access the above described information from all over the world. In general, Cloudflare stores user-level data for domains in the Free, Pro and Business versions for less than 24 hours.
How can I delete my data or prevent data storage?
Cloudflare keeps data logs only as long as necessary and in most cases these data are deleted within 24 hours. Cloudflare also does not store any personal data, such as your IP address. However, there is information that Cloudflare stores indefinitely as part of its permanent logs to improve the overall performance of Cloudflare Resolver and to identify any security risks. You can find out exactly which permanent logs are saved here. All data that Cloudflare collects (temporary or permanent) will be cleaned from all personal data. All permanent logs are also anonymized by Cloudflare.
Cloudflare will mention in your privacy policy that they are not responsible for the content they receive. For example, if you ask Cloudflare whether they can update or delete your content, Cloudflare always refers to us as the website operator. You can also completely prevent the entire collection and processing of your data by Cloudflare by deactivating the execution of script code in your browser or by including a script blocker in your browser. Cloudflare is an active participant in the EU-U.S. Privacy Shield Framework which regulates the correct and secure transfer of personal data. You can find more information here.
The legal basis for the use of this service is our legitimate interest pursuant to Article 6(1)(f) GDPR

9 PROVISION OF THE LENGALIA LEARNING PORTAL
We process your data to the extent necessary in each case for the performance of the contract and for the purposes of providing and carrying out other services requested by you, as described in this Privacy Policy. This includes:
- The provision, personalization and needs-based design of our website
- Ensuring the general security, operability and stability of our services, including defense against attacks
- Non-promotional communication with you on technical, security and contract-related topics (e.g. fraud alerts, account blocking or contract changes)
Insofar as the purpose is the performance of a contract agreed with you or the provision of a service requested by you, the legal basis is Article 6(1)(b) GDPR. Otherwise, the legal basis is Article 6(1)(f) GDPR, whereby our legitimate interests lie in the above-mentioned purposes.

10 YOUR LENGALIA ACCOUNT
The use of our learning portal Spanish language courses, requires registration on our website. When you register with us, we collect and store the basic data you enter, such as (user) name, email address, and your password, as required fields as part of the registration process. We may receive further information from you about the learning portal, e.g. in your personal profile.
As a protective measure, the transmission of the data you enter, as happens when you visit the rest of the learning portal, takes place via an encrypted connection. After successful confirmation, your data will be stored until you decide to delete either individual data or the entire user account. The purpose of the requested data is the creation of a user account for the use of extended functions on the website. Registration is voluntary and can be revoked or the user data deleted at any time.

11 USE OF THE LENGALIA LEARNING PORTAL
a) Profile
Using the information you provide when you pay for a course, we create a personal profile for you. This profile contains the following information: title, first name and surname, street, postcode, town/city, country and email address. Furthermore, the email addresses of course participants, or those employed by companies, schools and institutions who are using the learning platform, will be taken. You will need your email address to log in. We use your email address to communicate with you within the framework of our contract. We use your first and last names in order to directly address you when using the learning platform. We need your address in order to fulfil our contractual duties for you. When we send you your access details and your bill via email, we include your address at the top of these documents.
You can delete your profile information at any time. If you delete your profile you will only be able to use the service again after paying for a new course. Your learning progress (learning statistics) and all contents of the learning tools will all be reset.


b) Learning statistics
While you practise, Lengalia automatically creates statistics which record and analyze the progress of your learning. In your statistics, we save and make use of data that is needed by other learning tools (for example, ‘Vocabulary trainer‘, Verb conjugator‘, ‘correct mistakes‘). In your statistics, these tools would not be useable if the data were not available. Therefore, we save and use the results of the progress you made whilst practising. Your learning statistics are only visible to you and to the Lengalia teacher or Lengalia team responsible for you. If you use an online course in the context of your company, a school or any other institution the teacher (supervisor) may be appointed by Lengalia or by your company, school, or institution respectively. The legal basis for the data processing is the fulfillment of the contract according to Article 28 GDPR.

12 PERSONAL VOCABULARY TRAINER
Lengalia offers a personal vocabulary trainer that allows users to transfer their own vocabulary in order to repeat and learn later. This data is not visible to other users.
The legal basis for the data processing is the fulfillment of the contract according to Article 6(1)(b) GDPR.

13 DEEPL
On our website we use the service of the company DeepL GmbH, Maarweg 165, 50825 Köln (Germany). Our legitimate interest in using this service is to translate user requests quickly. When using DeepL, the texts and/or documents you submit are not stored permanently and are only kept temporarily to the extent necessary for the creation and transmission of the translation. After the translation has been transmitted to you, both the submitted texts and/or documents and their translations will be deleted. This data cannot be viewed by other users. The use of DeepL is optional.
The legal basis for the use of this service is our legitimate interest pursuant to Article 6(1)(b) GDPR.

14 VOICE RECORDER
In order for us to check your pronunciation, we use voice recognition systems. For this purpose, we store the audio recordings you make for a short period of time and delete them immediately after evaluation. To do this, we first need authorized access to the microphone of your terminal device. Your audio recordings are then processed via an interface and subsequently evaluated. Lengalia does not store these audio recordings after evaluation with regard to the accuracy of your pronunciation.
The legal basis for the aforementioned data processing is the fulfillment of the contract pursuant to Article 6(1)(b) GDPR.

15 MATOMO
Our website uses "Matomo", a web analytics service provided by InnoCraft Ltd, 150 Willis St, 6011 Wellington, New Zealand. The information collected is stored only on our server and is not shared with third parties. The following data is stored:
- two bytes of the user's IP address
- the webpage that was visited
- the website from which the user accessed our website (referrer)
- the subpages
- the time spent on the website
- the frequency with which the website is accessed
Our website uses Matomo with the setting "Anonymise visitor IP addresses". This means that IP addresses are processed in abbreviated form, which makes it impossible to link them directly to individuals. It is therefore not possible to assign the shortened IP address to your computer. Further information on Matomo's terms of use and data protection regulations can be found here.
The legal basis for the use of this service is Art. 6 para. 1 p. 1 lit. f GDPR - legitimate interest. Our legitimate interest is the optimisation of our website, the improvement of our offers and online marketing.

16 ZENDESK
To process customer enquiries, we use the Zendesk ticket system, a customer service platform from Zendesk Inc., 989 Market Street #300, San Francisco, CA 94102, USA. For this purpose, our website records the necessary data, (e.g. first name, last name, email, etc.) so we can provide you with the information you require. The use of Zendesk is optional. If you do not agree to Zendesk collecting your data, we offer alternative ways for you to contact us to submit service requests by phone or email. Zendesk is a certified participant in the “Privacy Shield Framework” and therefore meets the minimum requirements for contract data processing within the law. You can find additional information on data processing by Zendesk hier: Zendesk's privacy policy.
The legal basis for the use of this service is our legitimate interest pursuant to Article 6(1)(f) GDPR. Our legitimate interest in using this service is to be able to answer user inquiries quickly and efficiently. Zendesk uses their data only to forward your requests to us. It will not be passed on to third parties.

17 FACEBOOK PIXEL
Within our online offer we use the so-called “Facebook Pixel” of the social network Facebook, which is operated by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA, or if you are resident in the EU, Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. With the help of the Facebook pixel, a so-called JavaScript code snippet, Facebook is able to determine the visitors of our online offer as a target group for the display of ads within the social network.
We use Facebook’s Facebook pixel on our website. For that, we have implemented a code on our website. The Facebook pixel is a segment of a JavaScript code, which, in case you arrived on our website via Facebook ads, loads an array or functions that enable Facebook to track your user actions. For example, if you buy a product on our website, the Facebook pixel is triggered and then saves your actions on our website in one or more cookies. These cookies enable Facebook to match your user data (customer data such as IP address, user ID) with the data of your Facebook account. After that, Facebook deletes your data again. The collected data is anonymous as well as inaccessible and can only be used for ad placement purposes. If you are a Facebook user and you are logged in, your visit to our website is automatically assigned to your Facebook user account.
We exclusively want to show our products or services to persons, who are interested in them. With the aid of the Facebook pixel, our advertising measures can get better adjusted to your wishes and interests. Therefore, Facebook users get to see suitable advertisement (if they allowed personalised advertisement). Moreover, Facebook uses the collected data for analytical purposes and for its own advertisements.
If you are registered at Facebook, you can change the settings for advertisements yourself here. If you are not a Facebook user, you can manage your user based online advertising here. You have the option to activate or deactivate any providers there.
If you want to learn more about Facebook’s data protection, we recommend you the view the company’s in-house data policies.
The processing of your personal data is based on a voluntary and informed consent pursuant to Art. 6 para. 1 S 1 lit. a GDPR, which you have given by selecting within the cookie banner. You can revoke your consent at any time with effect for the future by changing your selection in the cookie settings.

18 COOKIES
Our website uses HTTP-cookies to store user-specific data. For your better understanding of the following Privacy Policy statement, we will explain to you below what cookies are and why they are in use.
What exactly are cookies?
Every time you surf the internet, you use a browser. Common browsers are for example Chrome, Safari, Firefox, Internet Explorer and Microsoft Edge. Most websites store small text-files in your browser. These files are called cookies.
What should not be dismissed, is that cookies are very useful little helpers. Nearly all websites use cookies. More accurately speaking these are HTTP-cookies, since there are also different cookies for other uses. http-cookies are small files which our website stores on your computer. These cookie files are automatically put into the cookie-folder, which is like the “brain” of your browser. A cookie consists of a name and a value. Moreover, to define a cookie, one or multiple attributes must be specified.
Cookies save certain parts of your user data, such as e.g. language or personal page settings. When you re-open our website, your browser submits these “user specific” information back to our site. Thanks to cookies, our website knows who you are and offers you the settings you are familiar to. In some browsers every cookie has its own file, in others such as Firefox, all cookies are stored in one single file.
There are both first-party cookies and third-party coookies. First-party cookies are created directly by our site, while third-party cookies are created by partner-websites (e.g. Google Analytics). Every cookie is individual, since every cookie stores different data. The expiration time of a cookie also varies – it can be a few minutes, or up to a few years. Cookies are no software-programs and contain no computer viruses, trojans or any other malware. Cookies also cannot access your PC’s information.
Which types of cookies are there?
What exact cookies we use, depends on the used services. We will explain this in the following sections of the Privacy Policy statement. Firstly, we will briefly focus on the different types of HTTP-cookies.There are 4 different types of cookies:
- Essential Cookies: These cookies are necessary to ensure the basic function of a website. They are needed when a user for example puts a product into their shopping cart, then continues surfing on different websites and comes back later in order to proceed to the checkout. Even when the user closed their window priorly, these cookies ensure that the shopping cart does not get deleted.
- Purposive Cookies: These cookies collect info about the user behaviour and record if the user potentially receives any error messages. Furthermore, these cookies record the website’s loading time as well as its behaviour within different browsers.
- Target-orientated Cookies: These cookies care for an improved user-friendliness. Thus, information such as previously entered locations, fonts or data in forms stay saved.
- Advertising Cookies: These cookies are also known as targeting-Cookies. They serve the purpose of delivering individually adapted advertisements to the user. This can be very practical, but also rather annoying.
Upon your first visit to a website you are usually asked which of these cookie-types you want to accept. Furthermore, this decision will of course also be saved in a cookie.
How can I delete cookies?
You yourself take the decision if and how you want to use cookies. Thus, no matter what service or website cookies are from, you always have the option to delete, deactivate or only partially allow them. Therefore, you can for example block cookies of third parties but allow any other cookies. If you want change or delete cookie-settings and would like to determine which cookies have been saved to your browser, you can find this info in your browser-settings:
Chrome: Clear, enable and manage cookies in Chrome
Safari: Manage cookies and website data in Safari
Firefox: Clear cookies and site data in Firefox
Internet Explorer: Delete and manage cookies
Microsoft Edge: Delete cookies in Microsoft Edge
If you generally do not want to allow any cookies at all, you can set up your browser in a way, to notify you whenever a potential cookie is about to be set. This gives you the opportunity to manually decide to either permit or deny the placement of every single cookie. The settings for this differ from browser to browser. Therefore, it might be best for you to search for the instructions in Google. If you are using Chrome, you could for example put the search phrase “delete cookies Chrome” or “deactivate cookies Chrome” into Google.
How is my data protected?
There is a “cookie policy” that has been in place since 2009. It states that the storage of cookies requires the user’s consent. However, among the countries of the EU, these guidelines are often met with mixed reactions. If you want to learn more about cookies and do not mind technical documentation, we recommend to read hier, the Request for Comments of the Internet Engineering Task Force (IETF) called “HTTP State Management Mechanism”.
Cookie settings

19 TLS ENCRYPTION WITH HTTPS
We use https to transfer information on the internet in a tap-proof manner (data protection through technology design Article 25 Section 1 GDPR). With the use of TLS (Transport Layer Security), which is an encryption protocol for safe data transfer on the internet, we can ensure the protection of confidential information. You can recognise the use of this safeguarding tool by the little lock-symbol, which is situated in your browser’s top left corner, as well as by the use of the letters https (instead of http) as a part of our web address.

20 YOUTUBE
We have integrated YouTube videos to our website. Therefore, we can show you interesting videos directly on our site. YouTube is a video portal, which has been a subsidiary company of Google LLC since 2006. The video portal is operated by YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. When you visit a page on our website that contains an embedded YouTube video, your browser automatically connects to the servers of YouTube or Google. Thereby, certain data are transferred (depending on the settings). Google is responsible for YouTube’s data processing and therefore Google’s data protection applies.
You can prevent this assignment by logging out of your YouTube user account as well as other Google user accounts before using our website. The high security standards of the Google platform and Google’s associated privacy policy apply as protective measures. The purpose of the data transfer is the integration of the video offer of YouTube, which is popular among our users, in order to comfortably access the videos displayed without leaving our website.
The legal basis is your consent pursuant to Article 6(1)(f) GDPR.

21 GOOGLE FONTS
Google Fonts from Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, a font collection from Google, are used to visually improve the typeface. These fonts are transferred to your browser's storage folder and activated when you access this website or other websites. If this is not supported, the text on the website will only be displayed in a standard font. To enable this, a request is sent to domains such as fonts.googleapis.com or fonts.gstatic.com, which contains your IP address for technical reasons. However, your data will not be merged with other data or traced back to you personally.
As a protective measure, we have ensured that the retrieval of the font collection from Google does not result in the data being merged with other Google offerings, e.g. if you have a Google user account. English information on data protection at Google Fonts confirms this. In addition, the high security standards of the Google platform and Google’s associated privacy policy apply. The purpose of the data transfer is the correct display of the fonts in the form we set. The IP address is required to establish a connection with Google's servers in order to download the font collection if it is not already stored on the end device.
The legal basis is the so-called legitimate interest, which has been examined in order to pursue the purpose and within the framework of the aforementioned protective measures, as well as in accordance with the European data protection requirements from Article 6(1)(f) GDPR.

22 GOOGLE ANALYTICS
If you have given your consent, this website uses Google Analytics, a web analysis service of Google LLC. The responsible service provider in the EU is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (‘Google‘).
Scope of processing
Google Analytics uses cookies that enable an analysis of your use of our website. The information collected by the cookies about your use of this website is usually transferred to a Google server in the USA and stored.
We use the function User-ID. The User ID allows us to assign a unique, permanent ID to one or more sessions (and the activities within these sessions) and to analyze user behaviour across devices.
We use Google Signals. This allows Google Analytics to collect additional information about users who have activated personalized ads (interests and demographic data). Also, ads can be delivered to these users in cross-device remarketing campaigns.
We use the function 'anonymizeIP' (so-called IP-Masking): Due to the activation of IP-anonymization on this website, your IP-address will be shortened by Google within member states of the European Union or in other signatory states of the Agreement on the European Economic Area. Only in exceptional cases the full IP address will be transferred to a Google server in the USA and shortened there. The IP address transmitted by your browser within the framework of Google Analytics is not merged with other data from Google.
During your website visit the following data will be collected:
- The pages you visit, your ‘click behaviour‘
- Achievement of ‘website goals‘ (conversions, e.g. newsletter registrations, downloads, purchases)
- Your user behaviour (for example clicks, dwell time, bounce rates)
- Your approximate location (region)
- Your IP address (in abbreviated form)
- Technical information about your browser and the end devices you use (e.g. language settings, screen resolution)
- Your internet provider
- The referrer URL (via which website/advertising medium you came to this website)
Purposes of processing
On behalf of the operator of this website, Google will use this information to evaluate your (pseudonymous [not user id]) use of the website and to compile reports on website activity. The reports provided by Google Analytics serve to analyse the performance of our website and the success of our marketing campaigns.
Recipient
The data recipient is: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, as data processor. For this purpose we have concluded a contract with Google. Google LLC, headquartered in California, USA, and, if applicable, US authorities can access the data stored at Google.
Transfer to third countries
A transfer of data to the USA cannot be excluded. Duration of storage The data sent by us and linked to cookies is automatically deleted after 14 months. Data is automatically deleted once a month as soon as the storage period is reached.
You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) to Google and the processing of this data by Google by:
a. not consenting to cookies or
b. downloading and installing the browser add-on to disable Google Analytics here.
By setting your browser software accordingly you can also prevent the storage of cookies. If your browser is set to refuse all cookies, the functionality of this and other websites may be limited.
Legal basis and right of withdrawal
Your consent is the legal basis for this data processing, Article 6(1)(a) GDPR. You can revoke your consent at any time with effect for the future by changing your selection in the cookie settings. More information here about Google Analytics terms of use and Google's privacy policy.

23 GOOGLE ADS AND GOOGLE CONVERSION TRACKING
We use Google Ads as an online marketing measure, to advertise our products and services. Thus, we want to draw more people’s attention on the internet to the high quality of our offers. As part of our advertising measures with Google Ads, we use the conversion tracking of Google LLC., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”) on our website. With the aid of this free tracking tool we can tailor our advertising offer better to your interests and needs. In the following article we will explain, why we use conversion tracking, what data gets saved and how you can prevent this data retention.
What is Google Ads conversion tracking?
Google Ads (previously Google AdWords) is the internal online advertising sxstem of the company Google LLC. We are convinced of our offer‘s quality and would like as many people as possible to discover our website. For this, Google Ads offers the best platform within the online environment. Of course, we also want to get an overview of the cost-benefit factor of our advertising campaigns. Thence, we use Google Ads’ conversion tracking tool.
But what is a conversion actually? A conversion occurs, when you turn from an interested visitor into an acting website visitor. This happens every time you click on our ad and then make another action, such as paying a visit to our website. With Google’s conversion tracking tool, we can understand what happens after a user clicks our Google ad. It shows us for instance if products get bought, services are used or whether users have subscribed to our newsletter.
Why do we use Google Ads conversion tracking on our website?
We use Google Ads to show our offer also across other websites. Our aim is for our advertising campaigns to reach only those people, who are interested in our offers. With the conversion tracking tool, we see what keywords, ads, ad groups and campaigns lead to the desired customer actions. We see how many customers interact with our ads on a device, to then convert. With this data we can calculate our cost-benefit-factor, measure the success of individual ad campaigns and therefore optimise our online marketing measures. With the help of the obtained data we can give our website a more interesting design and customise our advertising offer better to your needs.
What data is stored with Google Ads conversion tracking?
For a better analysis of certain user actions, we have integrated a conversion tracking tag, or code snippet to our website. Therefore, if you click one of our Google ads, a Google domain stores the cookie “conversion” on your computer (usually in the browser) or on your mobile device. Cookies are little text files that save information on your computer.
At this point we want to reiterate, that we have no influence on how Google use the collected data. According to Google, the data are encrypted and saved on a secure server. In most cases, conversion cookies expire after 30 days, and do not transmit any personalised data. The cookies named “conversion“ and “_gac“ (which is used with Google Analytics) have an expiry date of 3 months.
How can I delete my data or prevent data retention?
You have the possibility to opt out of Google Ads’ conversion tracking. The conversion tracking can be blocked by deactivating the conversion tracking cookie via your browser. If you do this, you will not be considered for the statistic of the tracking tool. You can change the cookie settings in your browser anytime. Doing so, works a little different in every browser. If you generally do not want to allow any cookies at all, you can set up your browser to notify you whenever a potential cookie is about to be set. This lets you decide upon permitting or denying the cookie’s placement. By downloading and installing the browser plugin here you can also deactivate all “advertising cookies”. Please consider that by deactivating these cookies, you cannot prevent all advertisements, only personalised ads.
Due to the certification for the American-European data protection convention “Privacy Shield”, the American corporation Google LLC must comply to the EU’s applicable data protection laws. If you want to find out more on data protection at Google, we recommend Google’s general Privacy Policy.
The storage of “Conversion” cookies and the use of this tracking tool are based on Art. 6 Sect. 1 lit. f GDPR. The website operator has a legitimate interest in the analysis of user patterns, in order to optimize the operator’s web offerings and advertising. If a corresponding agreement has been requested (e.g. an agreement to the storage of cookies), the processing takes place exclusively on the basis of Art. 6 para. 1 lit. a GDPR; the agreement can be revoked at any time.

24 GOOGLE TAG MANAGER
Google Tag Manager is an organising tool with which we can integrate and manage website tags centrally and via a user interface. Tags are little code sections which e.g. track your activities on our website. For this, segments of JavaScript code are integrated to our site’s source text. The tags often come from Google’s intern products, such as Google Ads or Google Analytics, but tags from other companies can also be integrated and managed via the manager. Since the tags have different tasks, they can collect browser data, feed marketing tools with data, embed buttons, set cookies and track users across several websites.
Why do we use Google Tag Manager for our website?
Everybody knows: Being organised is important! Of course, this also applies to maintenance of our website. In order to organise and design our website as well as possible for you and anyone who is interested in our products and services, we rely on various tracking tools, such as Google Analytics.
The collected data shows us what interests you most, which of our services we should improve, and which other persons we should also display our services to. Furthermore, for this tracking to work, we must implement relevant JavaScript Codes to our website. While we could theoretically integrate every code section of every tracking tool separately into our source text, this would take too much time and we would lose overview. This is the reason why we use Google Tag Manager. We can easily integrate the necessary scripts and manage them from one place. Additionally, Google Tag Manager’s user interface is easy to operate, and requires no programming skills. Therefore, we can easily keep order in our jungle of tags.
What data is saved by Google Tag Manager?
Tag Manager itself is a domain that neither uses cookies nor stores data. It merely functions as an “administrator“ of implemented tags. Data is collected by the individual tags of the different web analysis tools. Therefore, in Google Tag Manager the data is sent to the individual tracking tools and does not get saved. However, with the integrated tags of different web analysis tools such as Google Analytics, this is quite different. Depending on the analysis tool used, various data on your internet behaviour is collected, stored and processed with the help of cookies. Please read our texts on data protection for more information on the articular analysis and tracking tools we use on our website.
We allowed Google via the account settings for the Tag Manager to receive anonymised data from us. However, this exclusively refers to the use of our Tag Manager and not to your data, which are saved via code sections. We allow Google and others, to receive selected data in anonymous form. Therefore, we agree to the anonymised transfer of our website data. However, even after extensive research we could not find out what summarised and anonymous data it is exactly that gets transmitted. What we do know is that Google deleted any info that could identify our website. Google combines the data with hundreds of other anonymous website data and creates user trends as part of benchmarking measures. Benchmarking is a process of comparing a company’s results with the ones of competitors. As a result, processes can be optimised based on the collected information.
How long and where is the data saved?
When Google stores data, this is done on Google’s own servers. These servers are located all over the world, with most of them being in America. Here you can read in detail where Google’s servers are. In our individual data protection texts on the different tools you can find out how long the respective tracking tools save your data.
How can I delete my data or prevent data retention?
Google Tag Manager itself does not set any cookies but manages different tracking websites’ tags. In our data protection texts on the different tracking tools you can find detailed information on how you can delete or manage your data.
Google actively participates in the EU-U.S. Privacy Shield Framework, which regulates safe transfer of personal data. You can find more information here. If you want to learn more about Google Tag Manager, we recommend you to read here.
The legal basis for use of this service is your consent as laid out in Article 6(1)(a) GDPR, and consent is granted via our cookie banner. Consent can be withdrawn at any time via cookie management.

25 WHEN IS DATA PASSED ON?
Data collected by us will only be passed on if:
- You have given your express consent in accordance with Article 6(1)(a) GDPR
- The disclosure is necessary for the assertion, exercise or defense of legal claims pursuant to Article 6(1)(f) GDPR and there is no reason to assume that you have an overriding interest worthy of protection in not having your data disclosed
- We are legally obligated to disclose your data pursuant to Art. 6 Par. 1 Sentence 1 lit. c GDPR or
- This is legally permissible and necessary according to Article 6(1)(b) GDPR for the processing of contractual relationships with you or for the implementation of pre-contractual measures that take place at your request In addition, disclosure may take place in connection with official inquiries, court decisions and legal proceedings if it is necessary for legal prosecution or enforcement.

26 PAYMENT SERVICE PROVIDER
A. STRIPE

On our website we use a payment tool by Stripe, an American technology company and online payment service. Stripe Payments Europe (Europe Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland) is responsible for customers within the EU. Therefore, if you choose Stripe as your payment method, your payment will be processed via Stripe Payments. Hence, the data required for the payment process is forwarded to Stripe where it is then stored. In this privacy policy we will give you an overview of Stripe’s data processing and retention. Moreover, we will explain why we use Stripe on our website.
What is Stripe?
The technology company Stripe offers payment solutions for online payments. Stripe enables us to accept credit and debit card payments in our webshop while it handles the entire payment process. A major advantage of Stripe is that you never have to leave our website or shop during the payment process. Moreover, payments are processed very quickly via Stripe.
Why do we use Stripe on our website?
We of course want to offer the best possible service with both our website and our integrated online shop. After all, we would like you to feel comfortable on our site and take advantage of our offers. We know that your time is valuable and therefore, payment processing in particular must work quickly and smoothly. In addition to our other payment providers, with Stripe we have found a partner that guarantees secure and fast payment processing.
What data are stored by Stripe?
If you choose Stripe as your payment method, your personal data (transaction data) will be transmitted to Stripe where it will be stored. These data include the payment method (i.e. credit card, debit card or account number), bank sort code, currency, as well as the amount and the payment date. During a transaction, your name, email address, billing or shipping address and sometimes your transaction history may also be transmitted. These data are necessary for authentication. Furthermore, Stripe may also collect relevant data for the purpose of fraud prevention, financial reporting and for providing its services in full. These data may include your name, address, telephone number as well as your country in addition to technical data about your device (such as your IP address).
Stripe does not sell any of your data to independent third parties, such as marketing agencies or other companies that have nothing to do with Stripe. However, data may be forwarded to internal departments, a limited number of Stripe’s external partners or for legal compliance reasons.
How long and where are the data stored?
Generally, personal data are stored for the duration of the provided service. This means that the data will be stored until we terminate our cooperation with Stripe. However, in order to meet legal and official obligations, Stripe may also store personal data for longer than the duration of the provided service. Furthermore, since Stripe is a global company, your data may be stored in any of the countries Stripe offers its services in. Therefore, your data may be stored outside your country, such as in the USA for example.
How can I delete my data or prevent data retention?
Stripe is still a participant of the EU-U.S. Privacy Shield Framework which regulated correct and secure transfer of personal data until July 16, 2020. However, since the European Court of Justice declared the agreement to be invalid, the company no longer relies on this agreement, but still acts according to the principles of Privacy Shield.
You always reserve the right to information, correction and deletion of your personal data. Should you have any questions, you can contact the Stripe team. You can delete, deactivate or manage cookies in your browser that Stripe uses for its functions. This works differently depending on which browser you are using. Please note, however, that if you do so the payment process may no longer work. We have now given you a general overview of Stripe’s data processing and retention. If you want more information, see Stripe’s detailed privacy policy is a good source.
The legal basis for the data processing is the fulfillment of the contract according to Article 6(1)(b) GDPR. Therefore, the privacy policy of the respective payment service provider applies.

B. PAYPAL
You can choose to pay using PayPal in our online shop. PayPal is provided by PayPal (Europe) S.à.r.l. & Cie. S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg. If you select PayPal as your payment method, your personal data will automatically be transmitted to PayPal. PayPal acts as an online payment service provider and payment processing takes place directly with PayPal.
We provide PayPal with our Merchant ID so the payment can be transferred to us. The personal data transmitted to PayPal is data related to the relevant order (first name, surname, address, email, IP address) or other data required to process the purchase contract (such as product, period of access, invoice amount, taxes and other billing information). After payment has been made, a feedback message is sent to our website to confirm the payment has been successful.
The buyer can withdraw his or her consent for PayPal to handle personal data at any time. This withdrawal has no effect on the personal data that must be processed, used or transmitted for (contractual) payment processing. The applicable PayPal privacy policy can be found here. We have no knowledge of the storage period at PayPal and no ability to influence it. Paypal does not transmit any of your payment data to us.
The transmission of your data is necessary for payment processing via PayPal and is intended to confirm your identity and to administer your payment order. The legal basis for the aforementioned data processing is the fulfillment of the contract pursuant to Article 6(1)(b) GDPR

27 LINKS
Lengalia might contain links to other internet sites. We are not responsible for the private practices on other internet sites. We encourage our users to read through every privacy setting on every internet site individually before giving away any personal data.

28 AGE LIMIT FOR THE USE OF LENGALIA
The Lengalia offer is not aimed at children under 16 years of age. The Lengalia offer is also not offered to children whose age makes the processing of their personal data illegal or requires the consent of their parents to the processing of their personal data in accordance with the general data protection regulation (GDPR) or other local laws.
It is also pointed out that persons under 18 years of age always require the permission of parents or legal guardians in order to use the service. If you are under 16 years of age, do not provide us with any personal data. If you are a parent of a child under the age limit and you notice that your child has submitted personal data to Lengalia, please contact us using the contact form.

29 DATA SECURITY
Lengalia takes adequate security measures to protect the user's data. When you enter confidential data (e.g. passwords) we encode them by using secure SSL technology. Lengalia employs safety precautions to guarantee that your data are protected against loss, modification or misuse. To this end, Lengalia works with constantly updated firewalls meeting the industry standard as well as other security systems. At the same time, the user should be aware of the fact that one hundred per cent protection against attacks cannot be guaranteed because of the continual appearance of new viruses and other means of attacking the protected data systems of internet services. Lengalia will instigate civil and criminal proceedings against any attack by hackers and the like and will inform the users of any cases in which their data have been compromised.

30 PUBLICATION AND AMENDMENTS
We reserve the right to change our privacy policy. Amendments which are not fundamental become effective right away. Fundamental amendments become effective within 30 days of being published on the Lengalia website. If we make any changes we will make them public and mark the date when the change becomes effective at the top of the website. If we make fundamental changes to these guidelines, we will alert you here, via email, or via an announcement on your homepage. We recommend that you regularly come back to these guidelines and re-read them so that you are always completely informed about our privacy policy.


31 INDIVIDUALS IN THE EEA
Over and above the aforementioned rights, you are entitled to submit a grievance with a relevant authority if you suspect a breach in our personal information handling procedures. We would be grateful if in the first instance you would contact us by email to allow us to investigate any misgivings.


32 CALIFORNIA AND NEVADA RESIDENTS (CCPA)
It is incumbent upon us to provide additional information to residents of California and Nevada regarding how their personal data is used and shared by us. If this applies to you, you may have additional rights regarding the way in which your data is used by us. We have laid out in the following section the details specific to California for your information.
Under certain state laws, the way in which we disclose your personal information could be viewed as a 'sale' of personal information. Those who reside in California or Nevada are entitled to refuse the sale of their personal information. If you are able to provide proof of residency in California or Nevada, you can contact us via email to request you opt-out of any possible future sales under California and Nevada law. You will hear from us regarding your request as soon as is feasibly possible and within no more than 30 days. If we are unable to comply with this time period due to some unforeseen reason, we will inform you of this as soon as possible.
CA Personal Information
We gather specific categories and pieces of data regarding individuals that, in California, are viewed as "CA Personal Information". These are as follows:
. Direct and indirect identifiers such as full name, personal or professional contact details, home address, telephone number, email, unique personal identifier, IP, device and online activity data, sex, demographics, username and password to our website or service;
. Commercial information such as records of products or services purchased or obtained, or purchasing or consuming histories or tendencies;
. The sources from which the data was collected from you and other third parties, as per our Privacy Policy.
Use of CA Personal Information
CA Personal Information may be used by us for business or commercial purposes. Further details can be found in our Privacy Policy.
Use of CA Personal Information Sold or Disclosed For Business Purposes
Within the preceding 12-month period, it is possible that we have “sold” (as per the CCPA) some categories of CA Personal Information or disclosed CA Personal Information for business purposes.
California Consumer Rights
Residents of California may have the following rights to their CA Personal Information (exemptions may apply):
(i) The right to access the CA Personal Information we collect, use, share, or sell;
(ii) The right to deletion of the aforementioned CA Personal Information;
(iii) The right to refuse the sale of the CA Personal Information we hold;
(iv) The right to request details of the CA Personal Information we have "sold" (as per the CCPA) or shared for commercial purposes within the preceding 12-month period.
In compliance with applicable law, it may be necessary for us to retain some CA Personal Information and some specific CA Personal Information is required to allow us to adhere fully to our Privacy Policy.
Exercising California consumer rights
Residents of California who wish to exercise any of these rights must do one of the following:
(a) submit a request via our contact form;
(b) access their account to update any necessary information and/or to submit a request;
(c) contact us as per our Privacy Policy.
Once you have submitted your request, we may ask you to provide further details, such as proof of ID, to allow us to confirm your identity and corroborate your request. We do not accept responsibility for requests that are submitted incorrectly or that do not provide sufficient detail. You will not be discriminated against in the prices or products we offer you as a result of making a request regarding your rights to your CA Personal Information. It is important to remember that you are restricted by law to a certain number of requests per year.
Do Not Sell My Personal Information
If you are resident in California, you have the right to refuse the sale (as per the CCPA) of your CA Personal Information to a third party. Please contact us as per our Privacy Policy if you would like to exercise this right. If you choose to appoint a designated agent to submit a request on your behalf, they must provide us with written confirmation of this fact, including written authorization with your signature, proof of your identity, and confirmation of their identity; or, as required under the California Probate Code, a valid, designated power of attorney. We will contact you if further proof of authority is required or to confirm the request. We will never "sell" the CA Personal Information of persons under the age of 16 without proper, authorized consent.

Last updated and effective as of: January 1, 2021

get help