Privacy policy
Data protection notice in accordance with the GDPR
I. Name and address of the controller
Lomerase GmbH
c/o TreuVision AG
Wilfriedstrasse 12
8032 Zurich
Switzerland
Email: info@lomerase.com
Website: https://lomerase.com/
is the controller within the meaning of the EU General Data Protection Regulation (GDPR) and other national data protection laws.
II. General information about data processing
1. Scope of processing of personal data
As a rule, we collect and use personal data of the users of our home page
only to the extent that this is necessary in order to provide a functional website, our
content and our services.
In principle, the collection and use of personal data of our users only takes place with their consent. An exception to this principle applies in cases where the processing of the data is permitted by law or it is not possible to obtain prior consent for practical reasons.
1. Legal basis for the processing of personal data
Fundamentally, the legal bases for the processing of personal data arise from:
Art. 6 para. 1. (a) GDPR when obtaining consent from the data subject.
Art. 6 para. 1. (b) GDPR in the case of processing carried out for the performance of a contract to which the data subject is party. This includes
processing necessary for the implementation of pre-contractual measures.
Art. 6 para. 1. (c) GDPR in the case of processing necessary for compliance with a legal obligation.
Art. 6 para. 1. (d) GDPR if processing of personal data is necessary in order to protect the vital interests of the data subject or another natural person.
Art. 6 para. 1. (f) GDPR if processing is necessary for the purposes of the legitimate interests pursued by the company or by a third party, except where such
interests are overridden by the interests or fundamental rights and freedoms of the data subject.
2. Data deletion and storage period
The personal data of users will be deleted or blocked as soon as the purpose of the storage no longer applies. Further storage may take place if this has been provided for by the European or national legislator in EU regulations, laws or other regulations to which the controller is subject. Blocking or deletion of the data also takes place if a storage period prescribed by the aforementioned regulations expires, unless a necessity for further storage of the data for the conclusion of a contract or fulfilment of a contract exists.
III. Use of our website, general information
1. Description and scope of data processing
Each time our website is accessed, our system automatically collects data and information from the user’s computer system. The following information is collected:
(1) Information about the browser type and version used
(2) The user’s operating system
(3) The user’s internet service provider
(4) The IP address of the user
(5) Date and time of access
(6) Websites from which the user’s system reaches our website
(7) Websites accessed by the user’s system via our website
The described data is stored in the log files of our system. This data is not stored together with other personal data of the user.
1. Purpose and legal basis for data processing
The temporary storage of the IP address by our system is necessary to enable delivery of the website to the user’s computer. The IP address of the user must remain stored for the duration of the session for this purpose.
The storage in log files takes place to ensure the functionality of the website.
In addition, the data helps us to optimise the website and to ensure the security of our information technology systems. Evaluation of the data for
marketing purposes does not take place in this context.
The legal basis for the temporary storage of data and log files is Art. 6 para. 1. (f) GDPR.
The collection of personal data for the provision of our website and the storage of the data in log files is mandatory for the operation of the website. Therefore, there is no possibility for the user to opt out.
3. Duration of storage
Your data will be deleted as soon as it is no longer necessary to achieve the purpose for which it was collected. If your data is collected to ensure the provision of the website, the data will be deleted when the respective session has ended.
If your data is stored in log files, the deletion takes place after seven days at the latest. Further storage is possible, but the IP addresses of the users are deleted or anonymised in this case. They can thus no longer be assigned to the client accessing the website.
4. General information on the use of cookies
We use cookies on our website. Cookies are text files that are stored on or by the internet browser on the user’s computer system. When you visit a website, a cookie can thus be stored on your operating system. This cookie contains a characteristic string of characters that allows the browser to be uniquely identified when the website is accessed again. We use cookies to make our home page more user-friendly. Some elements of our website require that the browser can be identified even after the page is changed. The following data is stored and transmitted in this case:
(1) Language settings
(2) Items in a shopping basket
The legal basis for the processing of personal data using
cookies arises from Art. 6 para. 1. (f) GDPR. The purpose of the use of the technically
necessary cookies is simplification of the use of our website.
Please note that certain specific functions on our website can only be offered with the use of cookies. These functions are as follows:
(1) Shopping basket
(2) Transfer of language settings
(3) Remembering search terms
We do not use data collected by technically necessary cookies that pertains to users to create user profiles.
Cookies are stored on the user’s computer and transmitted from there to our site. As a user, you therefore have control over the use of cookies.
You can restrict or disable the transmission of cookies by changing the settings of your internet browser. Stored cookies can also be deleted there. Please note that in some cases you will no longer be able to use all the functions of our website if you disable cookies.
IV. Data transfer outside the EU
The GDPR guarantees an equally high level of data protection throughout the European Union. When selecting our service providers, we therefore use
European partners where possible if your personal data is to be processed.
Only in exceptional cases will we allow data to be processed outside the European Union as part of third-party services. We only allow your data to be processed in a third country if the special requirements of Art. 44 et seq. GDPR are met. This means that the processing of your data may then only take place on the basis of special guarantees, such as a level of data protection corresponding to that of the EU officially recognised by the EU Commission or the observance of officially recognised special contractual obligations, known as the ‘Standard Contractual Clauses’.
V. Consent management platform
We have integrated the consent management tool ‘GDPR/CCPA + Cookie Management’ from iSenseLabs (address data and contact data) on our website in order to request consents for data processing or the use of cookies or comparable functions. With the help of ‘GDPR/CCPA + Cookie Management’, you have the opportunity to grant or deny your consent to certain functionalities of our website, e.g. for the purpose of integrating external elements, statistical analysis and personalised advertising. You can grant or deny your consent to all functions or grant your consent to individual purposes or individual
functions. You can also change these settings at a later point in time. The purpose of integrating the consent management platform is to allow the users of our website to make their own decisions on the aforementioned points and to offer the possibility of changing settings previously put in place for further use of our website. In the course of using the consent management platform, personal data and information about the end devices used, such as the IP address, are processed.
The legal basis for processing is Art. 6 para. 1. sub. 1. (c) combined with Art. 6 para. 3. sub. 1 (a) and Art. 7 para. 1. GDPR or alternatively (f). The processing allows us to fulfil our legal obligations (e.g. burden of proof). Our legitimate interests for processing lie in the storage of user settings and preferences with regard to the use of cookies and other functionalities. ‘GDPR/CCPA + Cookie Management’ stores your data as long as your user settings are active. One year after implementation of the user settings, consent is requested again. The implemented user settings are then saved again for the same period of time.
You can find more information on data processing here:
https://gdpr.apps.isenselabs.com/pages/privacy_policy
VI. Your rights / rights of the data subject
According to the EU General Data Protection Regulation, you as a data subject have the following rights:
1. Right to information
You have the right to receive information from us as the controller as to whether and which personal data concerning you is processed by us, as well as further information in accordance with the legal requirements pursuant to Art. 13 and 14 GDPR.
You can assert your right to information via: info@lomerase.com
2. Right to rectification
If the personal data we process concerning you is incorrect or incomplete, you have a right to rectification and/or completion by us. The rectification will take place without delay.
5. Right to restriction
You have the right to restriction of the processing of your personal data in accordance with the statutory provisions (Art. 18 GDPR).
6. Right to erasure
If the reasons set out in Art. 17 GDPR apply, you can request that your personal data be erased immediately.
Please note that the right to erasure does not exist if the processing is necessary for one of the exceptions referred to in Art. 17 para. 3 GDPR.
7. Right to notification
If you have asserted the right to rectification, erasure or restriction of processing, we are obliged to notify all recipients of the personal data concerning you of this correction or erasure of the data or restriction of processing, unless this proves impossible or involves disproportionate effort. You also have the right to be notified about these recipients.
8. Right to data portability
According to the GDPR, you also have the right to receive the personal data you have provided us with in a structured, commonly used and machine-readable format or to request its transmission to another controller.
9. Right to revoke the declaration of consent under data protection law
You have the right to revoke your declaration of consent under data protection law at any time. Please note that by revoking consent, the lawfulness of the processing carried out on the basis of the consent provided up until the revocation is not affected.
10. Right to object
Furthermore, you have the right, on grounds relating to your particular situation, to object at any time to the processing of personal data concerning you on the basis of Art. 6 para. 1 (e) and (f) GDPR.
11. Automated individual decision-making, including profiling
Under the EU General Data Protection Regulation, you also have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or affects you in a similarly significant way.
12. Right to lodge a complaint with a supervisory authority
If you believe that the processing of your personal data violates the GDPR, you ultimately have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your whereabouts, your place of work or the place of the alleged infringement.
VII. Electronic contact
If you wish to contact us, you will find a contact form on our home page, which you can use to contact us electronically. The data entered in the input mask will be transmitted to us and stored. This data is:
(1) First and last name
(2) Email address
(3) Message
At the time of sending the message, the following data is also stored:
(1) The IP address of the user
(2) Date and time of the sending process
It is also possible to contact us via the email address provided. In this case, the user’s personal data transmitted with the email will be stored.
Your data is not transferred to third parties in this context; the data is used exclusively for the processing of the communication.
The standard legal basis for the processing of the contact request and its completion is Art. 6 para. 1 sub. 1 (b) GDPR, as well as Art. 6 para. 1 sub. 1 (f) GDPR.
If personal data is processed during the sending process,this only takes place to prevent misuse of the contact form and to ensure the security of our information technology systems.
Your data will be deleted as soon as it is no longer necessary to achieve the purpose for which it was collected. For the personal data from the input mask of the contact form and that sent by email, this is the case when the respective conversation with the user has ended. The conversation is considered to have ended if it can be inferred from the circumstances that the matter in question has been conclusively clarified.
The additional personal data collected during the sending process will be deleted after a period of seven days at the latest. If the process is based on the legal basis of Art. 6 para. 1 sub. 1 (f) GDPR (legitimate interest), you can object to the storage of your personal data at any time. However, please note that in this case the conversation cannot be continued. All personal data stored in the course of contacting us will be erased in this case.
VIII. Shop and customer orders
You have the option to order our goods and services directly on our home page. In the course of the order process, we process the following data provided by you when placing the order:
(1) First and last name
(2) Email address
(3) Password
(4) First and last name for the delivery or billing address
(5) Company
(6) Street address
(7) Postcode and city
(8) Country
(9) Telephone number
At the time of placing the order, the following data is also stored:
(1) IP address of the user
(2) Date and time of the order
If you want to order from our shop, it is necessary for the conclusion of the contract that you provide the personal data we need to process your order.
For the operation of our online shop, we use Shopify, a service of Shopify Inc., 126 York Street, Suite 200, Ottawa, ON, Canada, K1N 5T5. Shopify provides an e-commerce platform through which we offer our goods for sale. The data provided as part of the order process is stored on a Shopify server in the USA. Further information can be found in Shopify’s privacy policy under http://www.shopify.com/legal/privacy.
Within our company, access to your data is granted to those departments that need it to fulfil our contractual and legal obligations. Service providers and vicarious agents used by us may also receive data for these purposes.
In particular, these are the following companies:
service providers for order processing, logistics, IT services, tax consultants, marketing.
We use the payment service provider Stripe Payments Europe Ltd. (1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland) for payment processing. In this context, the information you provide during the order process, together with the information about your order (name, address, account number, sort code, credit card number if relevant, invoice amount, currency and transaction number) will be passed on in accordance with Art. 6 para. 1 sub. 1 (b) GDPR. Your data will be passed on exclusively for the purpose of payment processing by the payment service provider Stripe Payments Europe Ltd. and only to the extent that it is necessary for this purpose.
Stripe may transfer, process and store personal data outside the EU. In this context, Stripe undertakes to ensure appropriate guarantees in accordance with Art. 46 GDPR in the form of Standard Contractual Clauses (see https://stripe.com/privacy-center/legal#data-transfers). In addition, we have agreed an order processing contract with Stripe.
Due to commercial and tax regulations, we are obliged to store your address, payment and order data for a period of ten years. However, after six years we will restrict the processing, i.e. your data will only be used to comply with legal obligations. To prevent unauthorised access to your personal data by third parties, in particular to financial data, the order process takes place via an encrypted connection.
IX. Google Tag Manager
This website uses Google Tag Manager. Google Tag Manager is a solution that allows marketers to manage website tags via an interface. The Tag Manager tool itself (which implements the tags) is a cookie-free domain and does not collect any personal data. The tool triggers other tags, which in turn may collect data. Google Tag Manager does not access this data.
If a deactivation has been carried out at the domain or cookie level, it will remain in place for all tracking tags implemented with Google Tag Manager. The legal basis for the use of the technically necessary cookie is the legitimate interest of the website operator in accordance with Art. 6 para. 1 sub. 1 (f) GDPR.
For more information, see the provider’s terms of use on: https://www.google.com/intl/de/tagmanager/use-policy.html
X. Web analytics
1. Use of Google Analytics
This website uses Google Analytics, a web analysis service from Google Inc. (‘Google’). Google Analytics uses ‘cookies’, which are text files that are stored on your computer to help the website analyse how you use the site.
The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there. However, if IP anonymisation is activated on this website, your IP address will be shortened by Google beforehand within member states of the European Union or in other signatory states of the Agreement on the European Economic Area.
Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide the website operator with other services related to website activity and internet usage. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.
This website uses Google Analytics with the extension ‘_anonymizeIp()’. As a result, IP addresses are further processed in truncated form, so that they cannot be linked to a particular individual. Insofar as the data collected about you can be linked to you personally, this will be excluded immediately and the personal data will be erased without delay. We use Google Analytics to analyse and regularly improve the usability of our website. The statistics obtained allow us to improve what we offer and make it more interesting for you as a user. The legal basis for the use of Google Analytics is Art. 6 para. 1 sub. 1 (a) GDPR.
You can prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by downloading and installing the browser plug-in available via the following link: http://tools.google.com/dlpage/gaoptout?hl=de.
Details of the third party: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1)436 1001. Terms of use:
http://www.google.com/analytics/terms/de.html, data protection overview:
http://www.google.com/intl/de/analytics/learn/privacy.html, and privacy policy: http://www.google.de/intl/de/policies/privacy.
2. Facebook Pixel
In addition, the website uses the remarketing function ‘Custom Audiences’ from Facebook Inc. (‘Facebook’). As a result, users of the website can be presented with interest-based advertisements (‘Facebook ads’) when visiting the social network Facebook or other websites that also use this function. Our aim here is to show you advertising that is of interest to you in order to make our website more interesting for you.
Due to the marketing tools used, your browser automatically establishes a direct connection to the Facebook server. We have no influence on the scope and the further use of the data collected by Facebook through the use of this tool and thus provide you with information based on the knowledge we have: through the integration of Facebook Custom Audiences, Facebook receives the information that you have accessed the corresponding page of our website or have clicked on an advertisement from us. If you are registered with a Facebook service, Facebook can assign the visit to your account. Even if you are not registered on Facebook or are not logged in, there is the possibility that the provider will identify and store your IP address and other identification features.
The Facebook Custom Audiences function can be disabled at any time via our consent management platform and for logged-in users via https://www.facebook.com/settings/?tab=ads#_.
The legal basis for the processing of your data is Art. 6 para. 1 sub. 1 (a) GDPR.
Further information on data processing by Facebook can be found on https://www.facebook.com/about/privacy.
XI. Social media presence
We maintain fan pages on various social networks and platforms with the aim of communicating with the customers, interested parties and users who are active there and to inform them about our services via those channels. Please note that your personal data may be processed outside the European Union in this context, meaning that risks may arise for you (for example in the enforcement of your rights under European/German law).
As a rule, data from users is processed for market research and advertising purposes. For example, user profiles may be created from the usage behaviour and resulting interests of users. These user profiles can, in turn, be used to place advertisements within and outside the platforms that are intended to correspond to the interests of the users.
For these purposes, cookies that record the user behaviour and interests of the users are usually stored on users’ computers. Furthermore, data can also be stored in the user profiles regardless of the devices utilised by the users (in particular if the users are members of the respective platforms and are logged in to them).
The processing of users’ personal data is based on our legitimate interests in effectively informing users and communicating with users in accordance with Art. 6 para. 1 (f) GDPR. If the users are asked by the respective providers for consent to data processing (i.e. declare their consent, e.g. by ticking a checkbox or clicking a confirmation button), the legal basis for the processing is Art. 6 para. 1 (a), Art. 7 GDPR. Further information on the processing of your personal data and your options for objection can be found via the links to the respective provider listed below. The informational and other rights of the data subjects can also be asserted against the providers, who have direct access to the data of the users and have corresponding information. Of course, we are available to answer any questions you may have and support you if you need help.
Provider:
Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland
Privacy policy: https://www.facebook.com/about/privacy/
Opt-out: https://www.facebook.com/settings?tab=ads and http://www.youronlinechoices.com
Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA
Privacy policy / Opt-out: http://instagram.com/about/legal/privacy/
Google/YouTube
Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
Privacy policy: https://policies.google.com/privacy
Opt-out: https://adssettings.google.com/authenticated
Pinterest Inc., 635 High Street, Palo Alto, CA, 94301, USA
Privacy policy / Opt-out: https://about.pinterest.com/de/privacy-policy
XII. Integration of third-party content
On the basis of your consent (in accordance with Art. 6 para. 1 (a) GDPR), we integrate content from other websites on various subpages. This makes it possible to access the excerpts, contributions and, in particular, videos, directly on our website. In this context, we integrate content from the social media providers listed in section XII. Only when you have given your consent will the data referred to in section II be transferred. We have no influence over this data transfer.
By visiting the website, the respective provider receives the information that you have accessed the corresponding subpage of our website. This takes place regardless of whether you have a user account with the provider through which you are logged in or whether no user account exists. If you are logged in, your data will be assigned directly to your account. If you do not wish to be associated with your profile, you must log out before activating the content or giving your consent. The respective provider stores your data as a user profile and uses it for the purposes of advertising, market research and/or the needs-based design of its website. This type of evaluation takes place in particular (even for users who are not logged in) for the provision of needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles; to assert this right, please contact the respective providers. The relevant contact details and links to further information can be found in section XII.
XIII. Integration of Google Fonts
On the basis of our legitimate interests pursuant to Art. 6 para. 1 (f) GDPR, we integrate the fonts (‘Shopify Fonts’) from the provider Shopify Inc., 126 York Street, Suite 200, Ottawa, ON, Canada, K1N 5T5. The aim is the optimisation and economic operation of our home page. Further information can be found on http://www.shopify.com/legal/privacy and http://www.shopify.com/legal/terms.