Our Data Protection Practices
Lemox GmbH
-
Lemox GmbH
Datenschutz
DownloadPrivacy Policy
With this privacy policy, Lemox GmbH ("Lemox") informs you about the handling of your personal data. Lemox is represented by the managing director Roland Furler. You can access and print the current privacy policy at www.lemox.net/page/datenschutz.
General Information
1. Scope of Application
These data protection provisions apply to the use of the website www.lemox.net and when you visit Lemox' social media sites and use the services offered there.
If you visit a website other than www.lemox.net, the data protection provisions of the respective website operator apply. This also applies if Lemox refers to the website of third parties via a link or linked button, e.g. to our social media sites (Facebook, LinkedIn etc.). Lemox recommends that you inform yourself about the handling of personal data on the linked websites.
2. Collection and Storage of Personal Data
When you visit the website or Lemox' social media presences and/or utilise Lemox services, we collect, store and process personal data:
When you visit the website, the browser used on your end device automatically sends information to the website server. Lemox automatically stores the IP address shortened by the last three digits, the name and version of the browser you are using, the operating system used, the name and URL of the file accessed, the website from which the access is made (‘referrer URL’) and the date and duration of your visit. This information is stored temporarily in a log file without any action on your part until it is automatically deleted. Log files serve as a source of information for analysing errors in the event of a system crash and for reconstructing lost data. They can also be used to analyse reach. The legal basis for this type of data processing is Art. 6 para. 1 sentence 1 lit. f GDPR. The legitimate interests pursued by Lemox are, in particular, ensuring a smooth connection to the website, ensuring convenient use of the website, statistical evaluation using a pseudonym in order to optimise our website, evaluation of system security and stability and other administrative purposes. In addition, Lemox collects the personal data that you provide to Lemox when you register as a project developer (issuer) or investor or as part of an enquiry. This includes the following data in particular: Name, date of birth, e-mail address, address (billing address and, if applicable, different delivery address), optional telephone number and bank details. Lemox also stores the password, which you can choose freely. The password is not stored in plain text, but only as a so-called hash value. The collection and processing of this data is necessary for the execution and processing of the services offered and contracts concluded via the website (Art. 6 para. 1 subpara. 1 lit. b or f GDPR) or justified by our legitimate interest in the outsourcing of tasks (Art. 6 para. 1 subpara. 1 lit. f GDPR). The company commissioned by Lemox has access to the collected data, but may not use it for purposes other than the execution and processing of the services offered via the website. You can access your contract data at any time in your user account on the website and adjust data.
Use of Your Data
3 Use and Disclosure of Your Data
Lemox uses your personal data to perform and process the services offered and contracts concluded via the website and our social media presences and to answer your questions. Lemox uses data that is automatically logged using cookies when you use the website to enable you to use the website and the services offered on it for the administration and optimisation of the website and the services offered via it (Art. 6 para. 1 subpara. 1 lit. f GDPR, § 25 para. 2 no. 2 TDDDG). If you have consented to this, Lemox also analyses the data using a pseudonym for statistical and advertising purposes (Art. 6 para. 1 subpara. 1 lit. a GDPR, Section 25 para. 1 TDDDG). Lemox will only pass on your data to third parties if this is necessary for the provision of services, for billing purposes, for processing the contractual relationship existing between you and Lemox or the investment contract existing between you and a third party (Art. 6 para. 1 subpara. 1 lit. b GDPR) or for statistical evaluation (Art. 6 para. 1 subpara. 1 lit. f GDPR). Furthermore, Lemox may pass on your data to third parties to protect legitimate interests (Art. 6 para. 1 subpara. 1 lit. f GDPR) or on the basis of a legal regulation. The recipients include: Issuers, IT service providers, e.g. cloud, hosting, software as a service providers; customer service providers; marketing and advertising service providers, in particular in the area of email marketing and for the placement of personalised advertisements; credit institutions and payment services, e.g. for the collection of a fee and fraud prevention; insurance companies; service providers for fraud prevention and risk analysis; authentication/identity verification service providers to verify your identity and prevent fraudulent activities; third parties involved in legal proceedings if they provide us with a legal order, a court order or an equivalent legal order. Where processing is necessary for the purposes of legitimate interests, such as the use of IT services, Lemox's legitimate interest is to outsource functions. In addition, your personal data will be passed on or transmitted if this is required by law (Art. 6 para. 1 subpara. 1 lit. c GDPR). In particular, Lemox passes on the data required for the conclusion of the investment contract (name, address, profile information) to the issuer and - in a mirror image - the required data of the issuer (name, address, consumption) to you. Third parties commissioned by Lemox will handle your personal data in accordance with these data protection provisions and the relevant data protection laws and will not pass it on to third parties. Lemox engages service providers as contract data processors for the processing of contracts concluded via the website. These service providers are given access to the personal data required for processing. In addition, your data will only be passed on or transmitted if you have given your consent (Art. 6 para. 1 subpara. 1 lit. a GDPR). In individual cases, Lemox may be legally obliged to provide information about your personal data by order of the competent public authority (Art. 6 para. 1 subpara. 1 lit. c GDPR). If you apply as a project developer (issuer), we process your personal data with your consent in order to consider you for a project tender and, if necessary, to contact you by email or telephone for this purpose (Art. 6 para. 1 subpara. 1 lit. a GDPR). The data will be stored until you withdraw your consent. You can find out how to revoke your consent in the corresponding section of our privacy policy.
We use your uploaded documents to prepare and facilitate the conclusion of the contract between you and the issuer more easily and quickly (Art. 6 para. 1 sentence 1 lit. b DSGVO). For this purpose, the data may be made available to a data processor. If a contract is actually concluded, we are also obliged to retain the documents for 6 years (Art. 6 para. 1 sentence 1 lit. c DSGVO in conjunction with § 257 HGB and § 147 AO). Otherwise, the data will be deleted after a period of 30 days.
3. Advertising, Newsletter
Lemox also uses the data you provide to inform you about offers from Lemox and investment projects. The newsletter is sent by email only with your prior explicit consent (Art. 6 para. 1 sentence 1 lit. a DSGVO), and by post only as long as you have not objected to the use of your data. To receive the newsletter from Lemox, you need a valid email address. Email dispatch will start only after you click on the confirmation link sent to the provided email address. No further data is collected by Lemox. The data collected in this way is not matched with data that may be collected by other components of the website.
Lemox evaluates the behavior of the recipients of its emails based on pseudonymous usage statistics. For this purpose, the emails contain so-called web beacons or tracking pixels and links, each associated with an individual ID. This allows Lemox to track the time of opening and forwarding the email, as well as clicking the links contained therein, data such as the IP address (to determine the location of retrieval), and the email program used. This data is not linked to your email address or other personal data, making it impossible for Lemox to directly relate it to a person. The evaluation is based on aggregated usage statistics (e.g., delivery rate, open rate, click rate, number of forwards, number of clicks on the links contained in the email, country of retrieval). Only in case of cancellations or failed deliveries does Lemox additionally receive information about the name and email address. This is (also) in your interest so that we can promptly remove you from our email distribution list or resolve the delivery issue. It is not possible to revoke consent solely for newsletter tracking. If you do not wish to be tracked, you must cancel or withdraw your newsletter subscription. The pseudonymous evaluation of usage behavior serves to review the success of email marketing and continuously improve it. Lemox's legitimate interest in this data processing is the best possible marketing of its platform and the investment projects offered there. The legal basis is Art. 6 para. 1 sentence 1 lit. a DSGVO.
For the dispatch and evaluation of emails, Lemox uses Zoho, a service provided by Zoho Corporation, 4141 Hacienda Drive, Pleasanton, California 94588, USA (“Zoho”).
The data processed during the dispatch and evaluation of emails may also be processed on Zoho’s servers in the USA, China, and India. The legal basis for data processing is Art. 6 para. 1 sentence 1 lit. a DSGVO, meaning your consent. Using Zoho may require the transfer of your personal data to the USA, China, and India. These countries, according to the European Court of Justice, do not have data protection standards equivalent to EU standards. Therefore, Lemox has secured guarantees for the protection of your data through the conclusion of so-called Standard Contractual Clauses in accordance with Art. 46 para. 2 lit. c DSGVO (Data Processing Agreement). To obtain a copy of this agreement, please contact Lemox. Nevertheless, there is a risk, according to data protection authorities, that your data may be processed by authorities in these third countries for control and monitoring purposes, possibly without legal remedies. By consenting to receive the newsletter, you agree, pursuant to Art. 49 para. 1 sentence 1 lit. a DSGVO, that your data may be processed in the USA, China, or India despite this risk. Zoho acts as a data processor for Lemox. For more information, please refer to Zoho's privacy policy (https://www.zoho.com/privacy.html).
5. No Obligation to Provide Personal Data
If Lemox asks you to provide personal data, you can, of course, refuse. However, this may mean that Lemox cannot provide you with certain website functions, answer your inquiries, or conclude a contract by using Lemox's services. This particularly applies if the data is necessary for Lemox's newsletter service or for establishing, conducting, and ending a business relationship or if Lemox is legally obliged to collect data.
Security and Contact Persons
6. Data Subject Rights
You can request information (Art. 15 DSGVO) from Lemox at any time about the data stored concerning your person or email address, correct this data (Art. 16 DSGVO), block it (Art. 18 DSGVO), or have it deleted (Art. 17 DSGVO). You also have a right to data portability in accordance with Art. 20 DSGVO. The restrictions under §§ 34 and 35 BDSG apply to the right of access and the right to deletion. You also have the right to object to data processing (Art. 21 DSGVO):
Right to Object under Art. 21 DSGVO
You have the right, for reasons arising from your particular situation, to object at any time to the processing of personal data concerning you, which is carried out based on Art. 6 para. 1 sentence 1 lit. e (public safety) or lit. f (balance of interests) DSGVO; this also applies to profiling based on these provisions. Lemox will no longer process this data unless there are compelling legitimate grounds for the processing which override your interests, rights, and freedoms, or for the establishment, exercise, or defense of legal claims.
Lemox / legal Lemox / legal 100% 10 B54 If Lemox processes your personal data for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for such marketing; this also applies to profiling insofar as it is related to such direct marketing. If you object to processing for direct marketing purposes, Lemox will no longer process your personal data for these purposes. If Lemox processes your personal data for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for such marketing; this also applies to profiling insofar as it is related to such direct marketing. If you object to processing for direct marketing purposes, Lemox will no longer process your personal data for these purposes. Turn on screen reader support To enable screen reader support, press Ctrl+Alt+Z To learn about keyboard shortcuts, press Ctrl+slash
Please contact support@lemox.net or write to Lemox GmbH, Opernplatz 14, 60313 Frankfurt am Main, to exercise all these rights. You also have the right to lodge a complaint with a supervisory authority, particularly in the EU member state of your residence, workplace, or the location of the alleged infringement, if you believe that the processing of your personal data violates the DSGVO or other applicable laws.
7. Responsible Entity
The responsible entity for collecting, processing, and using your data is: Lemox GmbH, represented by Managing Director Roland Furler, Opernplatz 14, 60313 Frankfurt am Main, commercial register number: HRB 131820, email: info@lemox.net.
You can reach Lemox's data protection officer at datenschutz@lemox.net.8. Security
Lemox takes security seriously and is very interested in further improving the security of your data. Your personal data is transmitted encrypted. Lemox uses the TLS (Transport Layer Security) technology for communication via your internet browser. You can recognize this by the lock symbol in your web browser's address bar. In addition, Lemox secures the website and other systems through technical and organizational measures against loss, destruction, access, modification, or distribution of your data by unauthorized persons. If you have any suggestions for improving security, please contact Lemox's security officer at security@lemox.net.
9. Withdrawal of Your Consent
If you have consented to the processing of your personal data by Lemox (Art. 6 para. 1 sentence 1 lit. a DSGVO), you can withdraw your consent at any time. In this case, please write an email to support@lemox.net or send a letter to Lemox GmbH, Opernplatz 14, 60313 Frankfurt am Main. Please note that the legality of the data processing carried out based on your consent up to the point of withdrawal remains unaffected. If you have registered to receive the newsletter, your consent will be recorded. You can also end the subscription to the newsletter at any time by clicking on the “unsubscribe from newsletter” field in the newsletter. In this case, your email address will be removed from the newsletter distribution list, or the withdrawal of your consent will be recorded in the customer area of the website.
10. Deletion of Your Data
Lemox and the service providers used by Lemox delete the recorded and collected data as soon as and as far as legally required. If Lemox processes data based on your consent, Lemox will retain this data for as long as the processing of your personal data is necessary according to your consent. Logfiles are generally deleted after the end of the respective browser session, usually after seven days, at the latest after thirty days, unless their further storage is exceptionally required and lawful. The storage duration of cookies depends on the individual case and is usually between twelve and 24 months. For more information, please visit our Cookie Preference Center.
11. Automated Decision-Making
Lemox generally does not use fully automated decision-making according to Art. 22 DSGVO. Should Lemox use these procedures in individual cases, Lemox will inform you separately if this is legally required.
Cookies and Third-Party Software
12. Cookies
Lemox uses so-called cookies and similar technologies on this website. Cookies are small text files that your internet browser places and stores on your computer. Pixel tags are small graphic files that are often used in conjunction with cookies (cookies and pixel tags are collectively referred to as “cookies” below). Depending on the cookie, different data is collected.
Lemox uses various types of cookies, depending on the storage duration and who sets them on Lemox's website:
Session cookies that only exist for the duration of a browser session and are deleted when you close your browser.
Persistent cookies that are stored on your device last longer than a visit and help Lemox store information, settings, preferences, or login data that you have previously saved.
First-party cookies that are set and controlled by Lemox as the website operator.
Third-party cookies that are set by another provider on the website. Lemox also uses cookies from third parties to collect analysis data, advertising, and marketing activities.
Lemox also distinguishes between technically necessary cookies, web analytics cookies, tracking cookies for advertising purposes, and cookies for integrating external content.
Technically necessary cookies are absolutely essential to enable you to use the website and the services offered on it. In this purpose lies Lemox's legitimate interest in data processing; the legal bases are Art. 6 para. 1 sentence 1 lit. f DSGVO, § 25 para. 2 no. 2 TDDDG. Technically necessary cookies include information about your browser, network, and device; websites you access via this website; and your IP address. Technically necessary cookies are usually only stored on your device as long as your browser is active and, unless otherwise indicated, are deleted after the end of the respective browser session.
Web analytics cookies and tracking cookies for advertising purposes are used by Lemox only to the extent that you consent to them via the cookie banner by clicking "Accept All" or by accepting individual cookies under "Settings." The legal basis for data processing is then Art. 6 para. 1 sentence 1 lit. a DSGVO or § 25 para. 1 TDDDG. You can revoke your consent at any time by changing your preferences under the "Cookie Settings" link, which you can always find in the footer of the website.
Lemox also uses plugins and cookies to integrate external content (e.g., maps, videos, and video players) offered by third parties or published by Lemox on social media platforms (“embedded content”), so that they can be used directly on Lemox's website.
Only if you consent (Art. 6 para. 1 sentence 1 lit. a DSGVO or § 25 para. 1 TDDDG) on Lemox's website by clicking "Accept" in the cookie banner, or by expressly allowing the service in the settings or by clicking a button and thereby activating the map, does the third party receive the information that you have accessed the corresponding subpage of Lemox's website. In addition, further data is transmitted to the servers of the third party. This applies regardless of whether you have a user account with the third party or are logged in there. If you are logged into your account and use the embedded content, your data will be directly linked to your account. If you do not want your data to be linked to your account, you must log out before visiting Lemox's website.
The third party can store your data as usage profiles and use it for advertising, market research, and/or design of its website in line with requirements. Such evaluation is carried out in particular to provide personalized advertising and inform other users of the social network about your activities on Lemox's website. You have the right to object to the creation of these user profiles, which you must assert with the responsible third party. Lemox has no influence on the data transmission and processing by the third party.
The legality of the processing carried out based on your consent until revocation remains unaffected.
You can also prevent the use of cookies by setting your web browser so that it does not accept new cookies, notifies you of new cookies, or deletes all cookies already received. Help for changing settings can be found in your web browser's help function or at www.allaboutcookies.org. Please note that some features of the website are only available when cookies are used.
Details about the individual cookies (e.g., cookie provider, specific purpose, storage duration) can be found in our Cookie Preference Center. Please note that when using these cookies, data may be transferred to third countries outside the EU, particularly to the USA. Details on this can be found in our Cookie Preference Center and the section under point 15 below.13. Use of Cloudinary
To optimize our images in real-time, we use Cloudinary. As soon as you visit a page on Lemox's website containing content displayed via Cloudinary, a connection to Cloudinary's server is established. This transfers your IP address, among other things, to Cloudinary (Cloudinary Inc., 111 W Evelyn Ave Suite 206, Sunnyvale, California 94086, USA). Cloudinary has certified under the EU - U.S. Data Privacy Framework to ensure an adequate level of data protection for data transfers to the USA. You can view the certificate here: https://www.dataprivacyframework.gov/list. In addition, Lemox has entered into a data processing agreement (“Data-Processing-Addendum”) with Cloudinary that includes the EU Standard Contractual Clauses. The data processing by Cloudinary is for the purpose of providing you with optimized content. This is also in Lemox's legitimate interest. The legal basis is Art. 6 para. 1 sentence 1 lit. f DSGVO. For more information on data protection, please refer to Cloudinary's privacy policy: https://cloudinary.com/privacy. Data protection questions at Cloudinary are answered at privacyshield@cloudinary.com.
Social Media and Third Countries
14. Social Media Appearances
Lemox has various social media presences. There, Lemox publishes and shares recommendations, content, competitions, and offers.
When you visit the social media presence, the social media provider processes information about you. For more information on data processing, please refer to the respective social media provider's privacy policy listed below. Some social media providers also offer the option to object to certain data processing. Please note that according to the social media providers, user data may also be processed in the USA or other third countries. Meta, LinkedIn, and X have certified under the EU - U.S. Data Privacy Framework to ensure an adequate level of data protection for data transfers to the USA. You can view the certificates here: https://www.dataprivacyframework.gov/list.Platform Postanschrift Link zur Datenschutzerklärung Facebook Meta Platforms Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Irland https://www.facebook.com/about/privacy/ Instagram Meta Platforms Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Irland https://instagram.com/about/legal/privacy LinkedIn LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Irland https://www.linkedin.com/legal/privacy-policy X (Twitter) 1355 Market St #900, San Francisco, CA 94103, USA https://twitter.com/de/privacy 14.1 Insights
Meta (Facebook, Instagram) and LinkedIn collect your user behavior data when you visit the social media presence using cookies and similar technologies and provide Lemox with this information in anonymized form as statistics (so-called Insights). This gives Lemox insights into how the social media presences are used, which topics are particularly popular, and what interests Lemox's social media presence visitors have. This allows Lemox to optimize the social media presence and better cater to the audience's interests. Lemox has no access to the personal data used by Meta or LinkedIn to create this information. Meta and LinkedIn select and prepare the data for insights independently of Lemox.
Lemox is jointly responsible with Meta and LinkedIn for collecting your data and processing it to provide insights but not for further processing of this data by the social media providers. Lemox has concluded the following agreements with Meta (https://de-e.facebook.com/legal/terms/page_controller_addendum) and LinkedIn (https://legal.linkedin.com/pages-joint-controller-addendum), which specify which company fulfills which data protection obligations when processing personal data for insights. According to these agreements, Meta and LinkedIn agree to fulfill user requests regarding your data subject rights. This means you can contact Meta (Facebook, Instagram) or LinkedIn directly for information and deletion requests. An overview of the key points of the Meta agreement can be found here: https://www.facebook.com/legal/terms/information_about_page_insights_data. Information about your data subject rights can be found in the respective privacy policies:
Meta: https://www.facebook.com/privacy/policy
LinkedIn: https://de.linkedin.com/legal/privacy-policy.14.2 Contact
If you communicate directly with Lemox via a social media presence or share personal content with Lemox, Lemox is responsible for processing your data. The purpose of the data processing is to communicate with you. Lemox also uses the information you provide for marketing purposes. The legal basis for data processing is Lemox's legitimate interest pursuant to Art. 6 para. 1 sentence 1 lit. f DSGVO, to contact inquiring persons and further develop its offerings.
15. Transfer to Third Countries
As described above, personal data is partially transferred to third countries, countries outside the European Union (EU) or the European Economic Area (EEA). Transfers to third countries are made only if permitted under the conditions of Art. 44 ff. DSGVO.
The legal basis for such data transfers is sometimes an adequacy decision. This applies, for example, to the transfer of data to Canada.
Data is also sometimes transferred to the USA and other third countries. These countries do not have data protection laws equivalent to the DSGVO. Therefore, Lemox has secured the necessary guarantees for the protection of your data in these countries and has concluded standard contractual clauses with the respective recipients. The binding text of these standard contractual clauses, as stipulated by the EU Commission, can be found at https://eur-lex.europa.eu/legal-content/DE/TXT/?uri=celex%3A32010D0087. You can request a copy of the measures taken by contacting Lemox at the above contact details. Some of the service providers used by Lemox have certified under the EU - U.S. Data Privacy Framework to ensure an adequate level of data protection for data transfers to the USA. You can view the certificates here: https://www.dataprivacyframework.gov/list. Lemox points this out at the relevant place in these privacy policies.