Our privacy statement

We would like to thank you for your interest in our company.
The protection of your data is of particularly high significance for us.

1. General information

The processing of your personal data is carried out in line with the EU General Data Protection Regulation and with the country-specific data protection provisions that are applicable for us. With our privacy statement, we would like to inform you among others about the collection and storage of personal data, about the type and the purpose of their use, the legal basis that is respectively decisive for this purpose as well as about the rights to which you are entitled.

This privacy statement can, for example, be supplemented or changed in future owing to statutory requirements. Therefore, please inform yourself regularly about the current status. The respective current privacy statement can be retrieved by you and printed out on our website at all times.

2. Name and contact data of the party responsible for the processing

This privacy statement shall apply to the data processing by:

Responsible party:

LEON Institute of Applied Analytics and Research GmbH
Am Steinernen Kreuz 7
D-96110 Scheßlitz
Phone: 0049 (0) 95 42 - 94 12-80
Fax: 0049 (0) 95 42 - 94 12-89
E-mail: info@leon-analytics.com

3. Name and contact data of our external data protection officer

Stephan Eschenbacher,

acting for business purposes under Eschenbacher IT-Consulting & Service
Eckenstraße 50
90480 Nuremberg
Tel.: +49 (0) 911/40 18 23
Fax: +49 (0) 911/40 18 25
mail: se@eschenbacher-it.de
Website: http://www.eschenbacher-it.de/home.html

4. Definitions

In our privacy statement, we use among others the following terms, which we would like to explain below:

a) Personal data
Personal data is all information, which refers to an identified or identifiable natural person (hereinafter "data subject"). A natural person will be seen as identifiable, who can be identified directly or indirectly, in particular by means of allocation to an identifier such as a name, a code number, to location data, to an online code or to one or several special features, which are an expression of the physical, physiological, genetic, mental, financial, cultural or social identity of this natural person.

b) Data subject
The data subject is each identified or identifiable natural person, whose personal data is processed by the party responsible for the processing.

c) Processing
Processing is each activity carried out with or without the help of automatic processes or each such series of activities in connection with personal data, such as the collection, the entry, the organisation, the classification, the storage, the adjustment or change, the reading out, the query, the use, the disclosure by transmission, distribution or another form of provision, the comparison or the linking, the limitation, the deletion or the destruction.

d) Limitation to processing
Limitation to the processing is the marking of stored personal data with the aim to limit their future processing.

e) Profiling
Profiling is each type of automatic processing of personal data, which consists of the fact that this personal data is used in order to assess certain personal aspects, which refer to a natural person, in particular in order to analyse or foresee aspects with regard to work performance, financial position, health, personal preferences, interests, reliability, conduct, place of abode or change in location of this natural person.

f) Pseudonymisation
Pseudonymisation is the processing of personal data in a manner in which the personal data can no longer be allocated to a specific relevant person without involving additional information, insofar as this additional information is stored separately and is subject to technical and organisational measures, which guarantee that the personal data is not allocated to an identified or identifiable natural person.

g) Responsible party or party responsible for processing
Responsible party or party responsible for the processing is the natural person or legal entity, authority, institution or other body, which solely or jointly with others decides about the purposes and means of the processing of personal data. If the purposes and means of this processing are stipulated by Union law or the law of the member state, the responsible party or the certain criteria of his naming can be envisaged according to Union law or the law of the member states.

h) Contract processor
The contract processor is a natural person or legal entity, authority, institution or other body, which processes personal data by order of the responsible party.

i) Recipient
A recipient is a natural person or legal entity, authority, institution or other body, to which personal data is disclosed, irrespective whether said recipient is a third party or not. Authorities, which possibly receive personal data within the scope of a certain investigation order according to Union law or the law of the member states, are, however, not deemed recipients.

j) Third party
A third party is a natural person or legal entity, authority, institution or other body except the relevant person, the responsible party, the contract processor and the persons, who under the direct responsibility of the responsible party or the contract processor are authorised to process the personal data.

k) Consent
A consent is each announcement of intent voluntarily submitted by the relevant person for the certain case in an informed manner and unmistakeably in the form of a declaration or any other clear confirming act, with which the relevant person gives to understand that he agrees with the processing of the personal data relating to them.

l) Breach of the protection of personal data
Breach of the protection of personal data is a breach of the security, which leads to the destruction, the loss or the change, whether unintentionally or unlawfully or for the unauthorised disclosure of respectively for the unauthorised access to personal data, which were transmitted, stored or were processed in any other manner.

5. Collection and storage of personal data as well as the type and purpose of their use

a) when visiting our website

When viewing our website, information will be automatically sent to the server of our website by the browser used on your terminal device. This information is temporarily stored in a so-called logfile. The following information is entered hereby without any action on your part and is stored until the automatic deletion after you leave our website:

  • IP address of the requesting computer

  • Date and time of the access

  • Name and URL of the called file

  • Website from which the access is carried out (Referrer-URL)

  • Used browser and, if applicable, the operating system of your computer as well as the name of your access provider

The stated data is processed by us for the following purposes:

  • Guarantee of the establishment of a smooth connection of the website

  • Guarantee of an easy use of our website

  • Evaluation of the system security and stability as well

  • for further administrative purposes

The legal basis for the data processing is Art. 6 Para. 1 S. 1 lit. f GDPR. Our legitimate interest is derived for the purposes listed above for the data collection. In no way do we use the collected data for the purpose of drawing conclusions about your person.

b) when you contact us by e-mail or via our contact form

We collect personal data when you communicate this to us voluntarily when contacting us by e-mail at info@leon-analytics.com or via a contact form. Which data is collected, can be seen from the input form. We use the data communicated by you for processing your enquiries and for the contract processing. After the full processing of your enquiry or after the full processing of the contract or after deletion of your user account, your data will be blocked for further use and deleted after expiry of the storage deadlines under tax and commercial law, insofar as you have not explicitly consented to a further use of your data or we reserve the right to a data use beyond this, which is permitted by law and regarding which we inform you below.

The data processing for the purpose of contacting us or in case of concerns of a user account with us is carried out according to Art. 6 Para.

The data processing is carried out according to Art. 6 Para. 1 S. 1 lit. a GDPR based on your voluntarily granted consent or according to Art. 6 Para. 1 S. 1 lit. b DSG for the fulfilment of the contract.

You can object to the storage and use of your data for these purposes at all times by a message to the contact possibilities stated above under Sub-clause 1.

c) Information relating to electronic post (e-mail)

The data transfer in the internet (e.g. with the communication by e-mail) can feature security gaps. Information, which you send to us non-encrypted by electronic post (e-mail) to us, can be read, stored and be used for other purposes than those intended by third parties while en route. Therefore, please do not send any confidential information without using an encryption programme.

d) Other forwarding of data

A transmission of your personal data to third parties for other purposes than those purposes listed below will not take place.

We will only forward your personal data to third parties, if:

  • You have granted your explicit consent hereto according to Art. 6 Para. 1 S. 1 lit. a GDPR,

  • the forwarding according to Art. 6 Para. 1 S. 1 lit. f GDPR for the assertion, exercising or defence of legal claims is necessary and there is no reason to assume that you have an overriding interest that is worthy of protection in not forwarding your data,

  • for the event that a statutory obligation exists for the forwarding according to Art. 6 Para. 1 S. 1 lit. c GDPR, as well as

  • this is permitted by law and according to Art. 6 Para. 1 S. 1 lit. b GDPR is necessary for the processing of contractual relationships with you.

6. Cookies

Like many other websites, we also use "cookies", small text files, which make it possible to store specific information relating to the device on the access device of the user (PC, tablet, smartphone). They serve, on the one hand, to make our website more user-friendly and thus serve the user, on the other hand, however for the statistical entry of the data of the website use and, therefore, the improvement of our offer. Several of the cookies used by us will be deleted again after the end of the browser session, thus after closing your browser, so-called session cookies. Other cookies will remain on your terminal device and enable us to recognise your browser with the next visit, persistent cookies.

As a user, you can influence the use of cookies. The majority of browsers have an option, with which the storage of cookies can be reduced or prevented completely. However, we would like to point out that the use and the comfort of use on our website can be restricted by excluding cookies.

Detailed information regarding cookies

You will find detailed information regarding cookies, e.g. how you can determine, which cookies were set and how you can deal with this and can delete these on the following site: http://www.allaboutcookies.org/ge/

You can find further information on deleting cookies in standard browsers here:

The legal basis for the data processing, i.e. for the use of so-called cookies, is Art. 6 Para. 1 S. 1 lit. f GDPR. Our legitimate interest is derived from our interest in the user-friendliness of our website and in the improvement of our offer.

7. Use of Matomo (formerly Piwik)

Our website uses Matomo, an Open-Source-Software for the statistical evaluation of the user accesses. Matomo uses cookies, which are stored on your access device and enable an analysis of the use of the website by the user.

The information generated by the cookie regarding the use of our offer is stored on the server of the provider in Germany. The IP address will be anonymised immediately after the processing.

Matomo supports the "Do Not Track" process of current web browsers. If you generally want to prevent the analysis of your web behaviour, we recommend you to activate this option in your browser.

You can obtain information regarding the data protection of Matomo under: https://matomo.org/privacy-policy/.

The legal basis for the use of Matomo is Art. 6 para. 1 clause. 1 lit. f GDPR. We have a legitimate interest in the statistical evaluation of the user accesses for the optimisation of our web presence.

8. Applications and application process

We collect and process the personal data of applicants for the purposes of conducting the application process. Data processing may also occur through electronic channels. This is particularly the case if a candidate sends us their relevant application documents through electronic channels e.g. by email or through the online form located on our website.

If we conclude an employment contract with a candidate, the data transferred will be saved for the purposes of executing the employment relationship in accordance with legal provisions.

If we do not conclude an employment contract with a candidate, the application documents will be automatically deleted 6 months after notification of the negative decision, insofar as deletion does not contradict any other justified interests for the data controller within the bounds of Art. 6Para. 1S 1 lit f. GDPR. Other justified interests in this sense could be for example a reporting obligation in a lawsuit according to the General Act on Equal Treatment (AGG).

The legal basis for the processing of your data in the application process is your consent, Art. 6 Para. 1 lit. a GDPR. The legal basis for the use of your data for the purposes of executing the employment contract is Art. 6 Para. 1 lit b GDPR.

9. Rights of data subjects

You have the right:

  • pursuant to Art. 15 GDPR, to request information about your personal data processed by us. In particular you can request information about the processing purposes, the category of the personal data, the categories of recipients, towards whom your data were or will be disclosed, the planned storage duration, the existence of a right to rectification, deletion, limitation to the processing or objection, the existence of a right to lodge a complaint, the origin of the data, insofar as these were not collected in our company, as well as regarding the existence of an automatic decision-making including profiling and, if applicable, feasible information relating to their details;

  • pursuant to Art. 16 GDPR, to request without delay the rectification of incorrect or completion of your personal data stored in our company;

  • pursuant to Art. 17 GDPR, to request the deletion of your personal data stored in our company, insofar as the processing is not necessary to exercise the right to free expression of an opinion and information, to fulfil a legal obligation, for reasons of the public interest or in order to assert, exercise or defend legal claims;

  • pursuant to Art. 18 GDPR, to request the limitation to the processing of your personal data, insofar as the accuracy of the data is disputed by you, the processing is unlawful, However, you refuse their deletion and we no longer require the data, However, you require these in order to assert, exercise or defend legal claims or you have filed an objection against the processing pursuant to Art. 21 GDPR;

  • pursuant to Art. 20 GDPR, to request to receive your personal data, which you have provided to us, in a structured, common and machine-readable format or the transmission to another responsible party;

  • pursuant to Art. 7 Para. 3 GDPR, to revoke your once granted consent at all times towards us.

  • pursuant to Art. 77 GDPR, to complain irrespective of a legal remedy otherwise under administrative law or in court at a supervisory authority, in particular in the member state of your customary place of abode, your workplace or the location of the presumed breach. A list of the supervisory authorities with the respective contact data can be seen from the following link: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.

10. Right of objection

If your personal data is processed owing to legitimate interests pursuant to Art. 6 Para. 1 S. 1 lit. f GDPR, you are entitled pursuant to Art. 21 GDPR to file an objection against the processing of your personal data, insofar as reasons exist for this, which arise from your special situation or the objection is directed against direct advertising. In the latter case, you have a general right of objection that will be implemented by us without stating a special situation.

Would you like to exercise your right of revocation and /or objection, an e-mail to info@leon-analytics.com is sufficient.

11. Data security

Our website uses, for reasons of security, an SSL (Secure Socket Layer) encryption. Whether an individual site of our internet presence is transmitted encrypted, you can recognise by the fact that the address line of the browser changes from "http://" to "https://" and on the closed presentation of the key or lock symbol in the status bar of your browser.

We further use suitable technical and organisational security measures in order to protect your data against accidental or wilful manipulation, partial or full loss, destruction or against the unauthorised access of third parties. Our security measures are continuously improved in line with the technological development.

We are very accurate.

LEON® Institute of Applied Analytics and Research GmbH