The protection of your personal data is a top priority for us. Our Data Protection Terms (Website) informs you about the type, extent and purpose of the collection, processing and use of your personal data on our website. You can also review or download our Terms and Conditions of (Commissioned) Data Processing, our IT Security Guideline and our List of Subcontractual Processors. Our Definitions in Legal Documents also apply to these documents.
Notice to our customers
From May 25, 2018, the EU-wide General Data Protection Regulation (GDPR) becomes binding.
If through using our services (hosting, software as a service, consulting, maintenance and support) you, as our customer within the scope of the GDPR, transmit personal data to LucaNet or make such data accessible to LucaNet, it is required by law that processing by LucaNet occurs solely on the basis of a contract or other legal instrument.
Unless we have already reached a written agreement with you with regard to data processing, or you have reached another agreement with us, our privacy conditions (for commissioned data processing) supplementary to existing contracts between yourself and LucaNet for the use of our services come into effect from May 25, 2018.
In particular, these Conditions define our obligations so that you can continue to employ LucaNet as a contractor (“processor”, within the meaning of EU GDPR), even after the new data protection regulation comes into effect.
If you are not in agreement with our terms and conditions, or should you have any questions, please get in touch with us at: firstname.lastname@example.org.
Data Protection Terms (Website)
1 Basic Principles
We collect, process, and use your personal data in compliance with the applicable data protection regulations.
Personal data include any information that relates to an identified or identifiable natural person. This includes, for example, your name, your address, your e-mail address and your telephone number.
Within the meaning of the applicable provisions of data protection law, the data controller for collection, processing, use, access, revocation, and deletion in connection with your personal data is:
Phone: +49 30 469910-0
Fax: +49 30 469910-29
2 Scope of Data Collection, Processing, and Use
When you access our web pages, LucaNet receives access data that is stored for security purposes and generally enables identification. This includes the names of the web pages accessed, the date and time of access, the volume of data transferred, notification of successful retrieval, the browser type and version, the user‘s operating system, the referrer URL (the previous page visited), and the requesting provider. LucaNet assesses these data (known as the click path), which enables us to optimize our Internet presence and better personalize our content.
It is not necessary for you to provide us with any personal data, such as your name or your e-mail address, just to visit our Website.
If you provide us with personal data, we collect, process, and use this information only for the purposes of providing our Website and the services offered on it. In addition, we collect, process, and use your personal data only if you have explicitly given your consent for us to do so.
3 Transfer of Personal Data to Third Parties
Any transfer of personal data beyond that scope will be considered only if there exists the legal authority to do so or such transfer is necessary for the enforcement of LucaNet’s rights, particularly for the enforcement of its claims resulting from the contractual relationship.
Sharing of personal data with partners
On our websites, we may occasionally offer content that has been created by one or more of our partner companies. If you are interested in accessing or downloading such content, we always ask you to enter your personal data in an input mask and send it to us in advance as part of the access or download process.
The data we collect that way are your first name, last name, e-mail address, name of your company, and in some cases also your phone number and job title.
If you send us your data in the above-mentioned way, we reserve the right to pass them on to those partner companies whose information you are interested in. This allows the respective partner company to get in touch with you. In this context, your data may also be transferred to the USA.
You can find a list of our partner companies here:
The legal basis for the described processing of your data is Art. 6 para. 1 sentence 1 lit. a) GDPR (consent to the processing) or, with regard to the transfer of your data to the USA, Art. 49 para. 1 sentence 1 lit. a GDPR (explicit consent).
4 Contact Forms
You can use the contact forms provided on our Website to contact us directly or to request current information from us. We collect, process, and use the information you provide by means of a contact form for the exclusive purpose of processing your request.
If you register for one of our newsletters, we collect, process, and use the information you enter to send the newsletter in question. By registering, you consent to receiving the newsletter and to the process described in the following.
Our newsletter registration process comprises a double-opt-in procedure. After registration, you will receive an e-mail requesting that you confirm your registration. Newsletter registrations are logged so that proof of the registration process is retained. For this purpose, the time of registration, time of confirmation, and IP address are stored.
However, you have the option to revoke your consent at any time for sending the newsletter by terminating the relevant newsletter subscription. You can revoke your consent by sending an e-mail, postal letter, personally delivered letter, or fax to LucaNet (see the data controller details above). You can unsubscribe from any newsletter using the link provided at its end.
The use of e-mail marketing service providers, the collection of statistics and their analysis, and the logging of the log-in process is made on the basis of our legitimate interests in accordance with Article 6(1)(f) of the GDPR. Our aim is to provide a user-friendly and secure newsletter system that serves our business interests and meets the expectations of users.
6 Observance of Do Not Track
We observe the Do Not Track feature in your browser. If Do Not Track is activated, tracking by third parties will be deactivated and web fonts from external resources will not be embedded.
Please note that turning off cookies completely may cause malfunctions when using our Website and may also not reliably prevent the transfer of data to Google Analytics. We therefore advise using your browser’s Do Not Track (DNT) option. DNT is either a button in your program settings, or a module that needs to be additionally installed (‘add-on’ or ‘plug-in’). If this option is activated, your browser will indicate to our web server that you do not want tracking measures without your explicit consent. As a result, all of our tracking functions will be deactivated automatically on the server side. This also means that our Website will be delivered free of code for Google Analytics. This guarantees the best possible data protection without you needing to take further measures in relation to our Website.
7.1 Types of Cookies
The following types of cookies may be used on our Website:
- Required cookies: These cookies are necessary and are always used to make it easy for you to navigate our Website and make use of its special functions (when accessing password-protected areas, for example). Without these cookies, we are unable to provide you with certain services when requested. We also use necessary cookies to uniquely identify and log attempts to access our Website, which helps safeguard our ability to provide our services.
- Tracking cookies: The use of these cookies is optional and requires your prior consent. Providing your consent essentially enables us to present external content relevant to you (such as videos, maps, and job advertisements) in more attractive ways on our Website, make ongoing improvements to the site using anonymized usage data and analyses, and display relevant advertisements and other content on our partners’ websites based on pseudonymized information.
7.2 Consent to the Use of Tracking Cookies
We will use tracking cookies only if you have actively consented to their use. When visiting our Website, active consent can be granted by either clicking “I Agree” in the cookie notice that appears, or by adjusting the Website’s cookie settings accordingly (via the link in the footer) and then saving them. This agreement is logged and results in the storage of a corresponding cookie.
7.3 Opt-out on the Website (in Browser Settings)
The following sections provide further details on the cookies used in specific cases and the respective ways to opt out.
8 Google Analytics
This Website uses Google Analytics, a web analysis service by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter “Google”).
For more information on the terms and conditions of use and on data protection, visit https://policies.google.com/privacy or https://support.google.com/analytics/answer/6004245. Please note that on this Website, Google Analytics is supplemented by the code gat._anonymizeIp(); to ensure that IP addresses are collected in anonymized form (IP masking).
We also use Google Analytics for analyzing data from AdWords and the DoubleClick cookie for statistical purposes. If you wish, you can deactivate this using the Ad Preferences Manager at https://support.google.com/ads/answer/2662922.
9 Google Remarketing
10 Google Ads
We use Google’s advertising tool Google Ads to promote our Website. In this context, we use Google’s conversion tracking analysis service on our Website. If you access our Website by clicking on a Google advertisement, a cookie is stored on your computer. These cookies, known as conversion cookies, expire after 30 days and do not serve to identify you. If you access certain pages on our Website and the cookie has not yet expired, we and Google can recognize that you, the user, have clicked on an advertisement that we placed with Google and were forwarded to our Website.
The information obtained using conversion cookies allow Google to generate visitor statistics for our Website. These statistics tell us the total number of users who have clicked on our advertisements and also which pages on our Website were then accessed by which user. Neither we nor other Google AdWords advertisers receive information with which users can be personally identified.
You can prevent conversion cookies from being set by making the appropriate settings in your browser, for example by deactivating the automatic saving of all cookies, or just cookies from the domain googleadservices.com.
Google’s data protection notice for this is located at https://services.google.com/sitestats/en.html.
11 Google Tag Manager
Our Website makes use of Google Tag Manager, which is a solution from Google Inc. that enables companies to manage website tags through an interface. Google Tag Manager is a cookie-free domain that does not collect any personal data. We expressly point out here that Google Tag Manager does, however, trigger other tags that may collect information. Google Tag Manager does not access this information. If a given user has opted for deactivation at the domain or cookie level, this will apply to all tracking tags implemented using Google Tag Manager.
12 YouTube (Privacy-Enhanced Mode)
To embed videos on our website, we use the plug-ins of the video portal Vimeo on the legal basis of the GDPR (Article 6(1)(1)(f)). They are provided by Vimeo, Inc. (555 West 18th Street, New York, NY, 10011, USA). If you visit one of our websites that contains one or more embedded Vimeo videos, a direct connection will be established between your browser and Vimeo's servers. The Vimeo server in question will receive information about which LucaNet sites you have visited. Your IP address will also be stored.
This information will also be transmitted to Vimeo and stored in the United States if you interact with the embedded Vimeo plug-in (by clicking the start button on a video, for example). This is done with your express consent (Article 49(1)(1a) GDPR). If you have a Vimeo user account and are logged in when visiting our website, Vimeo will associate this information with your personal account. You can prevent this association by logging out of your Vimeo account and deleting the corresponding cookies from your browser before using our website.
When you register for a webinar, the following information is required to aid the registration process:
- First name, last name
- E-mail address
- Street name and number, town, and postal code
- Phone number
To provide each webinar, we transfer e-mail address, first name, and last name to Citrix. Aggregated statistical data are provided to LucaNet when the webinar is complete. If you ask a question during a webinar, we also receive information on the question asked such as first name, last name, and e-mail address to further process your inquiry when the webinar is complete. LucaNet is the data controller for data stored at and by LucaNet in the course of this process.
If you register to take part in a webinar, you will receive additional information and reminders about the event by e-mail before and after the event.
15 Career Tool
In the context of our recruiting process we cooperate with Personio GmbH and utilize their human resources administration software “Personio”. In the event you decide to participate in our recruiting process or you proactively apply for an officially offered position at LucaNet, you finally will be routed to the Personio software. At Personio your personal data will be processed under the following prerequisites.
In particular, the following data is collected during this process:
- Name (first and last names)
- E-mail address
- Phone number
- LinkedIn profile (optional)
- Channel through which you found us
Furthermore, you can choose to upload expressive documents such as a cover letter, your CV and reference letters. These may contain additional personal data such as date of birth, address etc.
Only authorized HR staff and/or staff involved in the application process have access to your data.
The personal data is stored, as a rule, exclusively for the purpose of filling the vacancy for which you have applied.
Your data will be stored for a period of 90 days after the application process has been concluded. This is done to fulfill legal requirements and/or defending ourselves against any claims arising from legal provisions. After this period, we are obligated to delete or anonymize your data. In case of anonymization, the data will only be available to us in the form of so-called metadata, without any direct personal reference, for statistical analysis (for example, share of male and/or female applicants, number of applications per specified period of time etc.).
Furthermore, we reserve the right to store your data for 180 days after the application process has been concluded for the purpose of adding it to our Talent Pool in order to identify any other vacancies that may be of interest to you. This includes, for example, applications for apprenticeships or internships. By accepting the data privacy statement, you consent to any further storage of your data as well as its inclusion in our Talent Pool.
Should you be offered and accept a position with us during the application process, we will store the personal data collected as part of the application process for at least the duration of your employment.
Disclosure of data to third parties
Data transmitted as part of your application will be transferred using TLS encryption and stored in a database. This database is operated by Personio GmbH, which offers a human resource and applicant management software solution (https://www.personio.com/legal-notice/). In this context, Personio is our data processor under article 28 of the GDPR. In this case, the processing is based on an agreement for the processing of orders between us as the data controller and Personio.
Rights of data subjects
If we as the data controller process personal data, you as the data subject have certain rights under Chapter III of the EU General Data Protection Regulation (GDPR), depending on the legal basis and the purpose of the processing, in particular the right of access (article 15 of the GDPR) and the rights to rectification (article 16 of the GDPR), erasure (article 17 of the GDPR), restriction of processing (article 18 of the GDPR), and data portability (article 20 of the GDPR), as well as the right to object (article 21 of the GDPR). If the personal data is processed with your consent, you have the right to withdraw this consent under article 7 III of the GDPR.
To assert your rights as a data subject in relation to the data processed during this online application process, please refer to our Data Protection Officer respectively data protection related contact option mentioned on our website.
Legal Basis of data processing
Provided, you submit your personal data to us within the application process, the legal basis for the processing by the Personio software is Art. 6 (1)(1a) GDPR (consent to the processing).
Our online academy, with its online programs, uses the blink.it app, a service of blink.it GmbH & Co. KG, Robert-Bosch-Straße 7, 64293 Darmstadt, Germany. We have put our e-learning programs online using the blink.it app. These programs can be viewed by entering the activation key sent by us and your e-mail address.
We use the LinkedIn Insight Tag and the retargeting function from LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland (hereinafter “LinkedIn”). By using the retargeting technology, users of the LucaNet Website can be shown personalized advertisements on LinkedIn. Furthermore, the LinkedIn Insight Tag makes it possible to generate anonymous reports on the performance of advertisements, in addition to information about interaction with websites. The LinkedIn Insight Tag is embedded in our Website and generates a unique LinkedIn browser cookie on the visitor’s browser. It enables the following data to be collected: Metadata (such as IP address, time stamp, page-related events such as page views) and demographic information from the user’s LinkedIn profile. Data is collected as soon as a user visits the LucaNet Website with an embedded member cookie from LinkedIn.com. The data collected is encrypted and anonymized within seven days, with the anonymized data being deleted within 90 days. LinkedIn does not share any personal data with the Website owner, but provides only summarized reports about the target group for the Website and advertising performance.
You can prevent the storage of cookies using a browser setting. You can deactivate the LinkedIn Insight Tag and the retargeting function by opting out at the following link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out. If you are a LinkedIn member, you should click on “Opt Out on LinkedIn”. Other visitors should click on “Opt Out”.
For more information on data protection at LinkedIn, see: https://www.linkedin.com/legal/privacy-policy.
You may object to the storage of a user profile and the storage of information about your visit to our Website by Hotjar, in addition to the setting of Hotjar tracking cookies on other websites. Please use the following link to do so: https://www.hotjar.com/legal/compliance/opt-out.
19 Microsoft Ads (formerly Bing Ads)
To advertise our website, we use Microsoft Ads, which is a service provided by the Microsoft Corporation (One Microsoft Way, Redmond, WA, 98052-6399, USA). Our use of this service involves the collection and storage of data, which then serve as a basis for creating usage profiles under pseudonyms. The service enables us to track the activities of users of the search engine Bing or its partner sites on our website (“Universal Event Tracking”) when they have come to our website via advertisements from Microsoft Ads. If an advertisement of this kind brings you to our website and you consent to your data being processed (in accordance with Article 6(1)(1a) GDPR), a cookie will be stored on your end device for 13 months. Data collected through Universal Event Tracking are transmitted to Microsoft servers in the United States on the basis of your previously provided express consent (Article 49(1)(1a) GDPR). They become invalid after 180 days and cannot be used to identify you personally.
Under certain circumstances, Microsoft can also track your usage behavior across several of your electronic devices (“cross-device tracking”), which enables it to display personalized advertising on Microsoft websites and in Microsoft apps. You can prevent Microsoft from collecting and processing your data in this way by setting an opt-out cookie at the following website: http://choice.microsoft.com/opt-out.
For more information on data privacy in connection with Microsoft and Bing, please refer to Microsoft's data privacy statement (https://privacy.microsoft.com/en-us/privacystatement).
Our partner website (partner.lucanet.com) is hosted by Impartner, an external service provider, located at 10619 South Jordan Gateway, Ste. 130 South Jordan, Utah, 84095 United States (hereinafter “Impartner”). When you access sections of our Website and the incorporated external content, we first check whether you have consented to the use of tracking cookies on our Website. If this is the case, a connection to Impartner will be set up when you access our website and data will be transmitted on the legal basis of your express consent (Article 49(1)(1a) GDPR). Otherwise, a notice that describes how you can activate the cookies required to view the external content in question will be displayed on our Website in place of said content.
The following registration processes are carried out via Impartner:
- Registration of new LucaNet partners
- Registration of leads (interested parties of the partner)
If you supply us with personal or company-related data during the registration process via Impartner, these data are classified as one of the following data types or data categories for collection, processing, and/or use:
- Personal data (first name, last name, job role)
- Communication data (telephone number, e-mail address, preferred language)
- Company data (company name, address, website, number of employees, number of customers, sales markets, business model)
The data you provide will be processed and transmitted to us by Impartner on servers in the USA. We will use your data exclusively to process the registration for a partnership (on the basis of your consent pursuant to Article 6(1)(a) of the GDPR) or to process the registration of leads (Article 6(1)(b) of the GDPR). Your data will be stored for the duration of the contractual relationship. This does not apply where precluded by statutory regulation requiring the continued storage for purposes of the production of evidence or where you have expressly consented to longer-term storage. Only persons involved in the registration processes gain knowledge of your data or of the data of your leads. All employees tasked with processing the data are obligated to treat your data or the data of your leads confidentially. We will not transfer your data or the data of your leads to third parties unless you have consented to such transfer or we are obligated to transfer the data by law and/or by administrative order or court order.
On the basis of a separate agreement on order processing (commissioned data processing), Impartner will collect, process and use your personal data and data on your leads on our behalf in accordance with the relevant statutory requirements. This does not involve the transfer of your personal data or data of your leads to third parties within the meaning of data protection law. We, LucaNet AG, remain responsible under data protection law.
We use the G2Crowd retargeting function on our website - G2Crowd, Inc. 20 N. Wacker Drive, Suite 2050, Chicago, IL 60606, USA (hereinafter "G2Crowd"). G2Crowd is a review platform for software. Using retargeting technology, we can assign visits to the LucaNet Website based on redirects from G2Crowd accordingly based on your consent (Article 6(1)(1a) GDPR). For this purpose, a tag is embedded in our Website and generates a unique G2Crowd browser cookie on the visitor’s browser. It allows the capture of metadata (such as host name, timestamp, page events such as page views). The captured data is transferred in encrypted form to a G2Crowd server in the USA, anonymized within seven days, and the anonymized data is deleted after 13 months. Article 49(1)(1a) GDPR serves as the legal basis for your express consent to the transfer of these data.
You can prevent the storage of cookies via a browser setting. For more information on data protection at G2Crowd, please visit: https://www.g2.com/static/privacy.
This information is stored for as long as the data are processed in accordance with the stated purposes. You can stop the processing of these data by preventing the storage of cookies in the browser by selecting an appropriate setting.
We use Leadfeeder's data processing tool on our website, which is operated by Liidio Oy, Mikonkatu 17, 0100 Helsinki, Finland. It is SaaS (Software as a Service) and provides companies with information about visitors to their website.
In this function, Leadfeeder is based on the tracking of company IP addresses. A tracking code is placed on our website, which then allows Leadfeeder to identify the business IP addresses of our website visitors. Leadfeeder matches the identified business IP address against a global database of companies and business information. The information collected by the tracking code is deleted after two years. The premature deletion of the data can be requested from email@example.com. After deletion, the data remains in the system for seven days due to backups.
25 XING Events
For the registration to some of our events "XING Events" can be used, a service of New Work SE (c/o XING Events) Sandstraße 33, 80335 Munich, Germany. For this purpose, we have integrated a corresponding plug-in from XING into our website. When purchasing tickets or registering, XING collects the requested data from participants and then transmits it to us as the organizer. If registration takes place via "XING Events", you can log in to your XING account during the registration process (not necessary) so that you can fill out the registration form more quickly. First and last name, company affiliation, valid e-mail address and address are collected. We use your data exclusively for processing the registration for an event (based on your consent pursuant to Art. 6 (1) lit. a DSGVO). Your transmitted data will be deleted after the end of the event.
26 Microsoft Bookings
For the online appointment arrangement, we use the Microsoft Bookings service of the provider Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18 D18 P521 (hereinafter: "Microsoft").
The legal basis for the processing of your data in relation to the Microsoft Bookings service is Art. 6 (1)(1a) GDPR (consent to the processing) or, with regard to the transfer of your data to the US, Art. 49 (1)(1a) GDPR (explicit consent). We expressly point out that you are not obliged to use the Microsoft Bookings service to arrange an appointment. If you do not wish to use the Microsoft Bookings service, you can alternatively choose another contact option offered on our website to make an appointment.
27 Rights of Data Subjects
27.1 Rights of Withdrawal and Objection
Independent of the information provided above, you can object to the use of your data and revoke any related consent you have granted at any time (right of revocation pursuant to Art. 7, para. 3 of GDPR).
If you revoke your consent to having your data processed or object to how your data is being used, this will not affect the legality of any data processing that has taken place up to that point (right of objection pursuant to Article 21 GDPR).
27.2 Rights to Rectification, Erasure, Blocking, and Restriction
In addition, you can have the data that is collected and stored by LucaNet corrected, blocked, or deleted at any time. Here, we wish to make it clear that in some situations, our legal obligations may require us to continue storing your data; in such cases, the data in question will only be blocked (right to rectification pursuant to Article 16, right to be forgotten pursuant to Article 17, and right to restriction of processing pursuant to Article 18 GDPR).
27.3 Right of Data Portability, Right to Lodge a Complaint with a Supervisory Authority
As of May 25, 2018, you will have the right to data portability (pursuant to Article 20 GDPR) and the right to lodge a complaint with the supervisory authority responsible (pursuant to Article 77 GDPR).
27.4 Right to Data Access
You are entitled to know which of your personal data we have stored (right of data access pursuant to Art. 15 of GDPR).
28 Contact Person for Data Protection
For questions on the collection, processing, or use of personal data; for requests for information; or for corrections, erasure, or blocking of data and the revocation of consent granted, data subjects you can contact LucaNet AG’s data protection officer
Phone: +49 30 469910-0
Last updated: Nov 25, 2021