Privacy Policy

Introduction and Overview

We have created this privacy policy (version 01/12/2026-313094548) to explain to you, in accordance with the requirements of the General Data Protection Regulation (EU) 2016/679 and applicable national laws, which personal data (in short “data”) we process as data controllers — as well as the data our commissioned processors (e.g. providers) process — will process in the future, and what lawful choices you have. The terms used should be understood as gender-neutral.

In short: we provide you with comprehensive information about data we process about you.

Privacy policies usually sound very technical and use legal jargon. This privacy policy, however, aims to describe the most important things to you as simply and transparently as possible. Where it aids transparency, technical terms are explained in a reader-friendly way, links to further information are provided, and graphics are used. We thus inform you in clear and simple language that, within the scope of our business activities, we only process personal data when there is a corresponding legal basis. That is surely not possible if one gives the briefest, unclear, and legal-technical explanations, as is often standard on the internet when it comes to data protection. We hope you find the following explanations interesting and informative, and that perhaps there is some information here you did not already know.

If you still have questions, we ask you to contact the responsible party named below or in the legal notice, follow the existing links, and look at further information on third-party pages. You will of course also find our contact details in the legal notice (Impressum).

Scope

This privacy policy applies to all personal data processed by us within the company and to all personal data processed by companies we have commissioned (processors). By personal data we mean information within the meaning of Art. 4 No. 1 GDPR, such as a person’s name, email address, and postal address. The processing of personal data ensures that we can offer and bill for our services and products, whether online or offline. The scope of this privacy policy includes:

  • all online presences (websites, online shops) that we operate
  • social media presences and email communication
  • mobile apps for smartphones and other devices

In short: this privacy policy applies to all areas in which personal data is processed in a structured manner within the company via the channels named. Should we enter into legal relationships with you outside these channels, we will inform you separately if applicable.

Legal Bases

In the following privacy policy, we provide you with transparent information about the legal principles and provisions — that is, the legal bases of the General Data Protection Regulation — that enable us to process personal data.

Regarding EU law, we refer to REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016. You can of course read this EU General Data Protection Regulation online at EUR-Lex, the access point to EU law, at https://eur-lex.europa.eu/legal-content/EN/ALL/?uri=celex%3A32016R0679.

We process your data only if at least one of the following conditions applies:

  • Consent (Article 6(1)(a) GDPR): You have given us your consent to process data for a specific purpose. One example would be the storage of data you entered into a contact form.
  • Contract (Article 6(1)(b) GDPR): We process your data to fulfill a contract or pre-contractual obligations with you. For example, if we conclude a purchase agreement with you, we need personal information beforehand.
  • Legal obligation (Article 6(1)(c) GDPR): We process your data when we are subject to a legal obligation. For example, we are legally required to retain invoices for accounting purposes. These usually contain personal data.
  • Legitimate interests (Article 6(1)(f) GDPR): In the case of legitimate interests that do not restrict your fundamental rights, we reserve the right to process personal data. For example, we must process certain data in order to operate our website securely and economically. This processing is thus a legitimate interest.

Other conditions, such as the performance of tasks in the public interest and the exercise of official authority, as well as the protection of vital interests, generally do not apply to us. Should such a legal basis nevertheless be relevant, it will be indicated at the appropriate place.

In addition to the EU regulation, national laws also apply:

  • In Austria, this is the Federal Act on the Protection of Individuals with regard to the Processing of Personal Data (Datenschutzgesetz), or DSG for short.
  • In Germany, the Federal Data Protection Act (Bundesdatenschutzgesetz), or BDSG, applies.

Should further regional or national laws apply, we will inform you in the following sections.

Contact Details of the Controller

Should you have questions about data protection or the processing of personal data, you will find below the contact details of the controller pursuant to Article 4(7) of the EU General Data Protection Regulation (GDPR):

LM Solutions S.à r.l.
13, Rue Lydie Schmit
8242 Mamer

Legal notice: lm-solutions.lu/imprint

Data Retention Period

It is a general criterion for us that we store personal data only as long as is absolutely necessary to provide our services and products. This means that we delete personal data as soon as the reason for the data processing no longer exists. In some cases, we are legally obligated to store certain data even after the original purpose has ceased to apply — for example, for accounting purposes.

Should you wish for your data to be deleted, or should you revoke your consent to data processing, the data will be deleted as quickly as possible, provided there is no obligation to store it.

We inform you further below about the specific duration of the respective data processing, insofar as we have further information about this.

Rights Under the General Data Protection Regulation

Pursuant to Articles 13 and 14 GDPR, we inform you of the following rights, which are granted to you to ensure fair and transparent processing of data:

  • Under Article 15 GDPR, you have a right of access to find out whether we process data about you. If so, you have the right to receive a copy of the data and to learn the following information:
    • the purpose for which we carry out the processing;
    • the categories, i.e. the types, of data being processed;
    • who receives this data, and, if the data is transferred to third countries, how security can be guaranteed;
    • how long the data will be stored;
    • the existence of the right to rectification, erasure, or restriction of processing, and the right to object to processing;
    • that you can lodge a complaint with a supervisory authority (links to these authorities can be found below);
    • the origin of the data, if we did not collect it from you;
    • whether profiling is carried out, i.e. whether data is automatically evaluated to arrive at a personal profile of you.
  • Under Article 16 GDPR, you have a right to rectification of the data, meaning we must correct data if you find errors.
  • Under Article 17 GDPR, you have the right to erasure (“right to be forgotten”), which specifically means you may demand the deletion of your data.
  • Under Article 18 GDPR, you have the right to restriction of processing, meaning we may only store the data further but not otherwise use it.
  • Under Article 20 GDPR, you have the right to data portability, meaning that upon request we will provide you with your data in a common format.
  • Under Article 21 GDPR, you have a right to object, which, once exercised, results in a change to the processing.
    • If the processing of your data is based on Article 6(1)(e) (public interest, exercise of official authority) or Article 6(1)(f) (legitimate interest), you may object to the processing. We will then examine as quickly as possible whether we can legally comply with this objection.
    • If data is used to conduct direct marketing, you may object to this type of data processing at any time. We will then no longer use your data for direct marketing.
    • If data is used to carry out profiling, you may object to this type of data processing at any time. We will then no longer use your data for profiling.
  • Under Article 22 GDPR, under certain circumstances you have the right not to be subject to a decision based solely on automated processing (e.g. profiling).
  • Under Article 77 GDPR, you have the right to lodge a complaint. This means you can complain to the data protection authority at any time if you believe that the processing of personal data violates the GDPR.

In short: you have rights — do not hesitate to contact the responsible party listed above!

If you believe that the processing of your data violates data protection law, or that your data protection rights have otherwise been violated, you can lodge a complaint with the supervisory authority. For Austria, this is the Data Protection Authority (Datenschutzbehörde), whose website you can find at https://www.dsb.gv.at/. In Germany, there is a data protection officer for each federal state. For further information, you may contact the Federal Commissioner for Data Protection and Freedom of Information (BfDI).

Security of Data Processing

To protect personal data, we have implemented both technical and organizational measures. Wherever possible, we encrypt or pseudonymize personal data. In doing so, we make it as difficult as possible, within our means, for third parties to draw personal conclusions from our data.

Art. 25 GDPR refers to this as “data protection by design and by default,” meaning that both in software (e.g. forms) and hardware (e.g. access to server rooms), security is always considered and appropriate measures are taken. Below, where necessary, we go into specific measures.

TLS Encryption via HTTPS

TLS, encryption, and HTTPS sound very technical, and they are. We use HTTPS (Hypertext Transfer Protocol Secure) to transmit data over the internet in a way that cannot be intercepted.

This means that the entire transmission of all data from your browser to our web server is secured — no one can “listen in.”

In doing so, we have introduced an additional layer of security and fulfill the requirement of data protection by design (Article 25(1) GDPR). Through the use of TLS (Transport Layer Security), an encryption protocol for secure data transmission over the internet, we can ensure the protection of confidential data.

You can recognize the use of this secured data transmission by the small padlock symbol in the upper left of the browser, to the left of the web address (e.g. examplepage.com), and by the use of the “https” scheme (instead of “http”) as part of our web address.

If you would like to know more about encryption, we recommend searching Google for “Hypertext Transfer Protocol Secure wiki” to find good links to further information.

Communication

Communication Summary

  • Affected parties: Everyone who communicates with us by phone, email, or online form
  • Data processed: e.g. phone number, name, email address, data entered into forms. More details can be found under the respective contact method used
  • Purpose: Handling communication with customers, business partners, etc.
  • Retention period: Duration of the business matter and legal requirements
  • Legal bases: Art. 6(1)(a) GDPR (consent), Art. 6(1)(b) GDPR (contract), Art. 6(1)(f) GDPR (legitimate interests)

When you contact us and communicate by phone, email, or online form, personal data may be processed.

The data is processed to handle and address your inquiry and the related business transaction. The data is stored for exactly as long as, or as long as the law requires.

Data Subjects

Everyone who seeks contact with us through the communication channels we provide is affected by the processes described.

Phone

If you call us, call data is stored in pseudonymized form on the respective end device and by the telecommunications provider used. In addition, data such as name and phone number may subsequently be sent by email and stored to answer your inquiry. The data is deleted once the business matter has concluded and legal requirements permit.

Email

If you communicate with us by email, data may be stored on the respective end device (computer, laptop, smartphone, etc.) and will be stored on the email server. The data is deleted once the business matter has concluded and legal requirements permit.

Legal Bases

The processing of this data is based on the following legal grounds:

  • Art. 6(1)(a) GDPR (Consent): You give us consent to store your data and to further use it for purposes related to the business matter;
  • Art. 6(1)(b) GDPR (Contract): There is a need to fulfill a contract with you or with a processor (e.g. the telephone provider), or we must process the data for pre-contractual activities, such as preparing a quote;
  • Art. 6(1)(f) GDPR (Legitimate interests): We want to conduct customer inquiries and business communication in a professional manner. This requires certain technical facilities, such as email programs, Exchange servers, and mobile network operators, in order to carry out communication efficiently.

Customer Data

Customer Data Summary

  • Affected parties: Customers, business and contractual partners
  • Purpose: Provision of contractually or pre-contractually agreed services, including related communication
  • Data processed: Name, address, contact details, email address, phone number, payment information (e.g. invoices and bank details), contract data (e.g. term and subject matter of the contract), IP address, order data
  • Retention period: The data is deleted as soon as it is no longer required for our business purposes and there is no legal retention obligation
  • Legal bases: Legitimate interest (Art. 6(1)(f) GDPR), Contract (Art. 6(1)(b) GDPR)

What is customer data?

In order to offer our services or contractual performance, we also process data of our customers and business partners. This data always includes personal data. Customer data refers to all information processed on the basis of a contractual or pre-contractual collaboration in order to provide the offered services. Customer data is thus all the information we collect and process about our customers.

Why do we process customer data?

There are many reasons why we collect and process customer data. The most important is that we simply need various data in order to provide our services. Sometimes your email address alone is sufficient, but if, for example, you purchase a product or service, we also need data such as name, address, bank details, or contract data. We also subsequently use the data for marketing and sales optimization purposes so that we can overall improve our service for our customers. Another important point is our customer service, which is always very important to us. We want you to be able to come to us at any time with questions about our offerings, and for that we need at least your email address.

What data is processed?

The exact data that is stored can only be described here in categories. This depends, of course, on which services you obtain from us. In some cases, you give us only your email address so that, for example, we can get in touch with you or answer your questions. In other cases, you purchase a product or service from us, and for that we need significantly more information, such as your contact details, payment data, and contract data.

Here is a list of possible data that we receive and process from you:

  • Name
  • Contact address
  • Email address
  • Phone number
  • Date of birth
  • Payment data (invoices, bank details, payment history, etc.)
  • Contract data (term, content)
  • Usage data (websites visited, access data, etc.)
  • Metadata (IP address, device information)

How long is the data stored?

As soon as we no longer need customer data to fulfill our contractual obligations and purposes, and the data is also no longer needed for possible warranty and liability obligations, we delete the corresponding customer data. This is the case, for example, when a business contract ends. After that, the limitation period is generally 3 years, although longer periods may apply in individual cases. We naturally also comply with legal retention obligations. Your customer data will certainly not be passed on to third parties unless you have explicitly given consent to do so.

Legal Basis

Legal bases for the processing of your data are Art. 6(1)(a) GDPR (consent), Art. 6(1)(b) GDPR (contract or pre-contractual measures), Art. 6(1)(f) GDPR (legitimate interests), and, in special cases (e.g. medical services), Art. 9(2)(a) GDPR (processing of special categories).

For the protection of vital interests, data processing is carried out pursuant to Art. 9(2)(c) GDPR. For purposes of health care, occupational medicine, medical diagnostics, care or treatment in the health or social sector, or for the administration of systems and services in the health or social sector, the processing of personal data is carried out pursuant to Art. 9(2)(h) GDPR. If you voluntarily disclose data of special categories, the processing is carried out on the basis of Art. 9(2)(a) GDPR.

Explanation of Terms Used

We always strive to write our privacy policy as clearly and understandably as possible. However, this is not always entirely easy, especially with technical and legal topics. It often makes sense to use legal terms (such as “personal data”) or certain technical expressions (such as “cookies,” “IP address”). We do not, however, want to use these without explanation. Below you will find an alphabetical list of important terms used that we may not have sufficiently addressed elsewhere in this privacy policy. Where these terms are taken from the GDPR and constitute legal definitions, we will also quote the GDPR text here and add our own explanations where appropriate.

Consent

Definition under Article 4 of the GDPR:

Within the meaning of this Regulation, the term:

“consent” of the data subject means any freely given, specific, informed, and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;

Explanation: As a rule, on websites such consent is given via a cookie consent tool. You are surely familiar with this. Whenever you visit a website for the first time, you are usually asked via a banner whether you agree to, or consent to, the data processing. Usually you can also make individual settings and thus decide for yourself which data processing you permit and which you do not. If you do not consent, no personal data may be processed about you. In principle, of course, consent can also be given in writing, i.e. not via a tool.

Personal Data

Definition under Article 4 of the GDPR:

Within the meaning of this Regulation, the term:

“personal data” means any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person;

Explanation: Personal data is thus all data that can identify you as a person. As a rule, this is data such as:

  • Name
  • Address
  • Email address
  • Postal address
  • Phone number
  • Date of birth
  • Identification numbers such as social security number, tax identification number, ID card number, or student registration number
  • Bank details such as account number, credit information, account balances, and much more

According to the European Court of Justice (ECJ), your IP address also counts as personal data. IT experts can use your IP address to determine at least the approximate location of your device and, in turn, identify you as the account holder. Therefore, storing an IP address also requires a legal basis within the meaning of the GDPR. There are also so-called “special categories” of personal data, which are especially worthy of protection. These include:

  • Racial and ethnic origin
  • Political opinions
  • Religious or philosophical beliefs
  • Trade union membership
  • Genetic data, such as data obtained from blood or saliva samples
  • Biometric data (this refers to information about psychological, physical, or behavioral characteristics that can identify a person)
  • Health data
  • Data concerning sexual orientation or sex life

Closing Remarks

Congratulations! If you are reading these lines, you have truly “fought your way” through our entire privacy policy, or at least scrolled this far. As you can see from the length of our privacy policy, we take the protection of your personal data anything but lightly.

It is important to us to inform you, to the best of our knowledge and belief, about the processing of personal data. In doing so, we want to tell you not only which data is processed, but also to bring you closer to the reasons for using various software programs. As a rule, privacy policies sound very technical and legalistic. Since most of you are not web developers or lawyers, we wanted to take a different approach linguistically and explain matters in simple and clear language. Of course, this is not always possible given the subject matter. That is why the most important terms are explained in more detail at the end of the privacy policy.

If you have questions about data protection on our website, please do not hesitate to contact us or the responsible party. We wish you a pleasant time and hope to welcome you back to our website soon.

All texts are protected by copyright.