Responsible is the luzid GmbH, Michelsfeld 1a, 36103 Flieden registered at the local court of Fulda under HRB 7442, represented by the managing directors Markus Druschel and René Schiebelhut (“we/us/our”) as provider of a website under www.luzid.io, as well as the associated services („luzid”, „Website“ or „luzid-platform“).
If you have any questions regarding data protection, you can contact us by phone at +49-(0) 170-6551661 (during normal business hours, Monday to Friday 9 a.m. to 6 p.m.), or by e-mail at operative(at)luzid.io
- What are personal data?
- What personal data is used to use the services of luzid?
- How will the collected data be used, disclosed and, if necessary, transferred to third parties?
- Which third-party cookies, services, offers and web tools are used?
- Is there a data transfer to other EU countries?
- Your rights: information, revocation, amendments, corrections and updates, deletion, restriction of processing, data transferability, right of appeal
- Data security and scope
A. What are personal data?
Personal data is information that can be used to identify a person, i.e. information that can be traced back to a person. This includes, for example, name, email address or telephone number, but also data about hobbies, memberships or which websites were viewed by someone else, counts as personal data.
Personal data is only collected, used and passed on by us if this is permitted by law or if the users agree to the data collection.
B. What personal data is collected to use the services of lucid?
Data collected during visits to the website
We (or the web space provider) collect data about every visit to our website (so-called server log files)(“Access data“). The access data includes:
Name of the accessed website, file, date and time of access, amount of data transferred, notification of successful access, browser type and version, the user’s operating system, referrer URL (the previously visited site), IP address and the requesting provider
and additionally when using a mobile device:
Country code, language, device name, operating system name and version
We use this access data only for statistical analysis for the purpose of operation, security and optimization of lucid. However, we reserve the right to subsequently check this access data if there is a justified suspicion of illegal use based on concrete evidence. The data processing is carried out on the legal basis of Art. 6 (1) c. DSGVO or Art. 6 (1) f. DSGVO, whereby our legitimate interests (or the legitimate interests of third parties commissioned by us) of quality assurance are pursued.
Data collected upon contact
When you contact us (for example by e-mail), your details will be stored for the purpose of processing your enquiry and in the event that follow-up questions arise. We also process personal data for the purpose of establishing and maintaining business contacts and acquiring new customers. This is done on the basis of your consent (Art. 6 (1) a. DSGVO), for the purpose of processing your request (Art. 6 (1) b. DSGVO) or due to our legitimate interest in customer acquisition.
Data collected at registration
If you register with us, the e-mail address and password you have entered will be saved. In the following registration steps, the personal data that you provide us with during the registration process will be collected and stored, e.g. “User-information“, as Your name, your address, your telephone number, your e-mail address, your gender
Furthermore, when you register as a candidate, additional “profile data” is collected: e.g. your birthday, as well as other non-public, personal data describing your education and work experience.
Furthermore, when creating a user profile as a candidate, optional data such as availability and work preferences are collected and stored, which the user can manage at any time under the item ‘Expectations’ in the menu. If you do not complete the registration process, your data will be deleted after six months. If you complete the process, your data will be stored until further notice or within the scope of the statutory storage obligations (see also F. Your rights).
Payment data of service providers/employees
After registration, we collect the following”payment data” from users who are consultants for the purpose of payment processing within the accountnumber/BLZ or IBAN, BIC, name of the account holder, tax number
These payment data are collected, stored and used exclusively by us for the purpose of invoicing and processing payments of the fee due to the users as consultants in accordance with the provisions of the contract between luzid and the service provider/employee. The user can manage, change or delete this data at any time within his user profile. This is done on the legal basis of Art. 6 (1) b. DSGVO.
C. How will the collected data be used, disclosed and possibly transferred to third parties?
Use of your data
In general, the information you provide us with will either be used to provide our services, to respond to your requests or to help us provide a better service to you. We use your data and information for the following purposes, among others:
- easier creation and protection of your account;
- Recognition as a user of our system;
- Improving our website and our services;
- internal research and development purposes under the existing contractual relationships with lucid;
- customized design of displayed data to meet your preferences
- Prevent locked users from registering again;
- Provision of the services you request;
- Sending your profile to the client after approval;
- Sending your profile to the client after approval;
- Sending administrative email messages such as security, support or maintenance emails;
- Answering your enquiries and questions after corresponding contact;
- occasional telephone calls to you as part of the secondary placement process, fraud protection or to get feedback from you; and
- Sending e-mails to registered users with content related to our services, provided the user has not objected to this
This is done on the legal basis of Art. 6 (1) b. DSGVO or on the basis of our legitimate interests in quality assurance and marketing from Art. 6 (1) f. DSGVO.
Disclosure and transmission of your data to third parties
Connection to social networks
We may then add this information to the data we have already collected through our services. The information is then stored and used by us for the purpose of providing and offering our services. The data processing is based on your consent (Art. 6 (1) b. DSGVO) or takes place on the basis of the contract with us (Art. 6 (1) b. DSGVO).
Other processing, disclosure and profiling
The processing of data when using our offer is generally based on the legal basis of Art. 6 (1) b. DSGVO, i.e. the data are processed because they are necessary for the fulfilment of the contract between you and us or for the implementation of pre-contractual measures which are carried out at your request.
In addition, Art. 6 (1) a. DPA provides the legal basis for the processing of data for specific purposes if and insofar as you or the data subject have given their prior consent.
Any processing of your data by us is further based on Art. 6 (1) c. DSGVO, if this is necessary for the fulfilment of a legal obligation to which we or other responsible parties are subject or on the basis of Art. 6 (1) e. DSGVO, if this is necessary for the performance of a task which is in the public interest or in the exercise of official authority which has been assigned to us or the responsible party. Translated with www.DeepL.com/Translator (free version)
In addition, the legal basis from Art. 6 (1) f. DSGVO is relevant, for example, in the case of the collection of data when you visit the website or the transfer of data to our partners or external service providers, if the processing is necessary to protect our legitimate interests or those of a third party and your interests or fundamental rights and freedoms, which require the protection of personal data, do not prevail. Translated with www.DeepL.com/Translator (free version) A legitimate interest exists, for example, if a significant and appropriate relationship exists between you (or the person concerned) and us (or the person responsible), for example if you are our customer.
A transmission of your data to service providers may occur within the scope of order processing, e.g. to lettershops for sending print mailings, to the newsletter service provider MailGun for sending the newsletter, to IT service providers for providing the website, server service and database. There are agreements with the service providers for contract processing or these are subject to the US-EU Privacy Shield Agreement.
When using the offer, no “profiling” or automated decision making by us takes place; however, in individual cases such profiling may be carried out by third party providers used by us. Profiling takes place on the legal basis of Art. 22 DS-GVO and is permitted if it is necessary for the conclusion or performance of a contract or is required by law. In particular, we would like to point out that when Google, Xing and LinkedIn are integrated with an existing account, automated decision making (“profiling”) can take place there. You can manage these settings on Xing and Linkedin within your account network. At Google you can contradict the profiling under the following link:
An audit of your person only takes place in special cases, e.g. if you take over projects for a customer from the banking/financial services sector who is subject to special legal requirements. In this case you will be informed in advance and asked for your consent to the verification.
In addition, our clients have the opportunity to evaluate the consulting services of an individual consultant. You can view these ratings in your consultant profile. These assessments are based on our legitimate interest (quality control, i.e. commissioning reliable, qualified consultants). Please inform yourself under F. about your rights to information, revocation, changes, corrections, deletion and restriction of processing.
D.What third-party cookies, services, offers and web tools are used?
Cookies are small files that make it possible to store on the user’s access device (PC, smartphone or similar) specific information related to the device. On the one hand, they serve the user-friendliness of websites and thus you (e.g. storage of login data). On the other hand, they serve to collect statistical data on website use and to be able to analyse it for the purpose of improving lucid.
Appeal: You can influence the use of the cookies. Most browsers have an option to restrict or completely prevent the storage of cookies. However, it is pointed out that the use and in particular the comfort of use are restricted without cookies.
If you visit lucid, so-called session cookies are used, which are automatically deleted from the user’s hard drive when the browser window is closed. The session cookies are needed to assign successive page requests to the respective users who access lucid simultaneously.
Every time a page of our offer is accessed and every time a file is called up, further access data on this process is stored in a log file on the server. This includes in particular the following information:
- File name of the content retrieved (or content transmitted when using the services);
- Date and time of the request;
- transferred data volume, access status (content transferred, content not found, etc.);
- Operating system, browser and device type;
- Screen resolution, language and time zone settings;
- Referrer URL, e.g. website that was visited before;
- IP address and name of the Internet provider.
You can manage many online ad cookies from companies via the US site http://www.aboutads.info/choices/ or the EU-site http://www.youronlinechoices.com/uk/your-ad-choices/.
Third party websites in general
Google (Universal) Analytics
lucid uses Google Analytics, a web analytics service provided by Google Ireland Limited (“Google”), a company incorporated and regulated under Irish law (registration number: 368047) with its registered office at Gordon House, Barrow Street, Dublin 4, Ireland (“Google”).
lucid uses Google Analytics, a web analytics service provided by Google Ireland Limited (“Google”), a company incorporated and regulated under Irish law (registration number: 368047) with its registered office at Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). The information generated by the cookie about your use of the offer such as
Browser type/version; operating system used; referrer URL (the previously visited page); host name of the accessing computer (IP address); time of the server inquiry when using the website are usually transferred to a Google server in the USA and stored there. Due to the activation of IP anonymisation to lucid, however, the IP address of Google is previously shortened within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Translated with www.DeepL.com/Translator (free version) Only in exceptional cases will the full IP address be transferred to a Google server in the USA and shortened there.
IP anonymization is active on lucid. On behalf of luzid, Google will use this information to evaluate the use of lucid by users, to compile reports on website activities and to provide further services to us in connection with the use of offers and the Internet. As far as the IP-anonymization is omitted, the data processing is carried out on the legal basis of Art. 6 (1) f. DSGVO, whereby our legitimate interests (or the legitimate interests of third parties commissioned by us) in quality assurance or statistical analysis of user behaviour are pursued.
Appeal Google Analytics: You can also prevent the collection of data generated by the cookie and related to your use of luzid (including the IP address) to Google and the processing of this data by Google by downloading and installing the browser plugin available at the following link http://tools.google.com/dlpage/gaoptout?hl=de.
Appeal Universal Analytics: With Universal Analytics, you can object at any time with effect for the future by deactivating the cross-device user analysis in your customer account. Further information on Universal Analytics can be found here: https://support.google.com/analytics/answer/2838718?hl=de&ref_topic=6010376
Google Tag Manager
Our website uses the Google Tag Manager of Google Ireland Limited (“Google”). With the Google Tag Manager, website tags can be managed via an interface. Tags are small code elements on your website that are used, among other things, to measure visitor behavior, capture the impact of online advertising and social channels, use remarketing and targeting, and test and optimize our website with regard to our target groups. The Tag Manager tool itself (which implements the tags) is a cookieless domain. The tool takes care of triggering other tags, which in turn may collect data. Google Tag Manager does not access this data. If disabled at the domain or cookie level, it will persist for all tracking tags implemented with Google Tag Manager. Data will never be passed on to other Google products without your consent.
As far as personal data are processed, the data processing takes place on the legal basis of Art. 6 (1) f. DSGVO, whereby our legitimate interests (or the legitimate interests of third parties commissioned by us) in quality assurance or statistical analysis of user behaviour are pursued.
Legal basis for the use of the LinkedIn-Insight tag is our legitimate interest (Art. 6 (1) lit. f DSGVO) to measure and analyse the success of our appearance and to optimise the site according to the results.
More detailed information about the LinkedIn Insight tag can be found here: https://www.linkedin.com/help/lms/answer/81849/das-insight-tag-von-linkedin-haufig-gestellte-fragen?lang=en
LinkedIn is certified under the Privacy Shield Agreement and thus guarantees compliance with European data protection law.
You can disable the LinkedIn-Insight tag by clicking the following opt-out link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
If you are a LinkedIn member, click on the field “Reject LinkedIn”. Other visitors click on “Reject”.
Links to Social Media
luzid is linked to various social networks, namely Facebook, Xing and LinkedIn. If you click these buttons, you will be automatically redirected to the respective page of luzid on the social network and the data will then be processed solely by the server of the respective social network.
Provision of company pages in the social networks LinkedIn, Xing and Facebook
luzid uses the social media platforms and services of LinkedIn Corporation Ireland, Wilton Place, Dublin 2, Ireland, XING AG, Dammtorstrasse 29-32, 20354 Hamburg, Germany, and Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. The appearances in social media serve the communication with the users or interested parties and the information about the offer and services of luzid.
When you visit one of our corporate sites on a social network, the social network provider obtains information about you, your browsing and usage behavior, your interactions and your location by collecting your IP address and using cookies, pixels and web beacons. From this information, the social network provider creates a user profile. We cannot exclude the possibility that data stored in the user profiles is stored across devices and/or that the user profile is linked to your data stored in the network.
The social network uses the personal information collected in this way to create statistics on the use and user structure of the network and to place interest-based advertising inside and outside the network. The advertising models of social networks also provide for social networks to transmit data about your usage behavior to third parties (advertising partners) outside the network or to receive data about your surfing/usage behavior from outside the network.
The social networks provide advertisers with anonymised statistical data through their “Facebook Insights” and “LinkedIn Website Demographics” offerings, e.g. information on page views, activities, proportion of men/women, professional position, corporate sector and much more. (see https://www.facebook.com/iq/tools-resources/audience-insights, https://www.linkedin.com/help/lms/answer/82351). We have no influence on the data processing that is carried out for this purpose, cannot prevent it and do not have access to the underlying data.
We use these services to better understand the structure of our users and their interests and to design our site accordingly. It also allows us and the social network providers to better target advertising because, for example, we learn about the demographic, geographic distribution or gender of users. This allows us to identify trends of our users from the statistics and display more relevant content to them.
When using the Facebook and LinkedIn services, data is transferred to the USA. These providers are certified according to the Privacy Shield Agreement and are obliged to comply with EU data protection standards (https://www.privacyshield.gov/list).
We would also like to point out that we, as operators of a Facebook fan page, are jointly responsible with Facebook for the processing of the personal data of visitors to the page (see ECJ judgment of 5 June 2018, Case C-210/16). However, Facebook acknowledges joint responsibility for the Insights data with the operators of the sites and assumes primary responsibility, see: https://www.facebook.com/legal/terms/page_controller_addendum.
If you wish to request information or assert your user rights, the assertion of these rights against Facebook is most effective. Further information regarding the collection and use of data as well as your rights and protection options can be found at https://www.facebook.com/policy.php.
If you have questions or need help, you can contact us.
E. Does a data transfer take place to other EU countries?
When using the offer, it is possible that your data will be transferred to third countries, i.e. countries outside the EU, due to the third party providers involved.
Services on the website that process data outside the EU
When using the website, data may be transferred outside the EU when visiting or using luzid via the website. This concerns the services of Google and the social media providers Facebook, Twitter and LinkedIn. The US company(ies) providing Google’s services are each certified under the EU-US Privacy Shield Agreement, guaranteeing compliance with data protection rules equivalent to those in the EU.
Other external providers processing data outside the EU
If you are registered with us as a talent or customer, any data transfer outside the EU is due to the use of cloud and hosting services, CRM services or external service partners, such as for the processing of customer enquiries or internal communications, who are acting on our behalf and who assist us in the conduct of our business or presentation of the website (legal basis Art. 6 (1) b. or f. DSGVO).
We use the newsletter tool MailGun to send you information by e-mail. MailGun is certified under the EU-US Privacy Shield Agreement. There is also a data processing addendum to ensure compliance with data protection rules applicable in the EU.
We use HubSpot as a CRM tool. There are contractual agreements with HubSpot (EU Standard Contractual Causes) to ensure compliance with data protection regulations applicable in the EU
F. Your rights: information, revocation, amendments, corrections and updates, cancellation, restriction of processing, data transferability, right of appeal
You have the right to revoke your consent to the use, processing or transmission of your data at any time by email to firstname.lastname@example.org with effect for the future, provided that the data processing has taken place on the basis of your consent.
In the event of a revocation, we will no longer process your stored data (or that of the person concerned) and delete it immediately. This does not apply if compelling reasons for processing worthy of protection can be proven, if the interests, rights and freedoms of the users outweigh the processing or if the processing serves to assert, exercise or defend legal claims.
We will therefore continue to use this data, e.g. if it is still required for processing the contractual relationship.
Right of access to information
You or the person concerned has a legal right to information about the personal data stored about you or your person at any time and free of charge. For information, the user can contact email@example.com.
In particular, the right to information does not exist if the data is only stored because it may not be deleted due to legal or statutory storage regulations, or if it is used exclusively for the purposes of data security or data protection control and the provision of information would require a disproportionate effort and processing for other purposes by appropriate technical and organisational measures is excluded.
Correction and completion of data
You or the data subject have the right to ask us to rectify any inaccurate personal data concerning you without delay. Having regard to the purposes of the processing, the data subject shall have the right to obtain the completion of incomplete personal data, including by means of a supplementary declaration. For this purpose you can always contact firstname.lastname@example.org.
Deletion (“right to be forgotten”)
You or the person concerned has the right to have personal data stored with us deleted immediately. Zu diesem Zweck können Sie sich jederzeit an email@example.com wenden.
See also the following points “Restriction of processing” and “Duration of storage of personal data; deletion periods” below.
Restriction of processing
You or the person concerned has the right to demand the restriction of the processing of the personal data stored with us. For this purpose you can always contact firstname.lastname@example.org.
You can only successfully enforce the right to restrict processing if one of the following conditions is met:
- the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data
- the processing is unlawful and the data subject refuses the deletion of the personal data and requests instead the restriction of the use of the personal data
- the controller no longer needs the personal data for the purposes of the processing, but the data subject needs them in order to exercise or defend his rights; or
- the data subject has lodged an objection to the processing until such time as it is established that the controller’s legitimate reasons outweigh those of the data subject
In the event that you have obtained a restriction on processing, we will inform you accordingly before the restriction is lifted.
Furthermore, in certain cases, a restriction of the processing may be applied instead of deleting the data. See in particular the above point “Cancellation (“right to be forgotten”)”.
Right to data portability
You have the right to receive the personal data concerning you that you have provided to us in a structured, common and machine-readable format. For this purpose you can always contact email@example.com.
They shall also have the right to have such data communicated to another controller without interference by the controller to whom the personal data have been disclosed, provided that the processing is based on consent or on a contract to which the data subject is party and that the processing is carried out by means of automated procedures. In exercising your right to data transferability, you have the right to obtain that personal data be transferred directly from one controller to another controller, as far as this is technically feasible.
This right shall not apply insofar as the rights and freedoms of other persons are prejudiced or to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
Right of appeal
You or the person concerned has a right of appeal to a supervisory authority of your choice. The supervisory authorities in Germany are the data protection authorities responsible under the respective laws of the federal states.
A list of the data protection authorities can be found here: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.htmlor http://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=612080
The authority responsible for us is:
The Hessian Commissioner for Data Protection and Freedom of Information
Gustav-Stresemann-Ring 1, 65189 Wiesbaden
phone: +49-(0) 611 14080, E-Mail: firstname.lastname@example.org
Duration of storage of personal data; deletion periods
As a rule, we store your personal data only as long as they are necessary for the execution of the contract or the respective purpose and limit the storage period to an absolutely necessary minimum.
In the case of long-term contractual relationships, such as when using our offer, these storage periods may vary, but are generally limited to the duration of the contractual relationship or, with regard to the inventory data, to a maximum of the statutory storage periods (including in accordance with the German Commercial Code (HGB) and the German Fiscal Code (AO)). Criteria for the storage period are, among other things, whether the data is still up-to-date, whether the contractual relationship with us still exists or whether an enquiry has already been processed or a process has been completed or not and whether legal storage periods for the personal data concerned are relevant or not.
G. Data security and scope of application
luzid is concerned about the security of your personal data. We (and our third-party service providers) use a variety of industry-standard security technologies and procedures to help protect your personal information from unauthorized access, use, or disclosure. Generally when offering our services, and especially when you provide sensitive information (e.g. account information) in your profile, we (or our external service providers) will encrypt the transmission of said information using Secure Sockets Layer Technology (SSL).
Data of our services from luzid are stored and processed exclusively on servers within the European Union (EU), subject to other information to the user.
The data protection regulations can be viewed and printed out at any time on the website at https://www.luzid.io/datenschutz/.
We are entitled to amend these data protection provisions in compliance with the applicable regulations.