Privacy Statement
Data protection information for website visitors, customers, suppliers, interested parties,
applicants and other data subjects
In the following, we would like to inform you as a visitor to our website (see section 2), as a
customer or interested party in our services (see section 3) or applicant (see section 4) about
the processing of your personal data by us and about your rights under applicable data
protection law.
1. Responsible body and contact details of the data protection officer
Responsible is
LUKAS Hydraulik GmbH
Weinstraße 39D- 91058 ErlangenTel.: +49 9131 698-0E-Mail: lukas.info@idexcorp.com
(hereinafter referred to as "we" and/or "us")
You can contact our external data protection officer at
RISCREEN GmbH Türltorstraße 4D- 85276 Pfaffenhofen Phone: +49 8441 47706-10
2. Processing of personal data in connection with your use of our website
2.1. Data categories, purpose of processing and legal basis
As part of your use of the website, we process the following personal data:
• Personal data that you voluntarily enter yourself as part of an online offer (such as
requests to contact us), such as first and last name, e-mail address, telephone number,
information provided as part of a support request, comments or forum posts, and
• Information that is automatically sent to us by your web browsers or device, such as:
Your IP address, device type, browser type, previously visited websites, subpages
visited or date and times of the respective visitor request.
We process your personal data in order to enable the website to be displayed in your browser,
to ensure the functionality of the website and to optimise the website.
The above-mentioned purposes also constitute our legitimate interest in data processing in
accordance with Art. 6 (1) (f) GDPR
• to enable you to use the services and functions of the online offers,
• to process your request,
• to establish your identity and enable user authentication,• to enforce our Terms of Use, assert or defend against legal claims, and to defend
against and prevent fraudulent and similar activities, including attacks on our IT
infrastructure.
In some cases, we will ask for your explicit consent to the processing of your personal data. In
this case, the legal basis for the processing of your personal data is the consent you have given
in accordance with Art. 6 (1) (a) GDPR in conjunction with Art. 7 GDPR.
2.2. Cookies
We use cookies. These are data sets that are automatically created by your browser and stored
on your device when you visit the website. They contain information about browsing history
and user behavior.
Depending on their type and function, the use of cookies is either free of consent or requires
consent. Consent is not required for cookies that are absolutely necessary for us to be able to
provide you with our online services (so-called necessary cookies). Necessary cookies are
absolutely necessary for the use of the website services, as they enable basic functions such
as page navigation and access to secure areas of the website. As a rule, the website does not
function properly without the setting of necessary cookies. Furthermore, necessary cookies
are those that are used for IT security.
The legal basis for the storage and retrieval of such cookies is § 25 para. 2 no. 2 TTDSG. The
legal basis for further data processing in these cases is Art. 6 (1) (f) GDPR (legitimate interests
in the provision of the online offer or IT security).
On the other hand, cookies requiring consent (so-called non-necessary cookies) are used, for
example, to collect statistics and/or create analyses in order to adapt the use of our offer
individually to your preferences. You give your consent when you visit our online offer when
you display our "cookie banner". By clicking a button, you can declare your consent to the use
of cookies on this website.
In this respect, the legal basis for data processing is Section 25 (1) TTDSG and Article 6 (1) (a)
of the GDPR in conjunction with Article 7 of the GDPR.
We use the following cookies:
2.2.1. Anonymous cookies
Session cookie of the CMS system
This website uses a so-called session ID cookie from our CMS system Joomla. This is set in
order to store functions and/or settings that you need for your visit to the website (e.g. the
language setting). This data will not be used for analytics purposes and will be deleted when
your session expires or you log out of our website.
Consent Management ToolThis website uses the consent management tool CCM19. The tool enables you to give consent
to data processing via the website, in particular the setting of cookies, as well as to make use
of your right of revocation for consents that have already been given. The purpose of data
processing is to obtain and document the necessary consents to data processing and thus to
comply with legal obligations. Cookies may be used for this purpose. Among other things, the
following information is collected and transmitted to CCM19: date and time of page access,
consent status.
Shopware
This website uses elements of Shopware. Shopware uses various technically necessary cookies
to make system-relevant functions executable, e.g. the correct display of page content.
2.2.3. Non-essential cookies
Google Analytics
This website uses functions of the web analysis service "Google Analytics". The provider is
Google Inc., 1600 Amphitheatre Parkway Mountain View, CA 94043, USA.
The cookies set by Google Analytics enable an analysis of your user behaviour on our website.
This information is usually transmitted to a Google server in the USA and stored there.
We have activated the IP anonymization function on this website. As a result, your IP address
will be shortened by Google within the states of the European Union or other contracting
states of the Agreement on the European Economic Area before it is transmitted to the USA.
Only in exceptional cases will the full IP address be transmitted to a Google server in the USA
and shortened there. On behalf of the operator of this website, Google will use this
information to evaluate your use of the website, to compile reports on website activity and to
provide the website operator with other services related to website activity and internet
usage. The IP address transmitted by your browser as part of Google Analytics will not be
merged with other data held by Google.
You can prevent the storage of cookies by selecting the appropriate settings in your browser
software. However, we would like to point out that in this case you may not be able to use all
the functions of this website to their full extent. You can also prevent the collection of the
data generated by the cookie and related to your use of the website (including your IP address)
to Google and the processing of this data by Google by downloading and installing the browser
plug-in available under the following link: https://tools.google.com/dlpage/gaoptout?hl=de.
For more information, please refer to Google's privacy policy at the following link:
https://support.google.com/analytics/answer/6004245?hl=de.
The legal basis for the data processing operations described is Art. 6 (1) (a) GDPR in
conjunction with Art. 7 GDPR and § 25 (1) TTDSG.
As stated above, Google also processes data in the USA, among other places. The legal basis
for data processing in the USA is the European Commission's adequacy decision of 10 July
2023 as well as the EU Standard Contractual Clauses in their current version.2.3. Processing on our social media channels
We place links on our website to the websites of social networks
• Facebook (https://www.facebook.com/LUKAS.Rescue/)
• Youtube (https://www.youtube.com/channel/UCHK9wsmZlhedBi93AFUqeEQ)
• Instagram (https://www.instagram.com/lukasrescue),
to (i) draw attention to our services and products on our social media channels and (ii) to get
in touch with you.
You can recognise the links on our website by the integrated logo of the respective social
network. By clicking on the logo, a direct connection is established between your browser and
the server of the respective service and you are redirected to the website of the service
provider.
2.3.1. Data processing by us
We operate the social media presence to draw attention to our products, services and career
opportunities and to communicate with users and to achieve improvements.
The processing of personal data is generally carried out on the basis of Art. 6 (1) (f) GDPR on
the basis of our legitimate interests in public relations, communication and product
improvement, unless otherwise specified.
We may view your posts and similar interactions on our social media presences as well as –
depending on your privacy settings – your public profile. We may use this data to improve our
information and products, especially on our social media presences.
If you contact us via our social media presences, we will process your personal data in order
to process your request, in particular to answer enquiries. We may then respond to your
request via the respective social media presence. In many cases, the legal basis for the
processing of personal data is Art. 6 (1) (b) GDPR (performance of a contract or pre-contractual
measures) or, if this legal basis is not relevant, Art. 6 (1) (f) GDPR on the basis of the legitimate
interests resulting from the aforementioned purposes.
In addition, we receive aggregated usage statistics from the platforms, which we use to
evaluate usage behavior and to improve our information offering. The usage statistics may
also be compiled on the basis of personal usage data by the platforms. Further information on
this can be found in the data protection notices of the respective providers linked below.
• Facebook: https://www.facebook.com/about/privacy/update?ref=old_policy
• Instagram: https://help.instagram.com/155833707900388
• YouTube: https://policies.google.com/privacy?gl=DE&hl=de#infocollect
Further information on Facebook and Instagram can be found at No. 2.3.3.
2.3.2. Processing by social media providersWe have no influence on the processing of your personal data when you visit the social media
pages. The provider of the social network has control over the data processing in the context
of the use of the respective service. This includes, for example, the storage and use of cookies
on user devices as well as the analysis of your behaviour on the social network.
2.3.3. Additional information on Facebook and Instagram
When you visit our social media channels on Facebook and Instagram, the operator Meta
collects in particular your IP address and other information transmitted by your browser and,
if applicable, other information that is available on your PC in the form of cookies. This
information is used to provide us, as the owner of the two social media channels, with
statistical information about the use of the respective presences (insights).
Meta and we process the personal data as joint controllers within the meaning of Art. 26 GDPR
and have concluded a corresponding joint controller agreement for this purpose. The essential
information on the corresponding agreement pursuant to Art. 26 GDPR between us and
Facebook can be found under
https://www.facebook.com/legal/terms/page_controller_addendum.
You can find more information about data processing by Facebook in the context of Facebook
Insights at: https://www.facebook.com/legal/terms/information_about_page_insights_data.
The data collected about you in this context will be processed by Meta and, if necessary,
transferred to countries outside the European Union, in particular to Meta Platforms Inc.,
based in the USA. We would like to point out that Facebook is responsible under data
protection law for the corresponding transmission and subsequent processing operations. The
specific data Meta receives and how it is used is described in the privacy policies of Facebook
and Instagram (see Section 2.3.1).
The legal basis for the processing of personal data in this context is Art. 6 (1) (f) GDPR
(legitimate interests in achieving the above-mentioned purposes) or, if consent has been
obtained, Art. 6 (1) (a), Art. 7 GDPR (consent).
2.4. Contacting us by e-mail
If a user contacts us via the e-mail address provided on the website, the data entered in the
e-mail will be transmitted to us and part of the data will be stored.
In this context, the data will not be passed on to third parties outside the company. The data
will be used exclusively for the processing of correspondence.
The legal basis for the processing of data transmitted in the course of sending an e-mail is Art.
6 (1) (f) GDPR. If the e-mail contact is aimed at concluding a contract, Art. 6 (1) (b) GDPR is a
further legal basis for the processing.
The processing of the personal data from the input mask serves us to process the contact and
to prevent the misuse of the contact form. The data will be deleted as soon as they are no
longer required to achieve the purpose for which they were collected. For the personal datasent by e-mail, this is the case when the respective correspondence with the user has ended
and the matter in question has been conclusively clarified.
The user has the right to object to the processing of his or her personal data at any time. In
such a case, the correspondence cannot be continued. Please send us your deletion request
via e-mail to: lukas.info@idexcorp.com, Attn: LUKAS Marketing. In this case, all personal data
stored in the course of contacting us will be deleted.
2.5. Integration of Open Street Map
As part of the dealer network search on our website, we integrate map material from
OpenStreetMap. OpenStreetMap is a project of the OpenStreetMap Foundation, 132 Maney
Hill Road, Sutton Coldfield, West Midlands B72 1JU, Great Britain, which collects freely usable
geodata and keeps it in a database for free use.
When using the Merchant Network Search feature, a connection is established to the
OpenStreetMap Foundation's servers and data is transmitted to the OpenStreetMap
Foundation to display embedded maps. For more information on data protection in
connection with OpenStreet Map, please refer to the privacy policy of the OpenStreetMap
Foundation: https://osmfoundation.org/wiki/Privacy_Policy.
When you establish a connection to view the maps, the following data is transmitted to
OpenStreetMap servers: IP address, browser and device used, operating system, website from
which you were redirected to the OpenStreetMap Foundation website (referring web page)
and date and time of your visit to the website.
The integration and associated data processing is carried out on the basis of Art. 6 para. 1
sentence 1 lit. f GDPR. Our legitimate interest lies in providing you with the dealer network
search function.
You can prevent any data transfer to the servers of OpenStreetMap by disabling JavaScript in
your browser. In this case, however, you will not be able to use the map display.
3. Processing of personal data of business partners
3.1. Description and scope of data processing
In the context of cooperation with business partners, the company processes personal data of
contact persons at customers, suppliers, interested parties, sales partners and cooperation
partners (hereinafter referred to as "business partners"). In particular, the following personal
data will be processed:
• Contact information, such as first and last name, work address, work phone number,
work mobile phone number, work fax number, and work email address;
• Payment data, such as information required to process payment transactions or
prevent fraud, including credit card information and security codes;
• further information, the processing of which is necessary in the context of a project or
the execution of a contractual relationship and which is voluntarily provided by
business partners, e.g. in the context of orders placed, enquiries or details of projects,• personal data collected from publicly available sources, information databases or
credit reference agencies, and
• insofar as legally required in the context of compliance screenings: date of birth, ID
and ID numbers, information on relevant court proceedings or other legal disputes in
which business partners are involved.
3.2. Purpose of data processing
Personal data will be processed for the following purposes:
• Communication with business partners about products, services and projects, e.g. to
process inquiries from the business partner or to provide technical information about
products,
• planning, executing and managing the contractual business relationship, for example
to process the ordering of products and services, to collect payments, for accounting
and billing purposes and to carry out deliveries, maintenance activities or repairs,
• Conducting customer surveys, marketing campaigns, market analyses, sweepstakes,
competitions, etc. Promotions and events,
• Conducting customer satisfaction surveys and direct marketing,
• Maintain and protect the security of our products and services and our websites,
prevent and detect security risks, fraudulent activity, or other criminal or malicious
activity;
• Comply with (i) legal requirements (e.g. tax and commercial retention obligations), (ii)
existing obligations to conduct compliance screenings (to prevent white-collar crime
or money laundering), and (iii) guidelines and industry standards, and
• Resolving disputes, enforcing existing contracts, and establishing, exercising and
defending legal claims.
3.3. Legal basis
The processing of personal data is necessary to achieve the aforementioned purposes. Unless
expressly stated otherwise at the time of collection of personal data, the legal basis for data
processing is:
• the execution and fulfilment of a contract with you in accordance with Art. 6 (1) (b)
GDPR,
• the fulfilment of legal obligations to which the company is subject pursuant to Art. 6
(1) (c) GDPR, or
• the protection of legitimate interests pursuant to Art. 6 (1) (f) GDPR. The legitimate
interest lies in the initiation, implementation and processing of the business
relationship.
If you have expressly given your consent to the processing of your personal data in individual
cases, this consent is the legal basis for processing in accordance with Art. 6 (1) (a) GDPR.
3.4. Duration of storage
We process and store your personal data for as long as it is necessary for the fulfilment of our
contractual obligations and the exercise of our rights. If the data is no longer required for thefulfilment of contractual or legal obligations, it will be deleted on a regular basis, unless its
further processing – for a limited period – is necessary for the following purposes:
• Fulfilment of retention obligations under commercial and tax law under the German
Commercial Code (HGB), the German Fiscal Code (AO) and the Money Laundering Act
(GwG). The retention and documentation periods specified there are usually two to
ten years.
• Preservation of evidence within the framework of the statutory statute of limitations.
According to §§ 195 et seq. of the German Civil Code (BGB), these limitation periods
can be up to 30 years, with the regular limitation period being 3 years.
4. Processing of candidates' personal data
4.1. Data categories and purpose of data processing
As part of the application process, we generally process the following categories of personal
data:
• Contact and identity details, including name, marital status, gender, nationality, date
of birth, residential address and contact details.
• Your application documents and any information contained therein, including your CV,
cover letter and certificates; other documents relating to your previous work
experience, education or similar; and pictures.
• Information about your employment history and work-related experience and skills,
including date of hire, date and reason for termination, employment status, current
salary amount, other supporting data submitted by applicants or employees,
information obtained from reference checks, previous applications, evidence of your
skills/qualifications, and relocation information.
• information relating to character and professional interests, including work-related
and personal interests; knowledge or skills; and awards or memberships.
• Other personal information you provide to us during the recruitment process,
including our notes from interviews with you or others about you; and any
correspondence you may have with us or a recruitment agency during the application
process.
• Information about your work permit status.
• Sensitive data, in certain circumstances, including your racial or ethnic origin; trade
union membership; religious beliefs; or information about your health, such as
information about a disability, for which the company must make reasonable
adjustments during the recruitment process.
We may also receive the above information about you from other sources, including
recruitment agencies, the references you provide, websites, and other publicly available
information on the Internet. This includes, for example, personal data that you have published
as part of an online profile. We may also receive information that you provide to us through
third-party websites, such as LinkedIn.
Personal data that you provide to us as part of your application will be stored and used
exclusively for the purpose of processing the application and, if applicable, for the
performance of the subsequent employment relationship.If your application has convinced us, but we are unable to consider you for a vacancy, we
would be happy to store your documents in our talent pool. In this case, we will ask you for
your consent in a separate email. Then you have the option of contacting you again if there
are suitable job advertisements that match your profile.
If we would like to send your application documents to other companies in the group of
companies, we will also ask for your consent. You are also welcome to give this consent in
your application. In such a case, your personal data will be forwarded to the competent
departments of other companies for the purpose of initiating the application process in the
respective companies.
4.2. Legal basis for data processing
The processing of your personal data in the context of the application process is carried out
on the basis of Art. 6 (1) (b) GDPR (establishment and execution of a contract).
The storage and processing of your data in the talent pool or the forwarding to other
companies in the group of companies takes place on the basis of your consent in accordance
with Art. 6 (1) (a) GDPR.
4.3. Disclosure of data
Your data will be made available to the responsible employees of the HR department and the
responsible employees or supervisors of the specialist department(s) for the position for
which you have applied. In the case of an unsolicited application, your documents will be made
available to the responsible employees of the HR department and the responsible employees
or supervisors of the relevant departments for whom your application might be of interest.
Due to our corporate structure, it may happen that there are several people responsible for
your application; this can be seen from the application documents in individual cases. This
transfer is protected by obligations set out in intra-group agreements that we have entered
into between the various legal entities of the IDEX group of companies. International transfers
within the IDEX group of companies are governed by standard contractual clauses approved
by the EU Commission or, where applicable, on the basis of an adequacy decision.
In addition, we do not pass on your applicant data to affiliated subsidiaries or parent
companies, unless your application also relates to these companies, is kept open for this
purpose or you have given us explicit consent.
Furthermore, we use processors (e.g. IT service providers) for the application process. Your
data will be passed on to them in strict compliance with the obligation of confidentiality and
the requirements of the GDPR. The processors commissioned by us may only process the data
for us and not for their own purposes. In these cases, the responsibility for data processing
remains with us.
Data will also be passed on if we are obliged to do so on the basis of statutory provisions
and/or official or court orders.
4.4. Transfer of personal data to third countriesOur company is part of the IDEX group of companies, where HR responsibilities can exist across
national borders. For this reason, supervisors in other countries may also have access to your
applicant data. This data processing is necessary for the decision on the establishment of an
employment relationship. In addition, data will also be transferred to third countries if your
data is included in the talent pool. This means that our foreign units affiliated with the Group
also have access to your applicant data.
When data is transferred to an entity in a third country, appropriate safeguards for the
protection of your personal data ensure that the level of data protection provided by the
European Union is complied with.
4.5. Deletion periods for applicant data
If no employment relationship is established, the application documents will be deleted six
months after rejection. The legal basis for the storage in this regard is Art. 6 (1) (f) GDPR. Our
legal interest in this regard is the defence against any claims under the General Equal
Treatment Act ("AGG"). In all other respects, the general deletion periods and notices under
No. 3.4.
5. Recipients and Recipient Categories
Within our company, access to your data is granted to those departments that need it to fulfil
our contractual and legal obligations. Service providers and vicarious agents employed by us
may also receive data for these purposes, provided that they maintain confidentiality and
integrity. These are companies in the categories of IT services, logistics, printing services,
telecommunications, debt collection, consulting, and sales and marketing.
With regard to the transfer of data to recipients outside our company, it should first be noted
that we only pass on necessary personal data in compliance with the applicable data
protection regulations. As a matter of principle, we may only pass on information about you
if this is required by law, if you have given your consent or if we are authorised to provide
information. Under these conditions, recipients of personal data may be:
• public bodies and institutions (e.g. tax authorities, law enforcement authorities, family
courts, land registry offices) in the event of a legal or official obligation,
• credit and financial services institutions or comparable institutions to which we
transmit personal data in the course of carrying out the business relationship (e.g.
banks, credit agencies),
• creditors or insolvency administrators who make an enforcement,
• Auditor
• Service providers that we use in the context of order processing relationships,
• Commercial representative of the company.
In all other respects, the data transfers listed in the other sections apply.
6. Transfer to third countries
Data will be transferred to entities outside the European Union (so-called third countries)
insofar as:• it is necessary for the execution of your orders (e.g. delivery orders),
• it is required by law (e.g. tax reporting obligations) or
• You have given us your consent.
In addition, a transfer to entities in third countries is provided for in the following cases:
• If this is necessary in individual cases, your personal data may be transferred to an IT
service provider in a third country in order to ensure the IT operation of the company
in compliance with the European level of data protection.
• Due to legal regulations to combat money laundering, terrorist financing and other
criminal acts, as well as in the context of a balancing of interests, personal data (e.g.
legitimation data) is transferred to third countries in individual cases in compliance
with the data protection level of the European Union.
The use of our range of social media, analysis services, our applicant platform and the use of
IT service providers may result in data transfers and subsequent processing of usage data of
the respective services in the USA. In this context, please note that due to the adequacy
decision, the level of data protection in the USA is generally comparable to that of the EU and
the EEA. Data transfer, on the other hand, is only permitted if the recipient has been certified
according to the EU-US Privacy Framework (DPF). These certifications are regularly checked
by us so that data protection-compliant transmission is ensured.
In addition, as set out in the remaining sections, personal data may be transferred to third
countries by the companies to which we share personal data.
7. Data integrity
For security reasons and to protect the transmission of confidential content, SSL or TLS
encryption is implemented on our website. You can recognize an encrypted connection by the
fact that the address bar of the browser changes from "http://" to "https://" and by the lock
symbol in your browser line.
Our employees and the service providers commissioned by us are obliged to maintain
confidentiality and comply with the provisions of the applicable data protection laws. The
Company takes appropriate technical and organizational security measures to protect your
personal data from loss, alteration, destruction and from access or disclosure by unauthorized
persons. Our security measures are constantly being improved in line with technological
developments.
8. Rights of data subjects
Every data subject has the right to information pursuant to Art. 15 GDPR, the right to
rectification pursuant to Art. 16 GDPR, the right to erasure pursuant to Art. 17 GDPR, the right
to restriction of processing pursuant to Art. 18 GDPR and the right to data portability pursuant
to Art. 20 GDPR.
With regard to the right to information and the right to erasure, the restrictions according to
§§ 34 and 35 BDSG apply. In addition, you have the right to lodge a complaint with a
competent data protection supervisory authority (Art. 77 GDPR in conjunction with § 19 BDSG).You can revoke your consent to the processing of personal data at any time. The withdrawal
of consent does not affect the lawfulness of the processing carried out on the basis of the
consent before its withdrawal.
You also have the right to object, on grounds relating to your particular situation, at any time
to the processing of personal data concerning you which is carried out on the basis of Art. 6 (1)
(e) GDPR (data processing in the public interest) and Art. 6 (1) (f) GDPR (data processing on the
basis of a balancing of interests); this also applies to profiling based on this provision within
the meaning of Art. 4 No. 4 GDPR. If you object, we will no longer process your personal data
unless we can demonstrate compelling legitimate grounds for the processing which override
your interests, rights and freedoms. This includes, in particular, if the processing is necessary
for the assertion, exercise or defence of legal claims.
In addition, you have the right not to be subject to fully automated decision-making in
accordance with Art. 22 GDPR. As a matter of principle, we do not use fully automated
decision-making to establish, execute and terminate the business relationship. If we use these
procedures in individual cases (e.g. to improve our products and services), we will inform you
separately about this and your rights in this regard, if required by law.
9. Obligation to provide data
As part of our business relationship, you must provide the personal contract data that is
necessary for the establishment, execution and termination of a business relationship and for
the fulfilment of the associated contractual obligations or that we are legally obliged to collect.
Without this data, we will generally not be able to conclude, execute and terminate a contract
with you.
The same applies to visits to our online services and the collection of usage data. Without the
collection of usage data, we and our service providers will not be able to provide you with our
online offering.
10. Up-to-dateness and changes to this Privacy Policy
This privacy policy is currently valid and has the status of October 2023.
