Privacy policy – www.legamaster.com

Date effective : 25th of May 2018

Table of contents

1  About us         
2  What are personal data?       
3  Use of personal data        
4  How we share personal data      
5  International transfers of personal data     
6  Processing of sensitive data       
7  Security         
8  Your legal rights        
9  Retention of your personal data      
10  Changes to this Privacy Policy      
11  Contact information  

Last revised: 24th of May 2018

Unnoticed you share all kinds of personal data with us. “We”, "Legamaster" are responsible for the processing of personal data that we collect from or about “you”. For example, we collect your personal data during a business relationship or when you visit our website. Since we are based in the European Union, we process your personal data in compliance with applicable European data protection laws and other statutory provisions.

Personal data are information that directly or indirectly identifies you as an individual, indirectly meaning when combined with other information, for example, your name, postal address, email address or phone number.

We will use your personal data for the purposes as described below. We do not collect and process more or other types of personal data than are necessary to fulfill the respective purposes. We will only use personal data as set forth in this privacy policy and would like to emphasize that we never sell personal data to third parties, unless you have specifically provided your consent to another use of your personal data. If we intend to use your personal data that we process with your consent for purposes other than communicated in such consent, we will inform you in advance and, in cases where the processing is based on your consent, use your personal data for a different purpose only with your permission.

1. Registration data and direct communication
For many services we collect your personal data, like: name, postal address, phone number and email address (“Registration Data”). We use your Registration Data to communicate with you about our services and let you know about our policies and terms. We also use your Registration Data as well as the content of our communication to respond to you when you contact us.

2. Use of customer data for advertising purposes
To continuously improve and enhance our services, we may send you marketing communications via email relating to our business which may be of interest to you. You can choose the types of communications you want to receive at any time by updating your email preferences. You may also unsubscribe at any time. - Consent: We will not use your personal data for advertising purposes unless you have freely given your explicit and prior consent. - However, for existing customers, we may use your email address that we obtained from you in the context of our existing customer relationship to provide you with marketing materials relating to similar products or services that you have previously requested, used or participated in. You may, however, object to such use at the time of collection and each time a message is sent. To opt-out of email marketing, follow the instructions within the email that you receive. Under no circumstances will we advertise to participants in market research projects.
 
3. Legal obligations and legal defense
We may be required to use and retain personal data for legal and compliance reasons, such as the prevention, detection, or investigation of a crime, loss prevention, fraud or any other abuse of our services and IT systems. We may also use your personal data to meet our internal and external audit requirements, information security purposes, or to protect or enforce our rights, privacy, safety, or property, or those of other persons.

4. Use of the Legamaster Homepage (www.legamaster.com)
This Privacy Policy also applies to your use of our website at www.legamaster.com ("Website"), with the following privacy related mechanics and features.

- Cookies: Our Website uses cookies and other technologies to enhance the users’ experience and improve the Website’s performance, user friendliness and security.

A cookie is a small file which asks permission to be placed on your computer's hard drive. Once you agree, the file is added and the cookie helps to analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.

Legamaster uses traffic log cookies to identify which pages are being used though Google Analytics. This helps us analyse data about web page traffic and improve our website in order to tailor it to customer needs. The information generated relating to our website is used to create reports about the use of the website. Google will store this information. Google's privacy policy is available at www.google.com/privacypolicy.html.

Overall, cookies help us provide you with a better website, by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.
You can choose to accept or decline cookies while entering our website. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website. Please consult the manual of your browser how to manage cookies.

- Third party websites: As a convenience to our visitors, this website contains links to a number of websites that are not affiliated with, controlled, or managed by us. The policies and procedures we describe here do not apply to those websites. We are not responsible for the security or privacy of any data collected by these third parties. We suggest contacting those websites directly for information on their privacy policies.

We will disclose your personal data only for the purposes and to those third parties, as described below. Legamaster will take appropriate steps to ensure that your personal data are processed, secured, and transferred according to applicable law.

1. Within the edding Group
Legamaster is part of a global organization (the “edding Group”), consisting of several companies in and outside the European Union, all primarily owned by edding AG in Germany. Your personal data may be transferred to one or more edding Group affiliated companies or existing sales partners as needed for data processing and storage, providing you with access to our services, providing customer support, making decisions about service improvements, content development and for other purposes as described in Section 3 of this Privacy Policy. We do not disclose personal data of participants in market research projects to third parties outside the edding Group unless the participants have declared their prior explicit consent for the specific purpose.

2. External service providers
Where necessary, we will commission other companies and individuals to perform certain tasks contributing to our services on our behalf within the framework of data processing agreements. We may, for example, provide personal data to contractors on behalf of logistic requirements. We will only share with or make accessible such data to external service providers to the extent required for the respective purpose. This data may not be used by them for any other purposes, in particular not for their own or third party purposes. Legamaster’s external service providers are contractually bound to respect the confidentiality of your personal data.

3. Public bodies
We will only disclose your personal data to public bodies where this is required by law. Legamaster will for example respond to requests from courts, law enforcement agencies, regulatory agencies, and other public and government authorities, which may include such authorities outside your country of residence.

Under specific circumstances, it will also be necessary for Legamaster to transfer your personal data to countries outside the European Union/ European Economic Area (EEA), so called "third countries". Such third country transfers may refer to all processing activities describes under Sec. 3 of this Privacy Policy. This Privacy Policy shall apply even if we transfer personal data to third countries, in which a different level of data protection applies than in your country of residence. In particular, an international data transfer may apply in the following scenarios:

1. Legal entities of edding Group
edding Group’s legal entities outside the European Union have entered into intra-company data protection agreements adopted by the European Commission to safeguard your privacy and legitimize international data transfers.

2. Other third parties outside the EU / EEA
Any transfers of personal data to third parties outside the edding Group will be carried out with your prior knowledge and, where applicable, with your consent. Any transfers of personal data into countries other than those for whom an adequacy decision regarding the level of data protection was made by the European Commission, as listed on http://ec.europa.eu/justice/data-protection/international-transfers/adequacy/index_en.htm, occur on the basis of contractual agreements using standard contractual clauses adopted by the European Commission or other appropriate safeguards in accordance with the applicable law. Our Marketing partner, MailChimp Inc., based in Atlanta, Georgia, USA, is participating in and has certified its compliance with the EU-US Privacy Shield Framework (www.privacyshield.gov/welcome).

We may, in certain and only in exceptional cases, process special categories of personal data concerning you ("sensitive data"). Sensitive data refer to personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data for the purpose of uniquely identifying a natural person, health or a natural person's sex life or sexual orientation. We may for example process sensitive data that you manifestly have made public. We may also process sensitive data as necessary for the establishment, exercise or defense of legal claims. We may also process your sensitive data if you have freely given your prior, express and separate consent in a specific context for a specific purpose. In addition to the above, Legamaster will not collect or process personal data of children under 16 years – or under a lower age – unless with parental consent, pursuant to applicable local law. If we become aware that personal data from a child were inadvertently collected, we will delete such data without undue delay.
 

Legamaster takes data security seriously. We apply an appropriate level of security and have therefore implemented reasonable physical, electronic, and administrative procedures to safeguard the data we collect from accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to personal data transmitted, stored or otherwise processed. Our information security policies and procedures are closely aligned with widely accepted international standards and are reviewed regularly and updated as necessary to meet our business needs, changes in technology, and regulatory requirements. Access to your personal data is granted only to those personnel, service providers or Legamaster affiliates with a business need-to-know or who require it in order to perform their duties. In the event of a data breach containing personal data, Legamaster will follow all applicable data breach notification laws.
 

As a data subject you have specific legal rights relating to the personal data we collect from you. This applies to all processing activities stipulated under Section. 3 of this Privacy Policy. Legamaster will respect your individual rights and will deal with your concerns adequately. The following list contains information on your legal rights which arise from applicable data protection laws:

  • Right to withdraw consent: Where the processing of personal data is based on your consent you may withdraw this consent at any moment by following the procedures described in the respective consent form. We ensure that consent can be withdrawn by the same means as it was given – e.g., electronically. 
  • Right to rectification: You may obtain from us rectification of personal data concerning you. We make reasonable efforts to keep personal data in our possession or control which are used on an ongoing basis, accurate, complete, current and relevant, based on the most recent information available to us.
  • Right to restriction: You may obtain from us restriction of processing of your personal data, if
    • you contest the accuracy of your personal data for the period we need to verify the accuracy,
    • the processing is unlawful and you request the restriction of processing rather than erasure of your personal data,
    • we do no longer need your personal data but you require them for the establishment, exercise or defense of legal claims, or
    • you object to the processing while we verify whether our legitimate grounds override yours.
  • Right to access: You may ask us from us information regarding personal data that we hold about you, including information as to which categories of personal data we have in our possession or control, what they are being used for, where we collected them, if not from you directly, and to whom they have been disclosed, if applicable.
  • Right to portability: At your request, we will transfer your personal data to another controller, where technical feasible, provided that the processing is based on your consent or necessary for the performance of a contract. 
  • Right to erasure: You may obtain from us erasure of your personal data, where
    • the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
    • you have a right to object further processing of your personal data (see below) and execute this right object to the processing;
    • the processing is based on your consent, you withdraw your consent and there is no other legal ground for the processing;
    • the personal data have been unlawfully processed;
  • unless the processing is necessary
    • for compliance with a legal obligation which requires processing from us;
    • in particular for statutory data retention requirements;
    • for the establishment, exercise or defence of legal claims.
  • Right to object: You may object – at any time – to the processing of your personal data due to your particular situation, provided that the processing is not based on your consent but on our legitimate interests or those of a third party. In this event we shall no longer process your personal data, unless we can demonstrate compelling legitimate grounds and an overriding interest for the processing or for the establishment, exercise or defense of legal claims. If you object to the processing, please specify whether you wish the erasure of your personal data or the restriction of its processing by us.
  • Right to lodge a complaint: In case of an alleged infringement of applicable privacy laws, you may lodge a complaint with the data protection supervisory authority in the country you live in or where the alleged infringement occurred.

Please note:

  • Time period: We will try to fulfill your request within 30 days. However, the period may be extended due to specific reasons relating to the specific legal right or the complexity of your request.
  • Restriction of access: In certain situations we may not be able to give you access to all or some of your personal data due to statutory provisions. If we deny your request for access, we will advise you of the reason for the refusal.
  • No identification: In some cases, we may not be able to look up your personal data due to the identifiers you provide in your request. Two examples of personal data which we cannot look up when you provide your name and email address are:
    • data collected through browser-cookies, 
    • data collected from public social media sites provided you have posted your comment under a nickname which is not known to us.
    • In such cases, where we cannot identify you as a data subject, we are not able to comply with your request to execute your legal rights as described in this section, unless you provide additional information enabling your identification.
  • Exercise your legal rights: In order to exercise your legal rights, please contact our privacy helpdesk in writing or text from, e.g. by email or letter. For contact information please refer to the end of this Privacy Policy.
     

In general, we will delete the personal data we collected from you if they are no longer necessary to achieve the purposes for which they were originally collected. However, we may be required to store your personal data for a longer period due to statutory provisions.
In addition, we will not delete all of your personal data if you requested from us to refrain from recontacting you in the future. For this purpose, Legamaster keeps records which contain information on people who do not want to be re-contacted in the future (e.g. by means of bulk emailing or campaigns for market research projects). We qualify your request as consent to store your personal data for the purpose of such record keeping unless you instruct us otherwise.
 

We reserve the right, at our discretion, to modify our privacy practices and update and make changes to this privacy policy at any time. For this reason, we encourage you to refer to this privacy policy on an ongoing basis. This privacy policy is current as of the "last revised” date which appears at the top of this page. We will treat your personal data in a manner consistent with the privacy policy under which they were collected, unless we have your consent to treat them differently.
We will also keep prior versions of this Privacy Policy in an archive for your review.

Legamaster International B.V.
Kwinkweerd 62, P.O Box 111
7240 AC Lochem
The Netherlands
Email: info@legamaster.com