Privacy Policy

1. Introduction

This website is operated by: Dennis Post.
It is very important to us to handle the data of our website visitors with trust and to protect it as best as possible. For this reason, we make every effort to meet the requirements of the GDPR. Below we explain how we process your data on our website. We use the clearest and most transparent language possible so that you really understand what happens to your data.

2. General Information

2.1 Processing of Personal Data and Other Terms

Data protection applies to the processing of personal data. Personal means all data with which you can be personally identified. This includes, for example, the IP address of the device (PC, laptop, smartphone, etc.) you are currently using. Such data is processed when 'something happens to it'. Here, for example, the IP is transmitted from the browser to our provider and automatically stored there. This is processing (according to Art. 4 No. 2 GDPR) of personal data (according to Art. 4 No. 1 GDPR).
These and other legal definitions can be found in Art. 4 GDPR.

2.2 Applicable Regulations/Laws – GDPR, BDSG and TTDSG

The scope of data protection is regulated by laws. In this case, these are the GDPR (General Data Protection Regulation) as a European regulation and the BDSG (Federal Data Protection Act) as national law.
Additionally, the TTDSG complements the regulations from the GDPR, insofar as it concerns the use of cookies.

2.3 The Controller

The controller for data processing on this website is the controller within the meaning of the GDPR. This is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data.

You can reach the controller at:
Dennis Post
Lilistraße 67
63067 Offenbach am Main
privacy@lymo.ai

2.4 How Data is Processed on This Website

As we have already established, there are data (e.g., IP address) that are automatically collected. This data is mainly needed for the technical provision of the homepage. If we use personal data beyond this or collect other data, we will inform you about it or ask for your consent.
Other personal data is consciously provided by you.
Detailed information on this can be found further below.

2.5 Your Rights

The GDPR provides you with comprehensive rights. These include, for example, free information about the origin, recipients, and purpose of your stored personal data. You can also request the correction, blocking, or deletion of this data or complain to the relevant data protection supervisory authority. You can revoke a given consent at any time.
Details on these rights and how to exercise them can be found in the last section of this privacy policy.

2.6 Data Protection – Our View

Data protection is more than just a necessary duty for us! Personal data has great value, and careful handling of this data should be a matter of course in our digitalized world. You, as a website visitor, should be able to decide for yourself what happens to your data, when, and by whom. Therefore, we commit to complying with all legal requirements, collecting only the data necessary for us, and treating it confidentially.

2.7 Sharing and Deleting Data

Sharing and deleting data are also important and sensitive topics. Therefore, we would like to briefly inform you about our general approach to this. Data is shared only based on a legal foundation and only when it is unavoidable. This can particularly be the case when it involves a processor, and a data processing agreement according to Art. 28 GDPR has been concluded.
We delete your data when the purpose and legal basis for processing are no longer applicable and no other legal obligations prevent deletion. A good overview of this can also be found in Art. 17 GDPR.
Please refer to this privacy policy for all further information and contact the controller for specific questions.

2.8 Hosting

This website is hosted externally. The personal data collected on this website is stored on the host's servers. This includes both automatically collected and stored log files (more on this below), as well as all other data provided by website visitors.
External hosting is done to ensure a secure, fast, and reliable provision of our website and serves to fulfill our contract with our potential and existing customers.
The legal basis for processing is Art. 6 para. 1 lit. a, b, and f GDPR, as well as § 25 para. 1 TTDSG, insofar as consent includes the storage of cookies or access to information on the end device of the website visitor or user within the meaning of TTDSG.
Our host only processes data necessary to fulfill its performance obligations and acts as our processor, meaning it is subject to our instructions. We have concluded an appropriate data processing agreement with our host.
We use the following host:
Amazon Web Services Amazon Web Services EMEA SARL, 38 Avenue John F. Kennedy, L-1855, Luxembourg.
https://aws.amazon.com/privacy/?nc1=f_pr
https://aws.amazon.com.

2.9 Legal Bases

The processing of personal data always requires a legal basis. Art. 6 para. 1 sentence 1 GDPR provides the following options:

a) The data subject has given consent to the processing of their personal data for one or more specific purposes;

b) the processing is necessary for the performance of a contract to which the data subject is a party or to carry out pre-contractual measures taken at the request of the data subject;

c) the processing is necessary for compliance with a legal obligation to which the controller is subject;

d) the processing is necessary to protect the vital interests of the data subject or another natural person;

e) the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;

f) the processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require the protection of personal data, in particular where the data subject is a child.

In the following sections, we will specify the concrete legal basis for the respective processing.

3. What Happens on Our Website

By visiting our website, we process personal data from you.
To best protect this data from unauthorized access by third parties, we use SSL or TLS encryption. You can recognize this encrypted connection by the fact that a lock symbol is displayed in the address line of your browser, and the address begins with https://.
Below you will find out which data is collected when you visit our website, for what purpose it is collected, and on which legal basis.

3.1 Data Collection When Accessing the Website

When accessing the website, information is automatically stored in so-called server log files. This information includes:

This data is temporarily needed to continuously and trouble-free display our website to you. In particular, this data serves the following purposes:

Data processing is carried out in accordance with Art. 6 para. 1 lit. f GDPR and based on our legitimate interest in processing this data, especially the interest in the functionality of the website and its security.
This data is, as far as possible, stored in a pseudonymized form and deleted after the respective purpose is achieved.
If the server log files allow the identification of the data subject, the data is stored for a maximum period of 14 days. An exception is made if a security-relevant event occurs. In this case, the server log files are stored until the security-relevant event is resolved and fully clarified.
Otherwise, there is no merging with other data.

3.2 Cookies

3.2.1 General Information

This website uses so-called cookies. These are data records, information stored in your device’s browser related to our website.
By setting cookies, navigation on the website can be particularly facilitated for the visitor.

3.2.2 Rejecting Cookies

The setting of cookies can be prevented by adjusting your browser settings.
Here are the corresponding links to commonly used browsers:
Mozilla Firefox: https://support.mozilla.org/en-US/kb/clear-cookies-and-site-data-firefox Google Chrome: https://support.google.com/chrome/answer/95647?hl=en
Microsoft Edge: https://support.microsoft.com/en-us/windows/delete-and-manage-cookies-168dab11-0753-043d-7c16-ede5947fc64d
Safari: https://support.apple.com/en-us/guide/safari/sfri11471/mac and https://support.apple.com/en-us/guide/safari/sfri11471/mac If you use a different browser, it is recommended to enter the name of your browser and ‘delete and manage cookies’ in a search engine and follow the official link to your browser.
Alternatively, you can also manage your cookie settings at www.aboutads.info/choices/ or www.youronlinechoices.com.
However, we must inform you that comprehensive blocking/deleting of cookies may result in impairments when using the website.

3.2.3 Technically Necessary Cookies

We use technically necessary cookies on this website so that our website functions correctly and according to applicable laws. They help make the website user-friendly. Some functions of our website cannot be displayed without the use of cookies.
The legal basis for this is Art. 6 para. 1 lit. b, c, and/or f GDPR, depending on the individual case.

3.2.4 Technically Unnecessary Cookies

We also use cookies on our website that are not technically necessary. These cookies are used, among other things, to analyze the surfing behavior of the website visitor or to offer website functions that are not technically necessary.
The legal basis for this is your consent in accordance with Art. 6 para. 1 lit. a GDPR.
Technically unnecessary cookies are only set with your consent, which you can revoke at any time in the cookie consent tool.

3.3 Data Processing by User Input

3.3.1 Own Data Collection

We offer the following (service) on our website: Access to the application.
For this, we collect the following data:

The legal basis for this data processing is Art. 6 para. 1 lit. b GDPR.
The data will be deleted as soon as the respective purpose ceases to apply and it is permissible under legal regulations.

3.3.2 Contact

a) Email

If you contact us via email, we process your email address and any other data contained in the email. These are stored on the mail server and partly on the respective devices. Depending on the matter, the legal basis for this is regularly Art. 6 para. 1 lit. f GDPR or Art. 6 para. 1 lit. b GDPR. The data will be deleted as soon as the respective purpose ceases to apply and it is permissible under legal regulations.

3.4 Newsletter

3.4.1 Klaviyo

We use Klaviyo to provide our newsletter. This service is offered by Klaviyo, Inc., 125 Summer Street, Boston MA, 02111, USA.
This service allows the organization and analysis of newsletter distribution. The data entered to receive the newsletter is stored on the service’s servers.
With the help of Klaviyo, interactions with the newsletter can be analyzed.
Conversion rates can also be determined, and newsletter users can be categorized to tailor the newsletter to different target groups.
The legal basis for processing is Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG. Consent can be revoked at any time by unsubscribing from the newsletter. The legality of the processing carried out until the revocation remains unaffected.
The data will be deleted upon the end of the contract between us and Klaviyo, unless the website visitor revokes their consent beforehand. If this is the case, the data will be deleted from the distribution list.
The EU Commission's standard contractual clauses (SCC) apply to data transfers to the USA. This contract text can be viewed here: https://www.klaviyo.com/privacy/dpa.
Further details:
https://www.klaviyo.com/legal/privacy/privacy-notice.

3.5 Mailing Service

3.5.1 Fastmail

We use Fastmail as a mailing service. This service is offered by Fastmail Pty Ltd ("Fastmail"), PO Box 234, Collins Street West, VIC 8007, Australia.
It is an email service.
Processing is based on either consent according to Art. 6 para. 1 lit. a GDPR, if we use the mailing service to contact our leads. Consent can be revoked at any time.
In the case of sending emails for specific contract initiation or within an existing contractual relationship, the legal basis for processing is Art. 6 para. 1 lit. b GDPR, as the services used are for customer management and the fulfillment of our contractual performance.
The data will be deleted at the end of the contract between us and Fastmail.
The EU Commission's standard contractual clauses (SCC) apply to data transfers to the USA, Australia, or India. This contract text can be viewed here: https://www.fastmail.com/about/dpa/.
Further details:
https://www.fastmail.com/privacy/

3.6 Analysis and Tracking Tools

3.6.1 Plausible.io

We use the functions of plausible.io on our website. This is a service of Plausible Insights OÜ, Västriku tn 2, 50403, Tartu, Estonia.
Plausible is an open-source analysis tool. All measurements on the website are carried out completely anonymously. No cookies are used, and no personal data is collected. There are no permanent identifiers. There is no cross-site or cross-device tracking. The data of the website is not used for other purposes. All visitor data is processed exclusively with servers owned and operated by European companies and never leaves the EU.
The legal basis for processing is Art. 6 para. 1 lit. f GDPR. We have a legitimate interest in the analysis to ensure the technical stability and maximum performance of our website.
Further information:
https://plausible.io/data-policy

3.7 Payment Services

3.7.1 Stripe

We use Stripe on this website. Stripe provides technology for operating online payment systems. This service is offered by Stripe Payments Europe Limited, 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, D02 H210, Ireland Attention.
For the purpose of payment processing, the payment data of the website visitor is processed by Stripe as soon as a contractual relationship is established through this website. The respective contractual and data protection provisions of Stripe apply to the respective transaction.
Stripe also uses cookies to collect data. These cookies are only set with your consent. Consent can be revoked at any time. The legal basis for this is Art. 6 para. 1 lit. a GDPR.
Otherwise, the legal basis for processing by Stripe is Art. 6 para. 1 lit. b GDPR. The data is processed for the purpose of contractual obligations.
We also have a legitimate interest in processing this data within the meaning of Art. 6 para. 1 lit. f GDPR to ensure a fast and reliable payment process.
The data will be deleted as soon as it is no longer required for data processing.
Further details:
https://stripe.com/privacy-center/legal

3.7.2 Apple Pay

We use Apple Pay on this website. Apple Pay is a payment service provider. This service is offered by Apple Inc., Infinite Loop, Cupertino, CA 95014, USA.
For the purpose of payment processing, the payment data of the website visitor is processed by the payment service provider as soon as a purchase is made through this website. The respective contractual and data protection provisions of the payment service provider apply to the respective transaction.
The legal basis is Art. 6 para. 1 lit. b GDPR. The data is processed for (pre-)contractual obligations.
We also have a legitimate interest in processing this data within the meaning of Art. 6 para. 1 lit. f GDPR to ensure a fast and reliable payment process.
Further details:
https://www.apple.com/legal/privacy/

4. Other Important Information

Finally, we would like to inform you comprehensively and in detail about your rights and let you know how you will be informed about changes in data protection requirements.

4.1 Your Rights in Detail

4.1.1 Right to Access according to Art. 15 GDPR

You can request information about whether personal data concerning you is being processed. If this is the case, you can request further information on the nature and manner of processing. A detailed listing can be found in Art. 15 para. 1 lit. a to h GDPR.

4.1.2 Right to Rectification according to Art. 16 GDPR

This right includes the correction of inaccurate data and the completion of incomplete personal data.

4.1.3 Right to Erasure according to Art. 17 GDPR

This so-called "right to be forgotten" gives you the right to request the deletion of personal data by the controller under certain conditions. This is generally the case if the purpose of data processing has ceased to apply, if consent has been withdrawn, or if the initial processing was without a legal basis. A detailed listing of reasons can be found in Art. 17 para. 1 lit. a to f GDPR.
This "right to be forgotten" also corresponds with the obligation of the controller from Art. 17 para. 2 GDPR to take appropriate measures to ensure the general deletion of the data.

4.1.4 Right to Restriction of Processing according to Art. 18 GDPR

This right is subject to the conditions of Art. 18 para. 1 lit. a to d.

4.1.5 Right to Data Portability according to Art. 20 GDPR

This provides the fundamental right to receive one's own data in a commonly used format and to transfer it to another controller.
However, this only applies to data processing based on consent or contract according to Art. 20 para. 1 lit. a and b and as far as it is technically feasible.

4.1.6 Right to Object according to Art. 21 GDPR

You can generally object to the processing of your personal data. This particularly applies if your interest in the objection outweighs the legitimate interest of the controller in the processing and if the processing relates to direct marketing and/or profiling.

4.1.7 Right to "Automated Individual Decision-Making" according to Art. 22 GDPR

You have the right not to be subject to a decision based solely on automated processing (including profiling) that produces legal effects concerning you or similarly significantly affects you. However, this right has limitations and additions in Art. 22 para. 2 and 4 GDPR.

4.1.8 Further Rights

The GDPR includes comprehensive rights to inform third parties about whether or how you have exercised rights under Art. 16, 17, 18 GDPR. However, this is only applicable if possible or feasible with reasonable effort.
We would like to remind you again of your right to withdraw given consent according to Art. 7 para. 3 GDPR. The legality of the processing carried out up to that point remains unaffected.
We also want to draw your attention to your rights under §§ 32 ff. BDSG, which, however, are mostly substantively congruent with the aforementioned rights.

4.1.9 Right to Complain according to Art. 77 GDPR

You also have the right to lodge a complaint with a data protection supervisory authority if you believe that the processing of personal data concerning you violates this regulation.

5. What if the GDPR is abolished tomorrow or other changes occur?

The current status of this privacy policy is 23.05.2024. From time to time, it is necessary to adjust the content of the privacy policy to respond to actual and legal changes. We, therefore, reserve the right to change this privacy policy at any time. We will publish the amended version in the same place and recommend that you read the privacy policy regularly.