Privacy Policy

Privacy policy pursuant to Articles 13 and 21 of the GDPR and Section 25 of the TTDSG for the content and functions of the Leadhub website https://leadhub.software (hereinafter referred to as “Services”) of LeadHub GmbH.

As of January 2022

1. General information

The protection of your personal data and your privacy is extremely important to us, LeadHub GmbH, Gerichtsstraße 2, 65185 Wiesbaden, Germany. That is why we want to offer you comprehensive transparency regarding the processing of your personal data (GDPR) as well as the storage of information on your device and access to information (TTDSG). Only when the processing of personal data and information is comprehensible to you as the data subject will you be sufficiently informed about the scope, purposes, and benefits of the processing. This privacy policy applies to all processing of personal data carried out by us, as well as to the storage of information on your end devices and access to such information. This applies both in the context of providing our services and within external online presences, such as our social media fan pages. The controller within the meaning of the General Data Protection Regulation (GDPR), the Federal Data Protection Act (BDSG), and other data protection regulations is

LeadHub GmbH

Gerichtsstraße 2
65185 Wiesbaden
Germany
Email: privacy@leadhub.software
Hereinafter referred to as“Controller” or „we“.

2. General information on data processing

2.1 Personal data

Personal data is individual information about the personal or factual circumstances of an identified or identifiable natural person.

Examples of specific information about personal or factual circumstances include:

  1. Name, age, marital status, date of birth
  2. Address, telephone number, email address
  3. Account number, credit card number
  4. IP address & location data
  5. Vehicle identification number, license plate number
  6. ID card number, social security number
  7. previous convictions
  8. genetic data and medical records
  9. Value judgments such as report cards

2.2 How we process personal data

We process personal data within the legally permissible limits. This means that data processing operations are based on a legal basis. These are standardized in Art. 6 (1) GDPR. Most data processing is based on a legitimate interest on our part (Article 6(1)(f) GDPR), on processing operations necessary for the performance of a contract (Article 6(1)(b) GDPR) or on your consent (Article 6(1)(a) GDPR). In the latter case, you will be notified separately (e.g., via a cookie banner) about the consent process. We only process personal data for specific purposes (Art. 5 (1) (b) GDPR). As soon as the purpose of the processing ceases to apply, your personal data will be deleted or protected by technical and organizational measures (e.g., by pseudonymization).
The same applies to the expiry of a prescribed storage period, except in cases where further storage is necessary for the conclusion or fulfillment of a contract. In addition, there may be a legal obligation to store data for a longer period or to pass it on to third parties (in particular to law enforcement authorities). In other cases, the storage period and type of data collected, as well as the type of data processing, depend on which functions you use in each individual case. We will be happy to provide you with information on this in individual cases, in accordance with Art.

2.3 We process these categories of data

Data categories include the following data in particular:

  1. Master data (e.g., names, addresses, dates of birth),
  2. Contact details (e.g., email addresses, phone numbers, messenger services),
  3. Content data (e.g., text entries, photographs, videos, contents of documents/files),
  4. Contract data (e.g., subject matter of the contract, terms, customer category),
  5. Payment data (e.g., bank details, payment history, use of other payment service providers),
  6. Usage data (e.g., history of our services, use of certain content, access times),
  7. Connection data (e.g., device information, IP addresses, URL referrers).

2.4 We take these security measures

In accordance with legal requirements and taking into account the state of the art, implementation costs, and the nature, scope, circumstances, and purposes of processing, as well as the varying likelihood and severity of threats to your rights and freedoms, we take appropriate technical and organizational measures to ensure a level of protection appropriate to the risk.
These measures include, in particular, ensuring that your data is stored and processed confidentially, with integrity, and is available at all times. Furthermore, the security measures we implement include controls on access to your data, as well as access, input, disclosure, availability, and separation from the data of other natural persons. Furthermore, we have established procedures that ensure the exercise of data subject rights (see section 5), the deletion of data, and responses in the event of a threat to your data. In addition, we take the protection of personal data into account as early as the development stage of our software and through procedures that comply with the principle of data protection by design and data protection-friendly default settings.

2.5 How we transfer or disclose personal data to third parties

As part of our processing of your personal data, this data may be transferred or disclosed to other bodies, companies, legally independent organizational units, or individuals. These third parties may include, for example, payment institutions in the context of payment transactions, service providers commissioned with IT tasks, or providers of services and content that we have integrated into our website. If we transfer or disclose your personal data to third parties, we comply with the legal requirements and, in particular, conclude appropriate contracts or agreements with the recipients of your data to protect your data.

2.6 This is how a transfer to a third country takes place

If this privacy policy states that we transfer your personal data to a third country, i.e. a country outside the EU or the EEA, the following applies.
Should we process your data in a third country or should the processing take place in a third country in connection with the use of third-party services, this will only be done in accordance with the legal requirements.
Furthermore, data will generally only be transferred to third countries with your express consent. Regardless of whether this consent has been given or not, we guarantee that we have contractual or legal authorization to transfer and process your data in the third country in question. In addition, we only allow your data to be processed by service providers in third countries that, in our opinion, have a recognized level of data protection. This means that there is, for example, an adequacy decision between the EU and the country to which we transfer your personal data. An “adequacy decision” is a decision adopted by the European Commission pursuant to Article 45 GDPR, which determines that a third country (i.e., a country not bound by the GDPR) or an international organization offers an adequate level of protection for personal data. Alternatively, for example, if there is no adequacy decision, a transfer to a third country will only take place if, for example, contractual obligations between us and the service provider in the third country exist in the form of so-called standard contractual clauses of the EU Commission and further technical security measures have been taken to ensure a level of protection equivalent to that in the EU, or if the service provider in the third country can provide data protection certifications and only processes your data in accordance with internal data protection regulations.

IMPORTANT

According to the European Court of Justice and some data protection supervisory authorities in the federal states of Germany, there is currently no adequate level of protection for data transfers to the USA. By integrating external services into our services, we have attempted to meet the highest legal and technical requirements currently possible. Nevertheless, we cannot guarantee that this will satisfy the requirements of European institutions or German data protection authorities, among others. Therefore, it remains your decision whether or not to use our services with the integrated services.

2.7 Information about the cookies used

Cookies are small text files that contain data from visited websites or domains and are stored on your device (computer, tablet, or smartphone). When you access a website, the cookie stored on your device sends information to the party that placed the cookie.

2.7.1 First-party cookies and third-party cookies

Our Services may set third-party cookies and allow third parties to place cookies on your device. The difference between a first-party cookie and a third-party cookie is the control over the placement of the cookie. First-party cookies are cookies that are specific to the Services that created them. Their use enables us to provide an efficient service and to evaluate your user behavior in our Services. Third-party cookies are placed on your device by third parties (i.e., not by us). Although we may allow third parties to access our services to place cookies on your devices, we have no control over the information provided by the cookies and no access to this data. This information is processed entirely by the third parties in accordance with their respective privacy policies and, where applicable, processing agreements concluded between us and the third parties pursuant to Art. 28 GDPR or joint controller agreements pursuant to Art. 26 GDPR.

Objectively, we distinguish between

  1. Functional Cookies: These cookies are required for the basic technical functions of the Services. These cookies, for example, allow a secure login and the storage of progress in order transactions. Furthermore, they allow us to save your login data, the contents of your shopping cart, and the uniform presentation of page contents.
  2. Statistic Cookies: These cookies allow us to analyze the Services so that we can measure and improve their performance. You can change your personal settings for statistic cookies by clicking the corresponding Opt-Out link.
  3. Marketing Cookies: These cookies are used by us to provide you with advertising that may be relevant to your interests. These cookies, for example, allow the sharing of pages via social networks and the writing of comments. Furthermore, offers that may correspond to your interests are displayed. You can change your personal settings for marketing cookies by clicking the corresponding Opt-Out link.

2.7.2 How we use cookies

We want you to be able to make an informed decision for or against the use of cookies that are not necessarily required for the technical features of the Services. Therefore, we allow you to select in the scope of a cookie consent banner at the first visit to our Services and thereafter permanently in appropriate settings which cookies you allow. Here it applies that for the visit of our Services functional cookies are mandatory and therefore already allowed via our default settings. Statistic and marketing cookies are optional. You can allow them by agreeing to set these cookies in the cookie banner. Alternatively, you can reject statistic and marketing cookies. Please note that you can still be shown advertising even if you reject the use of statistic and marketing cookies. This advertising is then less tailored to your interests. However, you can still use the entire functionality of the Services. How exactly we and which cookies we use can be found in the following.

2.7.3 Storage duration of cookies

Unless we give you explicit information on the storage duration of cookies (e.g. in the context of the cookie banner), you can assume that the storage duration can be up to two years. If cookies are set on the basis of your consent, you have the possibility at any time to revoke an granted consent or to object to the processing of your data by cookie technologies (collectively referred to as "Opt-Out").

2.8 Consent Management

We use Piwik PRO as a consent management tool from Piwik PRO GmbH as part of the tracking and analysis activities in our services. Piwik PRO collects log file and consent data using JavaScript. This JavaScript enables us to inform you about your consent to certain tags in our services and to obtain, manage, and document this consent.
We process the following data: (1) Consent data (anonymized logbook data (consent ID, processor ID, controller ID), consent status, timestamp), (2) Device data (including truncated IP addresses (IP v4, IP v6), device information, timestamp), (3) User data (including email, ID, browser information, setting IDs, changelog). The ConsentID (contains the above data) and the consent status, including timestamp, are stored in your browser's local memory and simultaneously on the cloud servers we use. Further processing only takes place if you submit a request for information or revoke your consent. We store personal data that we process using Piwik PRO on our servers located in Germany (Nuremberg). The legal basis for processing personal data using Piwik PRO in accordance with the provisions set out here results from our legitimate interest and from the fulfillment of legal requirements, and thus from Art. 6 (1) lit. f and c GDPR. By using Piwik PRO, we want to comply with legal requirements for data protection and tracking and thus set up the functioning of our information technology systems in a legally compliant and user-centered manner.

3. Data processing in connection with the use of our services

The use of our services with all their functions involves the processing of personal data. We explain exactly how this works here.

3.1 Informational use of our services

Simply accessing our services for informational purposes requires the processing of the following personal data and information: browser type and version, operating system used, address of previously visited websites, address of the device you are using to access our services (IP address), and the time at which you accessed our services. All this information is automatically transmitted by your browser unless you have configured it to suppress the transmission of this information.
This personal data is processed for the purpose of ensuring the functionality and optimization of our services, as well as to guarantee the security of our information technology systems. These purposes are also legitimate interests pursuant to Art. 6 (1) (f) GDPR, meaning that the processing is carried out on legal grounds.

3.2. Use after registration

Beyond the purely informational use of our services, you have the option of registering for our services and using our entire range of offerings. Our services enable you and your users to select various services and access the content they contain.
The use of our services may require the processing of personal data and information in the manner described in this Section 3.
Some processing steps may also be carried out by third-party providers. Data processing by third-party providers is carried out in accordance with the terms and conditions of the relevant privacy policies. In the case of data processing with third-party providers, this may constitute contract processing within the meaning of Art. 28 GDPR. This is subject to strict legal requirements, which we comply with in the course of our contractual agreements with our contract processors.
Use after logging in and the associated data processing operations may differ from purely informational use. The collection of this data associated with your profile is carried out for the purpose of optimization and to ensure the functionality of our offer. These are legitimate purposes in accordance with Art. 6 (1) lit. f GDPR. If your consent is required for the processing operation, we will obtain it at the appropriate point (e.g., via the opt-in option in a cookie banner when you use our service for the first time). If you have any further questions, we will be happy to assist you in accordance with your right to information under Art. 15 (1) GDPR.

3.3 Contact form / Contacting us by email

We process the personal data you provide us with when contacting us for the purpose of responding to your inquiry, email, or callback request. The categories of data processed in this context are master data, contact data, content data, usage data (if applicable), connection data, and contract data (if applicable). In individual cases, we forward this data to affiliated companies or third parties that we commission to process orders. The legal basis for processing depends on the purpose of the contact.

  1. It is generally based on our legitimate interest and thus on Art. 6 (1) (f) GDPR.
  2. If the conclusion of a contract is intended, the authorization is based on Art. 6 para. 1 lit. b GDPR.

3.4 Web hosting

3.4.1 Provision of our services

In order to provide you with our services, we use the services of a web hosting provider. Our services are accessed from the servers of this web hosting provider. For these purposes, we use the infrastructure and platform services, computing capacity, storage space, and database services, as well as security services and technical maintenance services provided by the web hosting provider.
The processed data includes all data that you enter in connection with your use and communication in connection with your visit to our services or that is collected from you in this context (e.g., your IP address). Our legal basis for using a web hosting provider to provide our services results from Art. 6 (1) lit. f GDPR (legitimate interest).

3.4.2 Receiving and sending emails

The web hosting services we use may also include the sending, receiving, and storage of emails. For these purposes, the addresses of the recipients of your emails and the senders, as well as other information relating to the sending of emails (e.g., the providers involved) and the content of the respective emails, will be processed. The aforementioned data is processed for purposes including the detection of SPAM. Emails are generally not sent in encrypted form on the Internet. As a rule, emails are encrypted during transmission, but (unless end-to-end encryption is used) not on the servers from which they are sent and received. We therefore cannot accept any responsibility for the transmission of emails between the sender and the recipient on our server. Our legal basis for using a web hosting provider to receive and send emails is Art. 6 (1) lit. f GDPR (legitimate interest)..

3.4.3 Collection of access data and log files

We ourselves (or our web hosting provider) collect data on every access to the server (server log files). The server log files include the address and name of the accessed services and files, the date and time of the access, the transferred data volumes, a message about a successful access, the browser type and version, your operating system, the referring URL (the previously visited page), and in most cases the IP address and the requesting provider.
The server log files can be used in part for security purposes, e.g., to avoid server overloads (particularly in the case of malicious attacks, so-called DDoS attacks), and in part to ensure the server's utilization and stability. Our legal basis for using a web hosting provider to collect access data and log files results from Art. 6 (1) lit. f GDPR (legitimate interest).

3.5 Tracking & Tools

To ensure a smooth technical process and an optimal user-friendly use of our services, we use the following services:

Google Tag Manager

Google Tag Manager is

Google Search Console

For the purpose of continuously optimizing the Google ranking of our services, we use Google Search Console, a web analytics service provided by Google.
Google Search Console allows us to perform search analyses that provide us with information about how often our services appear in Google search results. This enables us to monitor and manage our services in the search index.
When using Google Search Console, no personal user or tracking data is processed or transmitted to Google.

Google Ad Manager

We use the “Google Marketing Platform” (and services such as “Google Ad Manager”) to place ads on the Google advertising network (e.g., in search results, in videos, on websites, etc.). The Google Marketing Platform allows ads to be displayed in real time based on users' presumed interests. This allows us to display ads in a more targeted manner, so that we only show you ads that match your potential interests. The data processed is usage data and connection data. The recipient of the data is Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland (as joint controller, Art. 26 GDPR). If Google transfers this data to a third country (e.g., the US), this will only happen in individual cases, on the basis of a data processing agreement concluded with Google and in accordance with standard contractual clauses agreed with Google and other security measures permitted by the GDPR, which guarantee the security of the processing of your personal data with a level of protection identical to that in the EU. The legal basis for the use of Google Ad Manager is your consent (e.g., via an opt-in in the cookie banner), provided that you have given us this consent during your visit to our services. The legal basis for the integration of Google Ad Manager therefore results from Art. 6 (1) lit. a GDPR. Based on your consent, cookies are stored on your device.

Google Ads Conversion Tracking

We use Google Ads Conversion Tracking to measure the success of our Google Ads advertising campaigns. First, ads are placed in the Google advertising network (e.g., in search results, in videos, on websites, etc.) so that they are displayed to users who are likely to be interested in the ads. We then measure the conversion of the ads. The only feedback we receive is the anonymous total number of users who clicked on our ad and were redirected to a page tagged with a “conversion tracking tag.” We ourselves do not receive any information that could be used to identify users. The data processed is usage data and connection data. The recipient of the data is Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland (as joint controller, Art. 26 GDPR). If Google transfers this data to a third country (e.g., the US), this only happens in individual cases, on the basis of a data processing agreement concluded with Google and in accordance with standard contractual clauses agreed with Google and other security measures permitted by the GDPR, which guarantee the security of the processing of your personal data with a level of protection identical to that in the EU. The legal basis for the use of Google Ads Conversion Tracking is your consent (e.g., via an opt-in in the cookie banner), provided that you give us this consent during your visit to

3.6 Fan pages on social media websites

We maintain fan pages on social networking websites and process personal data in this context in order to communicate with users active there or to provide information about us. Please note that when you visit our fan pages, your data may be processed outside the European Union. The operators of the respective social networks are responsible for this. A detailed description of the respective forms of processing and the options for objection (e.g., opt-out) can be found in the privacy policies of the operators of the respective social networks.

Facebook

We operate a Facebook fan page for our company on Facebook. When you visit the Facebook fan page, Facebook can evaluate your usage behavior and share the information obtained from this with us (“Insights”). The page insights are used for the purposes of economic optimization and the needs-based design of our services. The categories of data processed may include master data, contact data, content data, usage data, and connection data. The recipient of the data is Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, as joint controller pursuant to Art. 26 GDPR. The legal basis for processing the data in accordance with the provisions set out here results from our legitimate interest and thus from Art. 6 (1) lit. f GDPR.
Facebook is responsible for implementing your rights as a data subject. Facebook provides information about your rights as a data subject at https://www.facebook.com/legal/terms/information_about_page_insights_data. You can also assert your rights against us, and we will then forward your request to Facebook immediately.

Instagram

We operate a so-called Instagram fan page for our company on Instagram. When you visit the Instagram fan page, Facebook can evaluate your usage behavior and share the information obtained from this with us (“Insights”). Page Insights are used for the purposes of economic optimization and the needs-based design of our website/services. The categories of data processed may include master data, contact data, content data, usage data, and connection data. The recipient of the data is Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, as joint controller pursuant to Art. 26 GDPR. The legal basis for processing the data in accordance with the provisions set out here results from our legitimate interest and thus from Art. 6 (1) lit. f GDPR.
Facebook is responsible for implementing your rights as a data subject. Facebook provides information about your rights as a data subject at https://www.facebook.com/legal/terms/information_about_page_insights_data. You can also assert your rights against us, and we will then forward your request to Facebook immediately.

LinkedIn

We operate a LinkedIn fan page for our company on LinkedIn. When you visit and use the LinkedIn fan page, LinkedIn can evaluate your usage behavior and share the information obtained from this with us. This information is used for the purposes of economic optimization and the needs-based design of our website/services. The categories of data processed here are master data, contact data, content data, usage data, and connection data. The recipient of the data is LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland, as joint controller pursuant to Art. 26 GDPR. The legal basis for processing the data in accordance with the provisions set out here results from our legitimate interest and thus from Art. 6 (1) lit. f GDPR.

Xing

We operate a Xing fan page for our company on Xing. When you visit and use the LinkedIn fan page, New Work SE can evaluate your usage behavior and share the information obtained from this with us. This information is used for the purposes of economic optimization and the needs-based design of our website/services. The categories of data processed in this context are master data, contact data, content data, usage data, and connection data. The recipient of the data is New Work SE, Dammtorstraße 30, 20354 Hamburg, as joint controller pursuant to Art. 26 GDPR. The legal basis for processing the data in accordance with the provisions set out here results from our legitimate interest and thus from Art. 6 (1) lit. f GDPR.

3.7 Plug-ins in our services

In our services, we use plugins to integrate content such as videos, buttons, social media icons, etc. from social networks and other websites. This integration always works in such a way that the social networks learn and process your IP address via these plugins. The IP address is necessary for displaying the content of the plugins, as it is required so that the social networks whose plugins we have integrated can send information to your browser. Some social networks use pixel tags (invisible graphics, also known as “web beacons”) for statistical or marketing purposes. The “pixel tags” allow information such as visitor traffic to our services to be evaluated. Further information may also be stored in cookies on your device and may include technical information about your browser and operating system, the time of your visit to our services, and other information about your use of our services, which may be linked to information from other sources.

4. Order processing

If we use external service providers to process your data, we carefully select and commission them. If the services provided by these service providers constitute order processing within the meaning of Art. 28 GDPR, the service providers are bound by our instructions and are regularly monitored. Our order processing agreements comply with the strict requirements of Art. 28 GDPR and the specifications of the German data protection authorities.

5. Rights of data subjects

If your personal data is processed, you are a data subject within the meaning of the GDPR and, as a user, you have the following rights vis-à-vis the controller:

5.1 Right to information

You may request confirmation from the controller as to whether personal data concerning you is being processed by us.

If such processing takes place, you may request the following information from the controller:

  1. the purposes for which the personal data are processed;
  2. the categories of personal data that are processed;
  3. the recipients or categories of recipients to whom your personal data has been or will be disclosed;
  4. the planned duration of storage of the personal data concerning you or, if specific information on this is not possible, criteria for determining the storage period;
  5. the existence of a right to rectification or erasure of personal data concerning you, a right to restriction of processing by the controller, or a right to object to such processing;
  6. the existence of a right of appeal to a supervisory authority;
  7. all available information on the origin of the data, if the personal data is not collected from the data subject;
  8. the existence of automated decision-making, including profiling, pursuant to Article 22(1) and (4) of the GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
  9. You have the right to request information about whether personal data concerning you is being transferred to a third country or to an international organization. In this context, you may request to be informed about the appropriate safeguards pursuant to Art. 46 GDPR in connection with the transfer.

5.2 Right to rectification

You have the right to request the controller to correct and/or complete your personal data if it is inaccurate or incomplete. The controller must make the correction without delay.

5.3 Right to restriction of processing

You may request the restriction of the processing of personal data concerning you under the following conditions:

  1. if you dispute the accuracy of the personal data concerning you for a period enabling the controller to verify the accuracy of the personal data;
  2. the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;
  3. the controller no longer needs the personal data for the purposes of processing, but you need it to assert, exercise, or defend legal claims, or
  4. if you have lodged an objection to the processing pursuant to Art. 21 (1) GDPR and it is not yet clear whether the legitimate grounds of the controller override your grounds.
  5. If the processing of personal data concerning you has been restricted, such data may, with the exception of storage, only be processed with your consent or for the establishment, exercise, or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.

If the restriction of processing has been restricted in accordance with the above conditions, you will be informed by the controller before the restriction is lifted.

5.4 Right to erasure

5.4.1

You may request that the controller delete your personal data without delay, and the controller is obliged to delete this data without delay if one of the following reasons applies:

  1. The personal data concerning you is no longer necessary for the purposes for which it was collected or otherwise processed.
  2. You withdraw your consent on which the processing was based in accordance with Art. 6 (1) lit. a or Art. 9 (2) lit. a GDPR, and there is no other legal basis for the processing.
  3. You object to the processing pursuant to Art. 21 (1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21 (2) GDPR.
  4. The personal data concerning you has been processed unlawfully.
  5. The erasure of personal data concerning you is necessary to comply with a legal obligation under Union or Member State law to which the controller is subject.
  6. The personal data concerning you has been collected in relation to the offer of information society services pursuant to Art. 8 (1) GDPR.

5.4.2

If the controller has made the personal data concerning you public and is obliged to delete it in accordance with Art. 17 (1) GDPR, it shall take reasonable measures, including technical measures, taking into account the available technology and implementation costs, to inform controllers who process the personal data that you, as the data subject, have requested them to delete all links to this personal data or copies or replications of this personal data.

5.4.3

The right to deletion does not exist if the processing is required.

  1. to exercise the right to freedom of expression and information;
  2. to fulfill a legal obligation that requires the processing pursuant to the law of the Union or the Member States, to which the controller is subject, or to the performance of a task that is in the public interest or carried out in the exercise of public power, which has been transferred to the controller;
  3. for purposes of public interest in the field of public health pursuant to Art. 9 (2) lit. h and i and Art. 9 (3) DSGVO;
  4. for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes pursuant to Art. 89 (1) GDPR, insofar as the right referred to in paragraph 1 is likely to render impossible or seriously impair the achievement of the objectives of this processing, or
  5. to assert, exercise, or defend legal claims.

5.5 Right to information

If you have exercised your right to rectification, erasure, or restriction of processing against the controller, the controller is obliged to notify all recipients to whom your personal data has been disclosed of this rectification, erasure, or restriction of processing, unless this proves impossible or involves disproportionate effort.

You have the right to be informed by the controller about these recipients.

5.6 Right to data portability

You have the right to receive the personal data concerning you that you have provided to the controller in a structured, commonly used, and machine-readable format. You also have the right to transmit this data to another controller without hindrance from the controller to whom the personal data was provided, provided that
the processing is based on consent pursuant to Art. 6(1)(a) GDPR or Art. 9(2)(a) GDPR or on a contract pursuant to Art. 6(1)(b) GDPR and the processing is carried out using automated means.
In exercising this right, you also have the right to have the personal data concerning you transferred directly from one controller to another controller, where technically feasible. This must not adversely affect the freedoms and rights of other persons.
The right to data portability does not apply to the processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

5.7 Right to object

You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is based on Article 6(1)(e) or (f) GDPR; this also applies to profiling based on these provisions.
The controller will no longer process your personal data unless they can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or the processing serves to assert, exercise, or defend legal claims.
If your personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such marketing purposes; this also applies to profiling insofar as it is related to such direct marketing.
If you object to processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes.
You have the option, in connection with the use of information society services, to exercise your right to object by means of automated procedures using technical specifications, notwithstanding Directive 2002/58/EC.

5.8 Right to revoke the declaration of consent under data protection law

You have the right to revoke your declaration of consent under data protection law at any time. Revoking your consent does not affect the legality of the processing carried out on the basis of your consent prior to revocation. Processing is lawful until you revoke your consent – revocation therefore only affects processing after your revocation has been received. You can declare your revocation informally by mail or email. Your personal data will then no longer be processed, unless permitted by another legal basis. If this is not the case, your data must be deleted immediately after revocation in accordance with Art. 17 (2) GDPR. Your right to revoke your consent subject to the above conditions is guaranteed. Your revocation should be addressed to:

LeadHub GmbH
Gerichtsstraße 2
65185 Wiesbaden
Germany
Email: privacy@leadhub.software

5.9 Right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work, or place of the alleged infringement, if you consider that the processing of personal data relating to you infringes the GDPR.
The supervisory authority to which the complaint has been lodged shall inform the complainant of the progress and outcome of the complaint, including the possibility of a judicial remedy pursuant to Article 78 of the GDPR.

6. Automated individual decision-making, including profiling

Automated decisions in individual cases, including profiling, are not made.

7. Notification obligations of the controller

If your personal data has been disclosed to other recipients (third parties) on legal grounds, we will notify them of any correction, deletion, or restriction of the processing of your personal data (Art. 16, Art. 17 (1), and Art. 18 GDPR). The notification obligation does not apply if it involves disproportionate effort or is impossible. We will also inform you about the recipients upon request.