Privacy Policy

Version: 2.0 / April 2020

In this privacy policy, we (Lano Software GmbH) would like to tell you about how we process your personal data when you use our website and platform.

Personal data is information relating to an identified or identifiable person. This primarily includes all information that enables conclusions to be drawn regarding your identity, e.g. your name, your telephone number, your address, or your email address. Statistical data that we collect, for example, when you visit the platform and that cannot be associated with you, is not considered personal data.

You can print or save this privacy policy by using the customary functions of your browser. You can also download and archive this privacy policy as a PDF file.

This privacy policy tells you about how data is processed both on this website and on our platform.

1.  Contacts

Your contact and what is known as the “controller” responsible for processing your personal data when you visit this website within the meaning of the EU General Data Protection Regulation (GDPR) is

Lano Software GmbH
Rosenthaler Straße 13
10119 Berlin

Telefon: +49 30 56795500
E-Mail: privacy@lano.io

You may also contact our data protection officer at any time should you have questions about data protection in connection with our services or the use of our website. The data protection officer can be contacted at the above postal address or by email (to be marked “FAO data protection officer”).

2.  Website visitors, freelancers, and companies

This privacy policy is divided up into three main sections. First, we set out how data is processed on our website www.lano.io. This section is aimed at persons who visit our website but do not set up an account on our platform. The second main section describes data processing from a company perspective and is aimed at persons in a company who manage freelancers on our platform. The third main section sets out data processing principles from the perspective of a freelancer or vendor. These are persons who offer their services to companies.

3.  Joint controllers

Our platform helps companies to manage their freelancers or vendors. Wherever freelancers’ or vendors’ personal data is processed in the context of a cooperation arrangement, we and the respective company usually determine the purposes and means of processing jointly. In accordance with Article 26 of the GDPR, this means that we and the respective company are jointly responsible for freelancer/vendor data. Our information obligations to them are fulfilled with this privacy policy. You may exercise your rights as a freelancer or vendor against both us and the company contracting you.

4.  Data processing on our website

4.1  Accessing our website/access data

Every time you use our website, we collect access data automatically transmitted by your browser in order to enable your visit to the website. Access data includes the following in particular:

  • IP address of the requesting device
  • Date and time of request
  • Address of accessed website and requesting website
  • Information on the browser and operating system used
  • Online identifiers (e.g. device IDs, session IDs)

This access data must be processed in order to enable you to visit the website and ensure the uninterrupted functionality and security of our systems. In addition to the purposes set out above, the access data is also temporarily stored in internal log files in order to generate statistical data on the use of our website, to evolve our website based on our visitors’ usage patterns (e.g. if the proportion of mobile devices accessing our website increases), and to perform general administrative maintenance on our website. The legal basis is Article 6(1)(f) of the GDPR.

The data stored in the log files does not allow any direct conclusions relating to your person to be drawn – in particular, we only save IP addresses in truncated and anonymised form. Log files are stored for seven days and then anonymised and archived.

4.2  Getting in touch

There are various ways you can get in touch with us. They include the contact form, the demo request (which requires you to enter an email address), and the callback function when requesting an online demo. In this context, we process your data only for the purpose of communicating and scheduling online appointments with you. The legal basis is Article 6(1)(b) of the GDPR.

For online appointments, we use Calendly, a cloud service provided by Calendly LLC, 1315 Peachtree St NE, Atlanta, GA 30309, USA, that makes it possible to find and schedule available online appointments. When a Calendly user plans on Calendly an event with a Calendly member, certain information may be voluntarily provided to Calendly. This may include your name, email address, and telephone number, email addresses of other persons, the subject of the meeting, and other information you choose to transmit. We have agreed EU standard contractual clauses with Calendly to guarantee that your data is treated in accordance with European standards. The legal basis for the use of Calendly is Article 6(1)(f) of the GDPR, justified by our interest in making it easy to schedule appointments with you.

The data collected by us for the purpose of getting in touch or requesting a demo is automatically erased once your request has been completely processed, unless we still need your request to fulfil contractual or statutory obligations (see “Storage period”).

4.3  Registering as Lano partner

You may sign up for our affiliate program in order to utilise our website’s full range of functions. The data you are obliged to provide is marked as mandatory fields. Without this data, registration is not possible. The legal basis for the processing is Article 6(1)(b) of the GDPR.

4.4  Newsletter

You may subscribe to our newsletters, enabling us to inform you regularly about our latest products and promotions.

Subscribing to our newsletters utilises the double opt-in procedure, i.e. we will only send you newsletters by email if you confirm, by clicking on a link in our notification email, that you are the owner of the specified email address. If you confirm your email address, we will store your email address, the time of sign-up, and the IP address used during the sign-up process until such time as you unsubscribe from the newsletters. The sole purpose of this storage is to send you the newsletters and be able to prove that you signed up to receive them. You can unsubscribe from newsletters at any time. Each newsletter contains an unsubscribe link. Alternatively, you can of course also simply send a message using the contact details given above or in the newsletter (e.g. by email or letter). The legal basis for this processing is your consent as per Article 6(1)(a) of the GDPR.

Our newsletters employ customary technologies used to measure interactions with newsletters (e.g. opening the email, clicked links). We use this data in pseudonymised form for general statistical analysis, as well as to optimise and evolve our content and customer communications. This is done with the help of small graphical elements embedded in our newsletters (pixels). The data is collected on a pseudonymised basis only and is not associated with any of your other personal data. The legal basis for this is our above-mentioned legitimate interests as per Article 6(1)(1)(f) of the GDPR. We want to use our newsletter to share content of maximum relevance to our customers and to better understand what readers are actually interested in. If you do not want us to analyse your usage patterns, you can unsubscribe from the newsletter or generally deactivate graphics in your email client. Data relating to interaction with our newsletters is stored in pseudonymised form for 30 days and then fully anonymised.

4.5  Use of current location

4.6  Website cookies

Some of our services require the use of cookies. A cookie is a small text file stored by the browser on your device. Cookies are not used to run programs or transmit viruses to your computer. Instead, we mainly use cookies to provide you with a personalised website experience and the most economical method of using our services.

Most browsers are configured to accept cookies by default. You can, however, adjust your browser settings to reject cookies or only store them after you have provided your consent. Some of our services may fail to function properly if you reject cookies.

We use our own cookies in particular

  • for login authentication
  • for load balancing
  • to store your language preferences
  • to record that an item of information on our website has been displayed to you – so that it is not shown again the next time you visit the website

We do this to help ensure your convenient and personalised use of our website. These services are based on our above-mentioned legitimate interests; the legal basis is Article 6(1)(1)(f) of the GDPR.

We also use cookies and similar technologies (e.g. web beacons) from partners for analysis and marketing purposes. These are set out in more detail in the following sections.

4.7  Use of cookies and similar technologies for analytics purposes

In order to improve our website, we use cookies and similar technologies (e.g. web beacons) for statistical collection and analysis of general usage patterns based on access data. We also use analytics services to evaluate the use of our various marketing channels.

The legal basis for the data processing described in the following section is Article 6(1)(1)(f) of the GDPR, based on our legitimate interest in the demand-oriented design and continuous optimisation of our website.

In the following list of technologies we use, you will also find information on how to object to our analytics using an opt-out cookie. Please note that after deleting all the cookies in your browser or the subsequent use of another browser and/or profile, an opt-out cookie must be set again.

4.7.1  Google Analytics

Our website uses Google Analytics, a web analytics service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). The contact provided by Google for all queries relating to data protection is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Analytics uses cookies and similar technologies to analyse and improve our website based on your usage patterns. The data arising in this context may be transmitted by Google to a server in the USA for evaluation and storage there. In the event that personal data is transmitted to the USA, Google has acceded to the EU-US Privacy Shield. However, your IP address is truncated before the usage statistics are evaluated, so that no conclusions can be drawn regarding your identity. For this purpose, Google Analytics has been extended on our website with the “anonymizeIP” code to ensure the anonymous collection of IP addresses.

Google will process the information obtained by the cookies in order to evaluate your use of the website, to compile reports on the website activities for the website operators, and to provide further services associated with the use of the website and the Internet.

You can configure your browser to reject cookies, as set out above, or you can prevent the collection of data generated by cookies and related to your use of this website (incl. your IP address), as well as its processing by Google, by downloading and installing a browser add-on provided by Google. Alternatively to the browser add-on, or if you access our website from a mobile device, you can also use this opt-out link. This will prevent Google Analytics from collecting your data on this website in the future (the opt-out works only on this browser and for this domain). If you delete cookies in this browser, you will need to click on this link again.

Further information can be found in Google’s privacy policy.

4.8 Use of cookies and similar technologies for advertising

We also use cookies and similar technologies for advertising purposes. Some of the access data resulting from the use of our website are used for interest-based advertising. The analysis and evaluation of these access data enables us to display personalised advertising on our website and on the websites of other providers – in other words, advertising that corresponds to your actual interests and needs.

The legal basis for the data processing described in the following section is Article 6(1)(1)(f) of the GDPR, based on our legitimate interest in advertising our products and services in personalised form.

In the following section, we would like to explain these technologies and the providers used for them in more detail.

Data we collect includes in particular

  • the IP address of the device
  • date and time of access
  • cookie ID
  • mobile device ID
  • technical information on the browser and operating system

The data we collect, however, is stored only in pseudonymised form, preventing any direct conclusions relating to your person to be drawn.

In the following descriptions of technologies we use, you will also find information on how to object to our analytics and advertising using an opt-out cookie. Alternatively, you may exercise your objection by making appropriate settings on the TrustArc or Your Online Choices websites, which provide a way to pool your objection to advertising from many advertisers. Both sites allow the listed providers to deactivate all ads at once by means of opt-out cookies or alternatively to make the settings for each provider individually. Please note that after deleting all the cookies in your browser or the subsequent use of another browser and/or profile, an opt-out cookie must be set again.

4.8.1  Google Marketing Platform and Ad Manager 

Our website uses the Google Marketing Platform and the Google Ad Manager, services offered to users in the European Economic Area, Switzerland, and Liechtenstein by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”) and to all other users by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). These services use cookies and similar technologies to present advertisements relevant to you. The use of these services enables Google and its partner sites to serve ads based on previous visits to our and other websites on the Internet. The data arising in this context may be transmitted by Google to a server in the USA for evaluation and storage there. In the event that personal data is transmitted to the USA, Google has acceded to the EU-US Privacy Shield.

You may prevent the saving of cookies by adjusting the settings appropriately in your browser (as described above); however, we would like to point out that if you do so, you may be unable to utilise the full functionality of the website. You may also prevent Google from collecting the data generated by the cookies and related to your use of the website, as well as from processing that data, by downloading and installing the browser plug-in to deactivate personalised advertising. Alternatively to the browser plug-in or in browsers on mobile devices, you may deactivate the “Personalised advertising” button in the Google Advertising settings. If you do this, Google will only display general advertisements that are not selected based on information collected about you.

Further information can be found in Google’s privacy policy.

Facebook stores this data as user profiles and uses it for purposes of advertising, market research, and/or the demand-oriented design of its website. This evaluation takes place in particular (even for users who are not logged in) to display demand-oriented advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles; as a Facebook user, you can deactivate advertising based on social actions in the ad preferences. You can also completely prevent Facebook social media plug-ins from being loaded by using add-on programs for your browser, e.g. Facebook Blocker.

Further information can be found in Facebook’s privacy policy.

4.8.2  Google Ads conversion tracking and remarketing

Our website uses the “Ads conversion tracking” and “Ads remarketing” services, provided to users in the European Economic Area, Switzerland, and Liechtenstein by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland and to all other users by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (both “Google”). Using “Ads conversion tracking”, customer actions defined by us (such as clicking on an ad, page views, downloads) are recorded and analysed. We use “Ads remarketing” to display personalised advertising for our products on Google partner websites. Both services use cookies and similar technologies for this purpose. The data arising in this context may be transmitted by Google to a server in the USA for evaluation and storage there. In the event that personal data is transmitted to the USA, Google has acceded to the EU-US Privacy Shield.

Should you use a Google Account, depending on the settings in your Google Account, Google can associate your web and app browsing history with your Google Account and use information from your Google Account to personalise ads. If you do not wish this association with your Google Account, you must log out of Google before visiting our website.

As set out above, you may configure your browser to reject cookies. You can also deactivate the “Personalised advertising” button in the Google Advertising settings. If you do this, Google will only display general advertisements that are not selected based on information collected about you.

Further information can be found in Google’s Information on data usage and Privacy policy.

4.9  Integration of video

We have integrated videos on our website that are stored on YouTube and can be played directly from our website. YouTube is a multimedia service provided by YouTube LLC, 901 Cherry Ave, CA 94066 San Bruno, USA (“YouTube”), a company owned by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). In the event that personal data is transmitted to the USA, Google and YouTube have acceded to the EU-US Privacy Shield. The legal basis is Article 6(1)(1)(f) of the GDPR, based on our legitimate interest in the integration of video and image content.

By visiting the website, YouTube and Google receive the information that you have accessed the corresponding subpage of our website. This is the case regardless of whether or not you are logged in to YouTube or Google. YouTube and Google use this data for the purposes of advertising, market research, and the demand-oriented design of their websites. If you access YouTube on our website while logged in to your YouTube or Google profile, YouTube and Google may also associate this event with your respective profiles. If you do not wish this association, you must log out of Google before visiting our website.

You can configure your browser to reject cookies, as set out above, or you can prevent the collection of data generated by cookies and related to your use of this website (incl. your IP address), as well as its processing by Google, by deactivating the “Personalised web advertising” button in the Google advertising settings. If you do this, Google will display only non-personalised advertising.

Further information can also be found in Google’s privacy policy for YouTube.

5.  Data processing on our platform

5.1  Data processing from a company perspective

If you are employed by a company and manage freelancers on the platform, both the information provided above and in the following applies to the processing of your data.

5.1.1  Registration

You may sign up for our login area in order to utilise our website’s full range of functions. The data you are obliged to provide (title, name, date of birth, official contact details) is marked as mandatory fields. It is not possible to sign up without providing this data. The legal basis for the processing is Article 6(1)(b) of the GDPR.

5.1.2  Log-in via Okta

We use Okta, a service provided by Okta Inc, 100 First Street, 6th Floor, San Francisco, CA 94105, USA for identity and access management to enable single sign-on (SSO). After one-time authentication, the service allows you to access all applications and services for which you are authorised from the same place, without having to sign on every time you wish to do so. The legal basis for the processing is Article 6(1)(b) of the GDPR. Further information on data protection can be found at https://www.okta.com/privacy-policy/.

5.1.3  Your profile

Within your login area, you may add further personal data to create a full profile. The collected data is used to ensure transparency when placing orders. You can also upload a photograph and adjust your language preferences. The legal basis for the processing is Article 6(1)(b) of the GDPR. The information in your profile can be seen by colleagues in your company and external partners who have also registered with Lano.

5.1.4  Your activities

We store your Lano activities relating to the management of projects and tasks, to the development and organisation of the partner network, and to the approval and payment of invoices. We collect data in order to make our service available to you and support you on any questions you may have. The legal basis for the processing is Article 6(1)(b) of the GDPR.

5.1.5  Analytics

We use your data, in aggregated form, to create reports or benchmarks. This means that we may use your data for security and operational management, statistical analysis, and research and development purposes. These analyses, reports, and benchmarks do not contain any information that can be used to identify you. The legal basis is Article 6(1)(f) of the GDPR, based on our legitimate interest in boosting the attractiveness of our services.

5.1.6  Information by email

The email address you provide during the sign-up process may be used to send you information and updates on the use of our platform. The legal basis is Article 6(1)(b) of the GDPR. The email address will only be used for marketing purposes if we have obtained your consent to this. The legal basis is Article 6(1)(a) of the GDPR.

5.2 Data processing from the perspective of a contractor

If you are a freelancer or vendor, both the information provided above and in the following applies to the processing of your data.

5.2.1  Registration

You may sign up for our login area in order to utilise our website’s full range of functions. The data you are obliged to provide (name, email address) are marked as mandatory fields. It is not possible to sign up without providing this data. The legal basis for the processing is Article 6(1)(b) of the GDPR.

5.2.2  Your profile

Within your login area, you may add further personal data to create a full profile. You can enter your date of birth, your contact details, various descriptions about yourself, and your skills. The collected data is used to ensure transparency when placing orders. You can also upload a photograph and adjust your language preferences. The legal basis for the processing is Article 6(1)(b) of the GDPR. The information in your profile can only be seen by companies that hire you.

5.2.3  Your activities

We store your Lano activities relating to the management of projects and tasks, to the development and organisation of the partner network, and to invoicing. We collect data in order to make our service available to you and support you on any questions you may have. The legal basis for the processing is Article 6(1)(b) of the GDPR.

5.2.4  Project invitations by email

In some cases, your email address is provided to us by the company that wants to invite you to join a project. In this case, we use your email address on the basis of Article 6(1)(f) of the GDPR. We trust that the company has asked you for and obtained your consent in advance. You can object to these emails at any time.

5.2.5  Contracts and documents

Our platform also manages documents that your contracting company makes available to you. We store the data solely on the basis of Article 6(1)(f) of the GDPR. We have no influence or responsibility regarding the content of the documents. Should you have any queries in this regard, please contact your contracting company.

5.2.6  Analytics

We use your data, in aggregated form, to create reports or benchmarks. This means that we may use your data for security and operational management, statistical analysis, and research and development purposes. These analyses, reports, and benchmarks do not contain any information that can be used to identify you. The legal basis is Article 6(1)(f) of the GDPR, based on our legitimate interest in boosting the attractiveness of our services.

5.3  Tools ointegrated on the platform

5.3.1  DocuSign

We use Docusign, software provided by DocuSign Germany GmbH, Neue Rothofstrasse 13-19, 60313 Frankfurt, that allows contracts to be electronically signed, prepared, executed, and managed. Docusign stores all the data you enter in connection with its service, as well as your device’s usage data and transaction-related data. For further information, please see Docusign’s privacy policy at https://www.docusign.de/unternehmen/datenschutz. We have concluded a processing contract with Docusign to ensure that your data is handled securely. The legal basis for the use of Docusign is Article 6(1)(f) of the GDPR, justified by our interest in providing you with an easy-to-use document management system.

5.3.2  Stripe

We use Stripe, software provided by Stripe, Inc., 510 Townsend Street, San Francisco, CA 94103, USA for online payment handling. Stripe stores all the data you enter in connection with its service for the purpose of payment handling. For further information, please see Stripe’s privacy policy at https://stripe.com/de/privacy. We have agreed EU standard contractual clauses with Stripe to guarantee that your data is treated in accordance with European standards. The legal basis for the use of Stripe is Article 6(1)(f) of the GDPR, justified by our interest in providing you with an easy-to-use payment handling system.

5.3.3  SendGrid

We use SendGrid, an email delivery platform provided by Twillio Ireland Limited, 25 28 North Wall Quay, Dublin 1, Ireland to send emails generated from within our platform. SendGrid has access to your name and email address. For further information, please see SendGrid’s privacy policy at https://sendgrid.com/policies/privacy/. We have concluded a processing contract with SendGrid to ensure that your data is handled securely. The legal basis for the use of SendGrid is Article 6(1)(f) of the GDPR, justified by our interest in providing you with an easy-to-use email delivery system.

5.3.4  finAPI

We use finAPI, a service provided by finAPI GmbH, Adams-Lehmann-Str. 44, 80797 Munich, Germany.  In order to be able to offer online banking directly as a software provider, a provider must be in possession of a banking licence from BaFin, the German Federal Financial Supervisory Authority. We therefore carry out online banking using the service provider finAPI. finAPI is a fintech company with a BaFin licence. All transactions using online banking within Lano are handled by finAPI. finAPI is responsible for communication with the bank and then transmits to Lano the account statements or transaction information after the payment (e.g. bank transfer) has been completed. A transaction number (TAN) must be entered during all processes that initiate payments (bank transfers or direct debits). You must type in this number whenever you initiate a transaction. Neither Lano nor finAPI store TANs on any servers – they are used solely to execute the transaction. Lano itself, as well as the interface to finAPI, uses TLS 3.0 and 256-bit encryption.  This is the same standard of security used, for example, in normal internet banking. The legal basis for the use of finAPI is Article 6(1)(f) of the GDPR, justified by our interest in providing you with an easy-to-use payment transaction system. You can find information on finAPI’s data protection policies at https://www.finapi.io/datenschutz/.

5.3.5  Google Analytics

We also make use of Google Analytics on our platform. See the details in section 3.7.1.

6.  Disclosure of data

We will generally only disclose the data we collect if

  • you have given your express consent in accordance with Article 6(1)(1)(a) of the GDPR
  • disclosure in accordance with Article 6(1)(1)(f) of the GDPR is necessary in order to assert, exercise, or defend legal claims and there is no reason to assume that you have an overriding interest worthy of protection in not disclosing your data
  • we are legally obliged to disclose it in accordance with Article 6(1)(1)(c) of the GDPR
  • this is legally permissible and, in accordance with Article 6(1)(1)(b) of the GDPR, is necessary for the processing of contractual relationships with you or for steps prior to entering into a contract carried out at your request

Some data processing may be carried out by our service providers. In addition to the service providers mentioned in this privacy policy, these may include data centres that store our website and databases, IT service providers that maintain our systems, and consulting firms. Should we pass data onto our service providers, they may use the data exclusively for the fulfilment of their tasks. The service providers have been carefully selected and commissioned by us. They are contractually bound by our instructions, have appropriate technical and organisational measures in place to protect the rights of the data subjects, and are regularly monitored by us.

In addition, a transfer of your data may occur in connection with official enquiries, court orders, and legal proceedings if they are deemed necessary for legal prosecution or enforcement.

6.1  Amazon Web Services

Some of your data will be processed on servers provided by Amazon Web Services, a service provided by Amazon Web Services Inc., 410 Terry Avenue North, Seattle, Washington 98109, USA (“AWS”). A connection is made between your device and the content on our website via the AWS servers. The servers we use are usually located within the European Union. For technical reasons, however, some of your data may also be processed in countries outside the European Economic Area, in particular in the USA. To ensure that your data is also protected in this event, AWS has acceded to the EU-US Privacy Shield. We have also concluded a specific contract with AWS to ensure that it meets the requirements of the European Commission’s standard contractual clauses. The legal basis is Article 6(1)(1)(f) of the GDPR, based on our legitimate interest in allowing external providers to securely and reliably store our website content and also reduce the work required to provide our website’s IT infrastructure.

6.2  Google Tag Manager

Our website uses Google Tag Manager, a service offered to users in the European Economic Area, Switzerland, and Liechtenstein by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”) and to all other users by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). Tag Manager is used to manage tracking tools and other services, so-called website tags. A tag is an element stored in the source code of our website for the purpose of recording predefined usage data, for example. Google Tag Manager does not use cookies. Google Tag Manager ensures that the usage data required by our partners (cf. data processing procedures described above) are forwarded to them. A proportion of the data are processed on a Google server in the USA. In the event that personal data is transmitted to the USA, Google has acceded to the EU-US Privacy Shield. The legal basis is Article 6(1)(1)(f) of the GDPR, based on our legitimate interest in the integration and management of several tags on our website in an uncomplicated manner. Further information can be found in the Google Tag Manager overview.

7.  Storage duration

We generally only store personal data for as long as it is necessary to fulfil the contractual or statutory obligations for which we have collected the data. We then immediately delete the data unless we need it until the end of the statutory limitation period for purposes of proof for civil law claims or due to statutory retention obligations.

For evidence purposes, we must keep contractual data for another three years from the end of the year in which the business relationship with you ends. Any claims become statute-barred after the statutory period of limitation, at the earliest at this point in time.

Even after this time, we still need to store some of your data for accounting purposes. We are obliged to do so due to statutory documentation obligations that may arise from the German Commercial Code, the German Fiscal Code, the German Banking Act, the Money Laundering Act, and the Securities Trading Act. The periods they stipulate for the retention of documents range from two to ten years.

8.  Your rights

You have a right of access to information about how we process your personal data at any time. We will explain our data processing procedures to you and provide you with a summary of the personal data concerning you that we hold. If data we have stored is incorrect or obsolete, you have the right to have this data rectified. You may also request the erasure of your data. If, in exceptional cases, erasure is not possible due to other legal regulations, the data will be blocked so that it is only available for this legal purpose. You may also restrict processing of your personal data if, for example, you have doubts about the accuracy of this data. Your also have the right to data portability, i.e. on request we will send you a digital copy of the personal data concerning you that you have provided to us.

In order to assert your rights described here, you may contact us at any times using the contact details given above. This also applies should you wish to obtain copies of guarantees to prove an adequate level of data protection.

You have the right to withdraw consent once given to us at any time. As a result, we will not continue to process data based on this consent in the future. Withdrawal of consent will not affect the lawfulness of the processing carried out on the basis of the consent prior to withdrawal.

If we process your data on the basis of legitimate interests, you have the right to object to the processing of your data on grounds relating to your particular situation at any time. Should you object to data processing for direct marketing purposes, you have a general right to object, which we shall comply with even if you do not state any reasons for your objection. 

Should you wish to exercise your right to withdraw or object, simply send an informal email to the contact details given above.

Finally, you have the right to file a complaint with the data protection supervisory authority. You may exercise this right before a supervisory authority in the Member State in which you are staying, working, or in the place of the alleged infringement. In Berlin, where Lano Software GmbH is based, the competent supervisory authority is Berlin Commissioner for Data Protection and Freedom of Information, Friedrichstr. 219, 10969 Berlin.

9.  Data security

We apply up-to-date technical measures to ensure data security, in particular to protect your personal data from risks during data transmission and to prevent it from being disclosed to third parties. These measures are updated to comply with the state of the art. In order to protect the personal data you provide on our website, we use Transport Layer Security (TLS), which encrypts the information you enter.

10.  Amendments to the privacy policy

We may update this privacy policy from time to time, for example when we update our website or when statutory or official requirements change.