Privacy Policy

We, Leato GmbH (hereinafter ‘we’ or ‘Leato’) are pleased that you are interested in our company.

 

We take the protection of your personal data and its confidential treatment very seriously. The processing of your personal data takes place exclusively within the framework of the legal provisions of the data protection law of the European Union, in particular the General Data Protection Regulation ("GDPR") and the other applicable regulations.

 

With this data protection declaration, we inform you about the processing of your personal data on our website [http://www.leato.io] (‘Website’) and your rights under the GDPR.

 

1. Subject-matter of the data protection

The subject matter of data protection is ‘personal data’. This includes all information that relates to an identified or identifiable natural person (so-called data subject). This includes, for example, information such as name, postal address, email address, or telephone number.

 

You will find specific information on the personal data we process in each case under the data handling processes listed in detail.

 

2. Collection and storage of personal data as well as the type and purpose of their processing


a. When visiting the website

When you visit our website, the browser used on your device automatically sends information to our website server. This information is temporarily stored in a so-called log file. The following information is recorded without your intervention and stored until it is automatically deleted after 365 days:

    •    The IP address of the requesting computer,
    •    date and time of access,
    •    name and URL of the retrieved file,
    •    the website accessed from (referrer URL),
    •    website accessed through our website;
    •    browser used and, if applicable, the operating system of your computer and the name of your access provider.

The mentioned data are processed by us for the following purposes:

    •    Ensuring a smooth connection establishment of the website,
    •    ensuring comfortable use of our website,
    •    evaluation of system security and stability as well as
    •    for other administrative purposes.

The legal basis for data processing is Art. 6 Paragraph 1 S. 1 lit. f GDPR. Our legitimate interest follows from the data collection purposes listed above. Under no circumstances do we use the collected data to draw conclusions about your person.

In addition, we use cookies and analytics services when you visit our website. You will find more detailed explanations under sections 5 and 6 of this data protection declaration.

 

b. When subscribing to a newsletter


If you have agreed expressly by Article 6 Paragraph 1 S. 1 lit. f GDPR, we will use your email address to send you our newsletter regularly. Providing an email address is sufficient to receive the newsletter. The newsletter can also contain content from our cooperation partners.

 

If you purchase goods or services on our website and enter your email address, this can subsequently be used by us to send a newsletter. In such a case, only direct advertising for our own similar goods or services will be sent via the newsletter. In this case, the legal basis for sending the newsletter as a result of the sale of goods or services is Section 7 (3) UWG i. In conjunction with Article 6 Paragraph 1 S. 1 lit. f GDPR.

 

You can unsubscribe at any time, regardless of whether the sending of the newsletter is based on consent or legal permission, for example via a link at the end of each newsletter. Alternatively, you can send your request to unsubscribe at any time to: support@leato.io. There are no costs other than the transmission costs according to the basic tariffs.

 

The data required for sending the newsletter will be deleted as soon as they are no longer required to achieve the purpose for which they were collected and provided that no other legal basis for further processing applies. Your email address will therefore only be stored for sending the newsletter until you revoke your consent or object to the sending of the newsletter.

 

c. When using our contact form or email contact

 

If you have any questions, we offer you the opportunity to contact us using a form provided on the website. It is necessary to provide a valid email address so that we know who sent the request and can answer it. Further information can be provided voluntarily.

 

Alternatively, you can contact us via the email address provided. In this case, the personal data transmitted by you with the email will be saved.
Data processing to establish contact is described in Art. 6 Paragraph 1 lit. f GDPR. If contact is aimed at concluding a contract, the additional legal basis for processing is Art. 6 (1) (b) GDPR.

 

The personal data collected by us from the contact form can be deleted at your request after your request has been dealt with. Please send this request to ​support@leato.io​ and we will be happy to comply with your request immediately.

 

3. Information disclosure

 

We do not pass on your personal data to third parties (recipients).

 

We work with service providers, so-called processors, to whom we transfer personal data and who process personal data on our behalf and according to our instructions within the framework of Art. 28 GDPR. These service providers have been carefully selected and commissioned by us, are bound by our instructions, and are regularly checked. Specifically, these are the following service providers:

    •    Google: ​(listed in section 5.a - 5.c)
    •    Facebook: (listed in section 5.d)
    •    LinkedIn: (listed in section 5.e)
    •    ‍Intercom: ​​We make Intercom live chat available on our website, which allows us to take up contact with website visitors and answer questions. The legal basis for the processing of your data is Article 6 Paragraph 1 S. 1 lit. f GDPR. During the chat connection, we display and store the location, IP address, browser and website visited. For more information about Intercom live chat, see Intercom's privacy policy. An order processing contract was concluded for the processing and storage of the data. Intercom automatically deletes the IPs and geographical data of visitors who have not visited our website for 9 months.

 

4. Cookies

 

We use cookies on our website. These are small files that your browser automatically creates and that are stored on your terminal (laptop, tablet, smartphone, etc.) when you visit our website. Cookies do not damage your terminal and do not contain viruses, Trojans, or other malware.
Information is stored in the cookie that arises in connection with the specific end device used. However, this does not mean that we are immediately informed about your identity.

 

For one thing, the use of cookies serves to make the use of our offer more pleasant for you. We use so-called session cookies to recognise that you have already visited individual pages on our website. These are automatically deleted after leaving our website.
In addition, we also use temporary cookies to optimise user-friendliness, which is stored on your end device for a specific period. If you visit our website again to make use of our services, it will automatically be recognised that you have already been with us and what inputs and settings you have made so that you do not have to enter them again.

 

On the other hand, we use cookies to statistically record the use of our website and to evaluate it for the purpose of optimising our offer (see section 6). These cookies enable us to automatically recognise when you visit our website again that you have already been with us. These cookies are each automatically deleted.
The data processed by cookies are required for the stated purposes to protect our legitimate interests and those of third parties per Article 6 Paragraph 1 S. 1 lit. f GDPR.

 

Most browsers accept cookies automatically. However, you can configure your browser in such a way that no cookies are stored on your computer or that a message always appears before a new cookie is created. However, the complete deactivation of cookies may mean that you cannot use all the functions of our website.

 

5. Analytical tools

 

The tracking measures listed below and used by us are carried out based on Article 6 Paragraph 1 S. 1 lit. f GDPR. With the tracking measures used, we want to ensure a needs-based design and the continuous optimisation of our website. On the other hand, we use the tracking measures to statistically record the use of our website and to evaluate it for the purpose of optimising our offer for you. These interests are to be regarded as legitimate within the meaning of the aforementioned provision.

 

The respective data processing purposes and data categories can be found in the corresponding tracking tools in this section.

 

a. Google Analytics

 

We use Google Analytics, a web analytics service provided by Google Inc. (https://www.google.de/intl/de/about/) (1600 Amphitheater Parkway, Mountain View, CA 94043, USA; hereinafter Google). In this context, pseudonymised user profiles are created and cookies (see Section 5) are used. The information generated by the cookie about your use of this website such as

    •    browser type/version,
    •    operating system used,
    •    referrer URL (the previously visited website),
    •    hostname of the accessing computer (IP address),
    •    time of server request,

are transferred to Google servers in the USA and stored there as part of the agreement on the order data agreement that we have concluded with Google. The information is used to evaluate the use of the website, to compile reports on website activity, and to provide other services related to website activity and internet usage for research and the needs-based design of these websites. This information may also be transferred to third parties if this is required by law or if third parties process this data on our behalf. Under no circumstances will your IP address be merged with other Google data. The IP addresses are anonymised so that an assignment is not possible (IP masking). Sessions and campaigns are terminated after a certain period. By default, sessions are terminated after 30 minutes of inactivity, and campaigns are terminated after six months. The time limit for campaigns can be a maximum of two years.
You can prevent the installation of cookies by setting the browser software accordingly; we would like to point out to you however that in this case not all functions of this website can be used in full.

 

You can also prevent the collection of the data generated by the cookie and related to your use of the website (including your IP address) and the processing of this data by Google by downloading and installing a browser add-on (​https://tools.google.com/dlpage/gaoptout?hl=en).

 

As an alternative to the browser add-on, especially for browsers on mobile devices, you can also prevent Google Analytics from collecting data by clicking on this link. An opt-out cookie will be set to prevent future collection of your data when you visit this website. The opt-out cookie is only valid in this browser and only for our website and is stored on your device. If you delete the cookies in this browser, you must set the opt-out cookie again.

 

Further information on data protection in connection with Google Analytics can be found in the Google Analytics help (​https://support.google.com/analytics/answer/6004245?hl=de​).

 

b. Google Adwords Conversion Tracking

 

We also use Google Conversion Tracking to statistically record the use of our website and to evaluate it for you in order to optimise our website. Google Adwords places a cookie (see section 5) on your computer if you have reached our website via a Google ad.

These cookies lose their validity after 30 days and are not used for personal identification. If the user visits certain pages of the Adwords customer's website and the cookie has not yet expired, Google and the customer can recognise that the user clicked on the ad and was redirected to this website.

Each Adwords customer receives a different cookie. This means that cookies cannot be tracked via the websites of Adwords customers. The information obtained using the conversion cookie is used to create conversion statistics for Adwords customers who have opted for conversion tracking. Adwords customers learn the total number of users who have clicked on their ad and who were forwarded to a conversion tracking tag c. provided website. However, they do not receive any information with which users can be personally identified.

If you do not want to participate in the tracking process, you can also refuse the setting of a cookie required for this - for example via a browser setting that generally deactivates the automatic setting of cookies. You can also deactivate cookies for conversion tracking by setting your browser so that cookies from the "www.googleadservices.com" domain are blocked. You can find Google's privacy policy on conversion tracking here (https://support.google.com/google-ads/answer/1722022).

 

c. Google Calendar integration

 

Additionally, we also use the Google Calendar Integration to let suppliers manage their availability for booking more efficiently.

The respective data obtained is not stored but only processed transactionally. Suppliers who do not want to participate in using the Google Calendar Integration can do so by simply not enabling the feature.

Leato's use and transfer of information received from Google APIs to any other app will adhere to Google API Services User Data Policy, including the Limited Use requirements.

 

d. Facebook Pixel

 

We use the so-called Facebook pixel on our website. This is a product of Facebook Ireland Ltd., Hanover Reach, 5-7 Hanover Quay, Dublin 2, Ireland (‘Facebook’).
The Facebook Pixel establishes a direct connection to the Facebook servers. Leato only uses the standard functions of the Facebook pixel and does not use the extended comparison. The pixel is a Script that allows us to track actions on our website and measure the effectiveness of our advertising on Facebook. This pixel can be used to track the behaviour of users after they have been redirected to our website by clicking on a Facebook ad. Facebook generates a non-reversible and non-personal hash value (checksum) from the usage data, which is used for analysis and marketing purposes, such as personalised advertisements. Details on how it works are available on the Facebook website https://en-gb.facebook.com/business/help/1711863145774142.

When you visit our website, the pixel establishes a direct connection to the Facebook servers, it acts as a so-called pseudonym, i.e. by setting the pixel we do not assign it directly to you, we do not save the data. However, the data is stored and processed by Facebook and connected to your Facebook account, also for its own advertising purposes, following the Facebook data usage guidelines https://www.facebook.com/about/privacy/.

 

e. LinkedIn Insight Tag

 

Our website uses the LinkedIn Ireland Unlimited Company’s “LinkedIn Insight Tag” conversion tool. This tool creates a cookie in your web browser, which enables the collection of the following data, among other things: IP address, device and browser properties, and page events (e.g. page views). This data is encrypted, anonymised within seven days, and the anonymised data is deleted within 90 days. LinkedIn does not share any personal data with Leato but offers anonymous reports on website audience and display performance. In addition, LinkedIn offers the possibility of retargeting via the Insight Tag. With the help of this data, Leato can display targeted advertising outside of its website without you being identified as a website visitor. You can find more information on data protection at LinkedIn in the LinkedIn data protection information.

LinkedIn members can control the use of their personal information for advertising purposes in their account settings.

 

6. Social Media

 

We use Shariff buttons from the Facebook Inc. social network, 1601 S. California Ave, Palo Alto, CA 94304, USA ("Facebook") on our website. a. The buttons are simple HTML links. We proceed within the framework of the Shariff solution. In the Shariff solution, a script retrieves how often, for example, the share button on a page was pressed: To do this, the script contacts the social network via the programming interface and retrieves the numbers. Your personal data will not be transmitted in this case. Instead of your IP address, only our server address is sent to Facebook, Google, and Twitter. You are not directly connected to Facebook, Google, or Twitter until you become active. Before that, social networks cannot collect any data about you. As long as you don't click on a link to share content, you remain invisible to the networks. If you click on the link, the obligation to provide information about data collection and processing no longer lies with us, but with the operator of the social network.

 

7. Data subject rights

 

You have the right:

    •    to request information about your personal data processed by us per Art. 15 GDPR. In particular, you can obtain information about the processing purposes, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to correction, deletion, restriction of processing or objection, the existence of a Right to complain, the origin of your data, if not collected from us, and the existence of automated decision-making including profiling and, if necessary, meaningful information about their details;
    •    following Art. 16 GDPR, to immediately request the correction of incorrect or incomplete personal data stored by us;
    •    according to Art. 17 GDPR, to request the deletion of your personal data stored by us, unless the processing is necessary to exercise the right to freedom of expression and information, to fulfil a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims is required;
    •    according to Art. 18 GDPR, to request the restriction of the processing of your personal data, insofar as you dispute the accuracy of the data, the processing is unlawful, but you refuse to delete it and we no longer need the data, but you use them to assert, exercise or defence of legal claims or you have objected to the processing according to Art. 21 GDPR;
    •    following Art. 20 GDPR, to receive your personal data that you have provided to us in a structured, common, and machine-readable format or to request transmission to another person responsible;
    •    according to Art. 7 Para. 3 GDPR, to revoke the consent you have given to us at any time. As a result, we are no longer allowed to continue the data processing based on this consent for the future and
    •    to complain to a supervisory authority following Art. 77 GDPR. As a rule, you can contact the supervisory authority of your usual place of residence or work or our company headquarters.

 

8. Right of objection

 

If your personal data is processed based on legitimate interests following Article 6 Paragraph 1 Clause 1 Letter f GDPR, you have the right to object to the processing of your personal data following Article 21 GDPR, provided there are reasons for this, which arise from your particular situation or the objection is directed against direct advertising. In the latter case, you have a general right to object, which we will implement without specifying a particular situation.
If you would like to make use of your right of revocation or objection, an email to support@leato.io is sufficient.

 

9. Further references

 

We draw your attention to the following in accordance with Article 13 S. 2 lit. e GDPR:

The provision of your personal data to us is neither legally nor contractually required or necessary for the conclusion of a contract. You are not obliged to provide us with personal data. There are no negative consequences for you if you do not provide it.

We draw your attention to the following in accordance with Article 13 S. 2 lit. f GDPR:

We do not process your personal data for the purposes of automated decision-making.
In accordance with Article 13 S. 1 lit. f GDPR, we would like to point out that we do not intend to transfer personal data to a third country or an international organisation.

 

10. Data security

 

When you visit our website, we use the widespread SSL (Secure Socket Layer) method in connection with the highest level of encryption supported by your browser. This is usually 256-bit encryption. If your browser does not support 256-bit encryption, we use 128-bit v3 technology instead. You can tell whether an individual website on our website is transmitted in encrypted form by the closed representation of the key or lock symbol in the lower status bar of your browser.
We also use appropriate technical and organisational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction, or unauthorised access by third parties. Our security measures are continuously improved in line with technological developments.

 

11. Validity and changing this privacy policy

 

This data protection declaration is currently valid and has the status of 01.02.2023. Due to the further development of our website and offers on it or due to changed legal or official requirements, it may become necessary to change this data protection declaration. You can call up and print out the current data protection declaration at any time on the website at www.leato.io.