Data protection

General Information
- This Data Protection Policy applies to the entire LIMENDO service and its applications.
- Only the German version of these data protection provisions shall be authoritative. Translations may not always be complete or up-to-date.

Scope of the Data Protection Policy & Cookie Policy
In accordance with Article 13 of Regulation (EU) 2016/679 (GDPR) and Measure No. 231 of June 10, 2021, on the use of cookies, we hereby inform visitors of the website about the use of data submitted and the cookies used by the website. This Data Protection Policy also corresponds to Recommendation No. 2/2001 adopted by the working group established under Article 29 of Directive 95/46/EC. This policy refers to the websites and portals of Limendo GmbH, but not to other linked websites.
‍
Controller for Data Processing
When visiting the website, personal data or other data linkable to the user may be processed, including data collected through the use of cookies. The Controller is Limendo GmbH, with its registered office at Enrico-Fermi-Straße 20/B, 39100 Bozen (Bolzano). The Controller can be reached using the following contact details:
Tel.: +39 0471 1800 390
Mail: mail@limendo.com
‍
Purpose and Modalities of Processing
BROWSING DATA
The computer systems and software procedures used for the operation of this website collect some personal data during their normal operation, the transmission of which is implicit in the use of Internet communication protocols. This information is not collected to be associated with identified individuals, but by its nature, it could allow users to be identified through processing and association with data held by third parties. The computer systems and software procedures used for the operation of this website collect some personal data during their normal operation, the transmission of which is implicit in the use of Internet communication protocols. This information is not collected to be associated with identified individuals, but by its nature, it could allow users to be identified through processing and association with data held by third parties.
‍
DATA COLLECTED VIA THE CONTACT FORM AND IN CORRESPONDING SECTIONS
This information relates to data voluntarily provided by the user.

CONTACT PAGE: The data provided will be used exclusively to process your request. The collected data will only be stored for as long as necessary to respond to your inquiry. This processing is carried out in accordance with the consent you have given. If you do not consent to the processing of your data, your request cannot be processed. All other purposes related to marketing activities (sending of advertising and/or promotional material) require your explicit and separate consent.

NEWSLETTER: The data collected will be used for sending informational materials and will be stored and processed for this purpose until the data subject requests deletion/unsubscription through the designated channels. All other purposes related to marketing activities (sending advertising and/or promotional materials) require explicit, separate consent. The processing methods described above are primarily computer-based, but do not exclude processing in paper form. Your data may be shared with individuals who qualify as recipients within the meaning of Article 4 or as data processors within the meaning of Article 28 of the GDPR and who are responsible for tasks related to processing your request.

SSL Encryption
‍
To protect the security of your data during transmission, we use state-of-the-art encryption procedures (e.g., SSL) via HTTPS.
‍
ISI Chat
To inform our users about our services as simply as possible, we offer a CHAT function on our website. The CHAT is operated and hosted by us. The processing of CHAT information takes place in accordance with the consent you have provided. Should you withhold consent for the processing of your data, the CHAT cannot be used. Your consent or non-consent will be stored accordingly.
‍
The following guidelines apply:
Data Collection and Use
When using our CHAT service, which is provided by Limendo GmbH, entries are sent in real-time via the ChatGPT-API from OpenAI. The communication between you and the AI, including your entries and the responses generated by the AI, is stored by Limendo GmbH. The data you enter is transmitted to ChatGPT exactly as entered. Please note that users' IP addresses are not forwarded to OpenAI. The communication is stored to monitor service quality and can be used for tracing purposes if necessary.

Data Transfer
Your entries are transmitted in real-time to Limendo GmbH/OpenAI to enable AI processing. However, we do not pass on any information about your identity. The communication between you and the AI is made available to us, as the respective data owner (the site on which you use the CHAT.

Data Security
We implement appropriate security measures to protect the transmission of your entries to OpenAI. These efforts aim to ensure the security and confidentiality of your data.

Data Storage
We store the communication between you and the AI to ensure the continuity of conversations, improve the quality of the service, and enable tracing in the event of inquiries or problems.

Please note that OpenAI has its own data protection provisions, which you can view on the OpenAI website: https://openai.com/policies/privacy-policy

By using the CHAT service via the ChatGPT-API from OpenAI, you agree to these data protection provisions.

The storage of your data is based on Art. 6 (1) lit. a GDPR, i.e., your consent to use. The collected data (fingerprint) is anonymized after 6 months at the latest.

Yodalytics
We use our self-hosted service, Yodalytics, to evaluate user behavior on the website.

Data Collection and Use
Through the Yodalytics service, we record user behavior on the website in the form of click streams. This information helps us better understand user behavior on the website and improve the user experience. We automatically analyze the collected data to gain insights into how the website is being used.

Automated Analysis and Data Preparation
The click stream data we collect is automatically analyzed and clustered. This clustered data is used to understand user behavior, continuously optimize the user experience, and also display user-group-specific content.

User Authenticity and Individual Data
Our analyses are based on aggregated and anonymized data. We do not collect individual user data or personal information. The data we collect is used to identify general trends and patterns without identifying individual users.

Disclosure to the CRM
Please note that the collected click stream data is also transferred, individually or in aggregated form, to our Customer Relationship Management (CRM) software. This data serves to obtain a comprehensive understanding of customer interactions and continuously improve services. The data in the CRM is stored securely and is subject to the same data protection standards as described in these provisions. The storage of your data is based on Art. 6 (1) lit. f GDPR (legitimate interest). The website operator has a legitimate interest in analyzing user behavior to optimize both its web presence and its advertising. The click streams are anonymized after 6 months at the latest.
‍
Webhosting Webflow INC.
We point out that this website, the contact forms, and the servers are hosted by a provider commissioned by us (Host), Webflow Inc., 398 11th Street, 2nd Floor, San Francisco, CA 94103 in the USA. Further information on Webflow's data protection policy and the GDPR-specific passage can be found at: https://webflow.com/privacy bzw. https://webflow.com/legal/eu-privacy-policy

The personal data collected on this website is limited to so-called log files and is stored on the hosting provider's servers. This data includes IP addresses, time of access, the user agent string for identifying browser and operating system versions, browser settings such as language and time zone, installed plugins, HTTP headers, and screen resolution. To ensure data protection compliance, we have concluded a data processing agreement with Webflow Inc. based on Article 28 of the GDPR in conjunction with the EU Standard Contractual Clauses..

Parts of this Data Protection Policy were created with the Data Protection Policy Generator of activeMind AG.
‍‍
TRANSFER OF PERSONAL DATA TO THIRD COUNTRIES OR INTERNATIONAL ORGANISATIONS
Your data will not be transferred to third countries outside the EU or to international organizations, nor will it be stored on servers in third countries.
‍
AUTOMATED DECISIONS
The Controller does not use any system for automated decision-making regarding your personal data.
‍
RIGHTS OF THE DATA SUBJECT
You have the right at any time to request access to your data from the data controller, as well as its rectification or erasure. You will receive a written response within 30 days, which may be sent electronically (unless you expressly request a verbal response). You also have the right to request or object to the restriction of processing. Furthermore, you can request the transfer of your data to another data controller. You can also withdraw any consents given on this website at any time. To withdraw one or more of the consents you have given, simply contact us using one of the addresses provided above.

If you believe that your data has been processed unlawfully, you have the right to lodge a complaint with the supervisory authority.

Methods of Data Handling
The handling of personal data is carried out by automated systems and/or manually and lasts only for the time necessary to achieve the stated objectives of the data processing, in conformity with the applicable legal provisions.
‍
Voluntariness of Data Provision
Apart from browsing data, it is the user's free decision whether or not to enter personal data. The only consequence of refusing to enter personal data may be that certain services of the website cannot be provided.
‍
Rights of the Data Subject
The data subject affected by the data processing can contact the Processor or the Controller to assert their rights. The following essential rights exist:

Art. 7 – Right of Access to Personal Data and Other Rights
1. The data subject is entitled to obtain confirmation as to whether or not personal data concerning him or her exists, even if it is not yet registered, and its communication in an intelligible form. The data subject is entitled to obtain the following information:
a) Source of the personal data;
b) Purpose and nature of the processing;
c) System applied in the case of processing with the aid of electronic means;
d) Data for the identification of the Controller, the Processors, and the representative according to Art. 5, Para. 2;
e) Persons or categories of persons to whom the personal data may be communicated or who may become aware of it as appointed representatives in the state territory, Controllers, or Processors (this right of access is also enshrined in Art. 15 EU-GDPR).
2. The data subject is entitled to obtain the following:
a) the updating, rectification or, if they are interested, the supplementation of the data (this right to rectification is also found in Art. 16 EU-GDPR);
b) the erasure, conversion into anonymous form, or blocking of data processed unlawfully, including those whose retention is not necessary for the purposes for which the data were collected or processed (this right to erasure is also found in Art. 17 EU-GDPR);
c) confirmation that the steps in a) and b) have been made known, also with regard to their content, to those to whom the data have already been transmitted, unless this proves impossible or involves disproportionate effort compared to the right to be protected.
3. The data subject is entitled to object, in whole or in part:
a) to the processing of personal data concerning him or her, on legitimate grounds, even if they serve the purpose of collection;
b) to the processing of personal data concerning him or her for the purpose of sending advertising or direct sales material or for the purpose of market research or commercial communications (Right to object is also in Art. 21 EU-GDPR.
4. You have the right to request a restriction of data processing from us (Right to restriction according to Art. 18 EU-GDPR).
5. You have the right to have data that we process automatically on the basis of your consent or in fulfillment of a contract handed over to yourself or to a third party in a standard, machine-readable format. If you request the direct transfer of data to another Controller, this will only be carried out insofar as it is technically feasible (Right to data portability according to Art. 20 EU-GDPR)

Retention Periods
We store personal data in compliance with the GDPR and adhere to the statutory retention periods.
‍
Changes to the Data Protection Provisions
Changes to these Data Protection Provisions may be necessary over time, which is why the user is recommended to consult them frequently. LIMENDO will inform users about the existence of new versions of these provisions with links and notices in suitable places on the website, for example, as a notification on the homepage. Where required by applicable laws, LIMENDO will ask users for consent to specific data processing operations.