LexCom industries Privacy Policy

The protection of your personal data is of particular concern to us.

We, that is usually LexCom Information Systems Ltd. If you have concluded a user agreement with us in the United Kingdom, your contractual partner may also be LexCom Information Systems Ltd, depending on the content of the contractual documents.

This privacy policy applies to both LexCom Informationssysteme GmbH and LexCom Information Systems Ltd (hereinafter jointly referred to as "LexCom").

The purpose of this Privacy Policy is to inform you about how LexCom uses your personal data when you use the various LexCom industries platforms and modules (hereinafter collectively referred to as "LCi platform services").

Platforms:

Modules available as part of the LCi platforms:

processed.

This Privacy Policy supplements the General Terms and Conditions applicable to the use of the respective LCi platform service.

1. Data Controller

LexCom Munich:
LexCom Informationssysteme GmbH
Rüdesheimer Str. 23
80686 Munich

LexCom UK:
LexCom Information Systems Ltd
Unit C3 Arena Business Centre
9 Nimrod Way
Wimborne, BH217UH
United Kingdom

You can contact our data protection officer by sending an e-mail to privacy@lex-com.net.

2. Definitions

As a rule, the official terms of the General Data Protection Regulation (GDPR) are used in this privacy policy. The official definitions are explained in Art. 4 GDPR.

3. Basic principles of LexCom in the processing of your personal data

LexCom adheres to the following principles when protecting your personal data when using the LCi platform services:

4. Registration and login

In order to register as a user at www.agroparts.com or www.logiparts.com and once you have registered, LexCom must process certain personal data about you (hereinafter referred to as "registration data").

These are at least:

The processing of this registration data by LexCom is carried out in particular in the following cases for the fulfilment of your contract and for the provision of the respective LCi platform service in accordance with Art. 6 (1) b) GDPR:

In addition, LexCom may use the registration data for the following additional purposes for legitimate interest in accordance with Art. 6 (1) f) GDPR:

5. User administration

Users who are stored in the system as account administrators ("admin") can log in to the LCI platforms with their access data and, among other things, have the option of creating new/additional users from their own organisation with corresponding authorisations in the system. These users will then receive their individual access data to the e-mail address provided by the admin. We process the personal data stored on the LCi platforms by the admin on their own responsibility to provide the service in accordance with Art. 6 (1) b) GDPR.

6. Payment data

If necessary, LexCom will process your payment data such as bank and credit card details for the purpose of payment processing and billing in accordance with the payment method you have selected. Various payment options are available to you for the purchase of LCi platform subscriptions, depending on your country:

The processing of your payment data by LexCom is necessary for the fulfilment of your contract with LexCom, see Art. 6 (1) b) GDPR. LexCom needs this information to bill you for LexCom services and to be able to contact you if you have any questions about payment and contract fulfilment.

7. Order transmission

Via the "OrderManagement" ordering system, users who have been activated for this function as authorised dealers by the respective manufacturer via the LCi platform can initiate orders for spare parts from them (for a more detailed description, see section 12). Users who are registered as end customers also have the option of placing orders with certain dealers via the "DealerShop" (see section 7 for a more detailed description). The personal data processed as part of these various services is referred to collectively below as "order data".

These are in particular/for example:

LexCom transfers this data collected from you in individual cases to the respective order recipients as part of the transmission of your order enquiry. This processing then serves to fulfil the contract in accordance with Art. 6 (1) b) GDPR.

The order data may also be evaluated internally by LexCom for product development purposes in the interests of the customer (e.g. as part of shopping basket analyses to determine product suggestions) on the basis of a legitimate interest in accordance with Art. 6 (1) f) GDPR. In addition, order data may be forwarded to manufacturers and/or importers, e.g. in the form of statistics, for the purpose of measuring success and optimising sales. In the cases mentioned here, personal data is generally not part of the processing and is pseudonymised/anonymised where possible. Otherwise, your personal data will be processed exclusively on the basis of your consent in accordance with Art. 6 (1) a) GDPR or another permissible legal basis.

8. Dealershop

Users who have been authorised by at least one manufacturer as an authorised dealer have the option of purchasing a subscription via the LCi Platform to operate an online shop for the sale of spare parts from the respective manufacturer in their own name to other registered LCi Platform users (hereinafter "DealerShop").

LexCom must process the user's personal data required for the billing of the subscription and for the setup, provision and support of the "DealerShop" in accordance with Art. 6 (1) b) GDPR.

In addition, the processing of all personal data within the "DealerShop", including in particular the data stored by the user in the backend and the order data collected in the context of spare parts orders, is carried out on behalf of and under the legal responsibility of the user.

LexCom acts as the technical provider and operates and maintains the "DealerShop" in accordance with its own data protection regulations, whereby the legal responsibility lies with the respective shop operator.

9. Mobile

The following functions in particular are available to you via the "Mobile" service after logging in with your user data:

In this context, various personal data of yours will be processed depending on the function selected. The legal basis is Art. 6 (1) b) GDPR if this is necessary to fulfil the contractual relationship and our legitimate interest pursuant to Art. 6 (1) f) GDPR if data is processed for our own purposes (see section 6).

10. OfflineCatalog

The "OfflineCatalog" summarises locally installed applications from various manufacturers that are offered by the LCi platform independently of the online subscriptions and are based on the so-called DICSY framework.

These are in particular the following applications:

Within the applications, spare parts can be researched in the respective brand catalogue and placed in a shopping basket. Generated shopping baskets can either be saved locally or uploaded to the LCi platform via an internet connection.

To ensure the security of user data, user authentication and licence allocation are carried out via the LCi platform administration.

The software is then installed on a computer and can be operated completely offline for a period of 30 days. During this time, the user data is stored locally and encrypted. To update the catalogue, a delta update function is available in most cases, which requires an Internet connection.

For correct authentication/licensing and online use of the "OfflineCatalog", we must process your personal data as described above. The legal basis is Art. 6 (1) b) GDPR.

11. Warranty

The "Warranty" service is a module for processing warranty claims that is used between the retailer and manufacturer in the event of a warranty claim by the end customer.

Various personal data are processed in this context. The legal basis in this case is Art. 6 (1) b) GDPR. If you process personal data of your (end) customers via our service, this is done on the basis of the order processing agreement concluded between you and LexCom as part of the registration on the LCi platforms in accordance with Art. 28 GDPR.

12. Utilisation analysis

As described below, LexCom processes data about the extent and manner of your use of the LCi platform services (hereinafter referred to as "usage data"). This includes, for example, the following data:

On the one hand, LexCom must monitor the scope of use in order to determine the necessity of a fee-based "OnlineCatalog" subscription in accordance with the General Terms and Conditions. This processing is therefore necessary for the fulfilment of the contract in accordance with Art. 6 (1) b) GDPR.

In addition, usage data can be analysed in a targeted manner, e.g. to measure the relevance or success of the function or - in the absence of use - to identify possible problems and then contact users in a targeted manner. These evaluations always serve exclusively to measure success and usage as well as to optimise products and sales in the interests of the customer and represent a legitimate interest of LexCom pursuant to Art. 6 (1) f) GDPR. P Personal data is pseudonymised or anonymised where possible and otherwise only processed if it is absolutely necessary to achieve the purpose or if you have given us your consent in accordance with Art. 6 (1) a) GDPR.

Furthermore, LexCom may also analyse usage data on an ongoing basis to detect unlawful and/or abusive use of LexCom services. Personal data is only analysed if there is reasonable suspicion of misuse of the LCi platform services by a specific user account. This analysis serves to protect the LCi platform services and the data contained therein as well as your protection as a user and your data against misuse and attacks and thus represents a legitimate interest of LexCom pursuant to Art. 6 (1) f) GDPR.

13. Interfaces

13.1 PartsLocator

Here you can check the availability of a required original spare part in your region. To do this, you may first have to register in the "PartsLocator" in order to be able to start the corresponding search.

In this context, your personal data will be processed in accordance with Art. 6 (1) b) GDPR.

These are in particular 

13.2 Connect

Connect enables an automated upload of shopping baskets between "OfflineCatalog" or Dealer Management System (DMS) and "OrderManagement".

In this context, personal data (such as customer name, customer reference, etc.) is processed. This depends on the information you have provided when creating shopping baskets. The legal basis for the processing of personal data in this context is Art. 6 (1) b) GDPR.

13.3 Basket

The basket interface enables the transfer of a shopping basket from the "OnlineCatalog" or "OfflineCatalog" to the Dealer Management System (DMS). Alternatively, there is the option of uploading prepared order lists to "OrderManagement". This is done manually by you as the user.

In this context, personal data (such as customer name, customer reference, etc.) is processed. This depends on the information you have provided when creating shopping baskets. The legal basis for the processing of personal data in this context is Art. 6 (1) b) GDPR.

14. Contact by e-mail or contact form

If you send us enquiries via the LCi platform services or by e-mail, we will store your details and the personal data you provide there, including any files you may have transmitted. This serves to process your enquiry and in the event of follow-up questions.

Under no circumstances will we pass on this data without your consent. The legal basis for processing the data is our legitimate interest in responding to your enquiry in accordance with Art. 6 (1) f) GDPR and, if applicable, Art. 6 (1) b) GDPR if your enquiry is aimed at concluding a contract.

Your data will be deleted after final processing of your enquiry, provided that there are no statutory retention obligations or a legitimate interest pursuant to Art. 6 (1) f) GDPR, in particular for the examination of post-contractual claims. In the case of Art. 6 (1) f) GDPR, you can object to the processing of your personal data at any time.

15. Cookies

"Cookies" are small files that enable us to store specific information relating to you, the user, on your PC or other end device while you are using the LCi platform services. Cookies help, for example, to determine the frequency of use and the number of users of web services, to analyse user behaviour on websites, to increase security and to make web services as convenient, efficient and interesting as possible.

After you have logged in (with your company ID and/or user name and password), the LCi platform services use so-called "session cookies", which can be used to identify you for the duration of your visit. At the end of the session, session cookies expire automatically, i.e. they are deleted.

On the other hand, the LCi platform services use "persistent cookies". These cookies are used to store information about visitors who repeatedly access the LCi platform services (e.g. company ID, user name, language, timestamp of last use). The purpose of using these permanent cookies is, on the one hand, to present LCi platform services to you in the correct language before you have logged in. On the other hand, you can return directly to your last session if you did not log out at the end of your last use of the LCi platform service. The cookies we set do not create an individual profile of your usage behaviour. The cookies are automatically deleted at the latest 4 weeks after the last use.

Under certain circumstances, you can deactivate the storage of cookies in your browser, restrict it to certain websites or set your browser to notify you as soon as a cookie is sent. You can also delete cookies from your end device at any time. Please note, however, that it will not be possible to use the LCi platform services if user cookies are rejected.

We use so-called pixels, web beacons, clear GIFs or similar mechanisms ("pixels"). A pixel is an image file or a link to an image file that is inserted in the website code but is not located on your end device (e.g. computer, smartphone, etc.). Pixels enable us, for example, to determine the browser used or the screen resolution. We do not establish a personal reference when using pixels. Personalised tracking does not take place either. Pixels usually work in conjunction with cookies. If you have deactivated cookies, the pixel will only determine an anonymous website visit.

16. Log files

Each time platform services are accessed, access data is stored in log data.

The data record stored in the process contains the following data in particular (hereinafter collectively referred to as "log files"):

On the one hand, LexCom requires this log data to recognise and rectify technical errors, e.g. faulty links or programme errors, i.e. for the further development of the LCi platform services.

Furthermore, LexCom may continuously analyse the log files to detect illegal and/or abusive use of the LCi platform services. Personal data will only be analysed if there is reasonable suspicion of misuse of the platform services by a specific user account. This analysis serves to protect the LCi platform services and the data contained therein as well as to protect users and their data from misuse and attacks.

On the other hand, LexCom may use the log data to analyse the use of the LCi platform services (e.g. certain functions) in more detail. This processing also serves exclusively to further develop the LCi platform services in the interests of the customer. At no time is the usage behaviour of specific accounts or users analysed. Personal data is pseudonymised and/or anonymised where possible.

The processing of data for the above-mentioned purposes is based on LexCom's legitimate interest pursuant to Art. 6 (1) f) GDPR).

The log files are stored in our computer centre for 6 months - unless longer storage is permitted, e.g. for the enforcement of legal claims - and then automatically deleted.

17. Hosting

The LCi platform services are mainly hosted on the controller's own internal servers and partly by Amazon Web Services, EMEA SARL, Axel-Springer-Platz 3, 20355 Hamburg, Germany (hereinafter: AWS) or the "Oracle Cloud Infrastructure" (OCI) on servers of Oracle America Inc, 2300 Oracle Way, Austin, TX 78741, USA (hereinafter: Oracle).

Your personal data will be stored by both AWS and Oracle - depending on your business/residence - in the EU or in another country outside the USA.

Nevertheless, a transfer of personal data to the USA cannot be completely ruled out. In this case, the transfer takes place on the basis of the EU-U.S. Data Privacy Framework. AWS and Oracle have a valid certification and thus demonstrate an adequate level of protection. Details on certification can be found here: https://www.dataprivacyframework.gov/list

Further information on the processing of personal data by AWS can be found at: https://aws.amazon.com/privacy/?nc1=h_ls.

Further information on the processing of personal data by Oracle can be found at:

https://www.oracle.com/legal/privacy/services-privacy-policy.html#legal

The legal basis for the processing is Art. 6 (1) f) GDPR. We have a legitimate interest in operating our services as efficiently and reliably as possible.

18. Other recipients of your personal data and transfer to third countries

Support by LexCom foreign companies: We process your personal data listed in the previous sections in the European Union and, where applicable, on behalf of third parties (in particular to provide support) in Brazil, China, Japan, the USA, Mexico and the United Kingdom. The processing in these third countries is carried out exclusively on the basis of an EU adequacy decision or EU standard data protection clauses in accordance with Art. 46 GDPR. You can view these under the following link: https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_de)

Analysis of web traffic by Akamai: In addition, your personal data listed in the previous sections will be processed by Akamai Technologies Inc. ("Akamai") through the integration of Akamai's delivery, security and analysis services.

On the one hand, the traffic of the web services is routed via Akamai servers in order to deliver the web services quickly, reliably and securely, to analyse them for malware and to prevent unauthorised access to them. This processing is carried out on behalf of the legitimate interest of LexCom in accordance with Art. 6 (1) f) GDPR.

On the other hand, Akamai also processes your data on its own responsibility in the form of generated log files. These may contain personal data in the form of IP addresses and evaluations of your usage behaviour of the LexCom web services and are used in particular for security analyses and to detect malicious patterns for the further development of Akamai services. Akamai does not use this data to identify natural persons or for the profiling of natural persons.

The transfer of your personal data to Akamai takes place on the basis of the EU-U.S. Data Privacy Framework. Akamai has a valid certification and thus demonstrates an adequate level of protection.

Details on certification can be found here:

https://www.dataprivacyframework.gov/s/participant-search/participant-detail?

For more information on the terms of use for the processing of personal data by Akamai and the Akamai Privacy Policy, please visit https://www.akamai.com/de/de/privacy-policies/.

Matomo Analytics: The LCi Platform/LexCom web services may use "Matomo Analytics" (formerly "Piwik"), a service provided by InnoCraft Ltd, 150 Willis St, 6011 Wellington, New Zealand, NZBN 6106769, to analyse your use of our web services ("Matomo").
We have configured Matomo so that the use of cookies is deactivated and your IP address is only processed in abbreviated form. This makes it impossible for us to identify you personally.

19. Duration of the storage of personal data

The duration of the storage of personal data is based on the relevant statutory retention periods (e.g. from commercial law and tax law). After expiry of the respective period, the corresponding data is routinely deleted. If data is required for contract fulfilment or contract initiation or if we have a legitimate interest in further storage, the data will be deleted if it is no longer required for these purposes or if you have exercised your right of revocation or objection.

20. Your rights

Under the applicable data protection laws, you are entitled to information about your data (Art. 15 GDPR), to rectification (Art. 16 GDPR) or erasure (Art. 17 GDPR) or to restriction of processing (Art. 18 GDPR) and to data portability (Art. 20 GDPR).

If you have any further questions on the subject of data protection when using the LexCom website and/or LexCom services or would like to assert the aforementioned claims, please contact our data protection officer directly:

LexCom Informationssysteme GmbH
- Data Protection Officer -
Rüdesheimer Str. 23
80686 Munich
privacy@lex-com.net

You also have the right to lodge a complaint with a supervisory authority responsible for data protection if you believe that LexCom is not complying with the applicable data protection laws.

21. Right of objection

If your personal data is processed by us on the basis of legitimate interest in accordance with Art. 6 (1) f) GDPR, you have the right to object to the processing of your personal data in accordance with Art. 21 GDPR, insofar as this is done for reasons arising from your particular situation. In this case, LexCom will no longer process the personal data unless LexCom can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the establishment, exercise or defence of legal claims.

If you wish to exercise your right of cancellation or objection, simply send an e-mail to privacy@lex-com.net.