Privacy policy
DATA PROTECTION STATEMENT
Below, we provide information about the collection of personal data when using our website and communicating online with LAP. Personal data is any data that can be related to you personally, e.g. name, address, email addresses, user behaviour. We have taken diverse technical and operational precautions to protect your data from accidental or intentional manipulation, loss, destruction or access by unauthorised persons. Our security procedures are regularly reviewed and adapted to technological progress.
1. Data controller
The controller pursuant to Art. 4 (7) of the EU General Data Protection Regulation (GDPR) is
LAP GmbH Laser Applikationen
Zeppelinstr. 23
21337 Lüneburg
Email: info@lap-laser.com
Contact details of the data protection officer:
You can contact our data protection officer at Datenschutz@lap-laser.com or at our postal address with the addition "for the data protection officer".
2. Your rights
If your personal data is processed, you are a "data subject" within the meaning of the GDPR. You therefore have the following rights vis-à-vis the controller:
Right to information (Art. 15 GDPR): You have the right to request information about which personal data is being processed about you and for what purposes.
Right to rectification (Art. 16 GDPR): You have the right to request that we immediately rectify any inaccurate personal data or complete any incomplete personal data.
Right to erasure/right to be forgotten (Art. 17 GDPR): You have the right to request that we erase your personal data immediately if one of the following reasons applies:
The data is no longer necessary for the purposes for which it was collected.
You withdraw your consent and there is no other legal basis for processing.
You object to the processing (Art. 21 GDPR).
The data has been processed unlawfully.
The erasure is necessary for compliance with a legal obligation.
Please note: The right to erasure does not apply if processing is necessary, e.g. to fulfil a legal obligation or to assert legal claims.
Right to restriction of processing (Art. 18 GDPR): You have the right to request the restriction of the processing of your personal data if:
you dispute the accuracy of the data (for the duration of the verification),
the processing is unlawful but you oppose the erasure,
we no longer need the data, but you need it to assert legal claims,
you have objected and it is not yet clear whether our legitimate reasons prevail.
Right to data portability (Art. 20 GDPR): You have the right to receive the personal data concerning you that you have provided to us in a structured, commonly used and machine-readable format.
Right to object (Art. 21 GDPR): You have the right to object to the processing of your personal data at any time for reasons arising from your particular situation, provided that this is based on Art. 6 para. 1 lit. e or f GDPR. This also applies to profiling based on this.
If we process your data for direct marketing purposes, you may object to this processing at any time, even without giving any specific reasons.
Right to withdraw consent (Art. 7(3) GDPR): If you have given us your consent to process your data, you can withdraw this consent at any time with future effect. The lawfulness of the processing carried out until then remains unaffected.
Right to lodge a complaint with a supervisory authority (Art. 77 GDPR): You have the right to lodge a complaint with a data protection supervisory authority if you believe that the processing of your personal data violates data protection law.
The supervisory authority responsible is, for example, the supervisory authority of your habitual residence, your place of work or the place of the alleged infringement.
3. Data collection when you visit our website
3.1 Collection of personal data when you visit our website
When you use our website for informational purposes only, i.e. if you do not register or otherwise provide us with information, we only collect the personal data that your browser transmits to our server. If you wish to view our website, we collect the following data, which is technically necessary for us to display our website and to ensure stability and security. The legal basis for this is Art. 6 para. 1 f GDPR:
–IP address, date and time of the request, time zone difference to Greenwich Mean Time (GMT), content of the request (specific page), access status/HTTP status code, amount of data transferred in each case, website from which the request comes, browser, operating system and its interface, language and version of the browser software.
Our website uses SSL or TLS encryption for security reasons.
3.2 Cookies
In order to make visiting our website attractive and to enable the use of certain functions, we use so-called cookies on various pages. These are small text files that are stored on your device. Some of the cookies we use are deleted after the end of the browser session, i.e. after you close your browser, (so-called session cookies). Other cookies remain on your device and enable us or our partner companies to recognise your browser the next time you visit (so-called long-term cookies). Cookies cannot be used to access other files on your computer or to determine your email address.
The cookies listed in the cookie information are used on this website.
Insofar as we use cookies that are strictly necessary for the provision of our websites, the legal basis for the processing of personal data using these cookies is Art. 6 para. 1 lit. f GDPR.
Personal data will only be processed by cookies for marketing purposes or for the compilation of statistics if you have given us your consent to do so. The legal basis for this is Art. 6 para. 1 lit. a GDPR.
You can withdraw your consent at any time without giving reasons by clicking on the following link and adjusting the permitted functions.
Cookies are stored on your device and you have full control over their use. You can disable or restrict the transfer of cookies by changing the settings of your Internet browser. Cookies that have already been stored can be deleted at any time. This can also be done automatically. If cookies are disabled for our websites, you may no longer be able to use all the functions of the websites to their full extent.
3.3 Analysis tools when visiting the website
We use the following advertising and tracking services: Cookie banner Usercentrics, tracking Microsoft Ads, tracking Facebook, Amazon AWS Content Delivery Network, tracking LinkedIn and Google Tag Manager.
The services used enable us, among other things, to statistically evaluate the use of our website via cookies, analyse user interests, display targeted advertising and measure the effectiveness of advertising campaigns. The following data may be processed: IP address, information about pages visited, clicks, length of stay, technical information (browser type, device type, operating system), referrer URL, campaign data (e.g. which advertisement brought you to our site).
Personal data will only be processed for analysis and marketing purposes or for the compilation of statistics if you have given us your consent via the cookie settings. The legal basis for this is Art. 6 para. 1 lit. a GDPR.
3.4 Integrated third-party services
Map service Google Maps: The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. By using Google Maps, information about the use of this website (including your IP address) may be transmitted to a Google server in the USA and stored there. Google may pass this data on to third parties if required by law or if third parties process this data on behalf of Google. Google Maps is used to enable you to view our locations in an appealing manner and to ensure that the locations specified by us on the website are easy to find. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR.
Video platform YouTube: The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. We use YouTube in extended data protection mode. According to YouTube, no information about visitors to this website is stored in this mode before they view the video. Only when you start a video is a connection to YouTube's servers established. YouTube is informed which of our pages you have visited. If your YouTube account is logged in, YouTube can assign your surfing behaviour to your personal profile.
Google Fonts for uniform font display: The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. When you visit a page, your browser loads the required web fonts into your browser cache to display texts and fonts correctly. For this purpose, the browser you are using must connect to Google's servers. This allows Google to know that our website has been accessed via your IP address.
Google Translate to provide content in other languages: The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). When you use Google Translate, your IP address is transmitted to Google. Google may also set cookies to provide the translation function and analyse usage.
The use of the aforementioned services is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR, provided that you have given your consent via our cookie banner. You can revoke your consent at any time via the cookie settings. Processing is partly based on a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR in order to present website content in a uniform and appealing manner.
4. Contact via email or contact form
When you contact us by email or via a contact form, the data you provide (your email address, your name and telephone number, if applicable) will be stored by us in order to answer your questions. If we request information via our contact form that is not required for establishing contact, we always mark this as optional. This information helps us to specify your request and improve the processing of your enquiry. We may forward your request directly to the sales partner responsible for you. This may involve the transfer of data to independent third parties outside the EU/EEA. The provision of this information is expressly voluntary and with your consent, Art. 6 para. 1 a GDPR. We are no longer responsible for data that is passed on to third parties within the meaning of the GDPR.
We will delete the data collected in this context after it is no longer necessary for storage or restrict its processing if there are legal retention obligations.
5. Applications
You can apply to our company electronically, in particular via email or web forms. We will, of course, use your information exclusively for processing your application and will not pass it on to third parties. Please note that emails sent without encryption are not transmitted in a secure manner.
If you have applied for a specific position and this has already been filled, or if we consider you to be equally or even better suited for another position, we would like to forward your application within the company. We require your separate consent for this.
Your personal data will be deleted after completion of the application process at the earliest after 2 months and at the latest after 6 months, unless you have expressly given us your consent to store your data for a longer period or a contract has been concluded. The legal basis is Art. 6 para. 1 a, b and f GDPR and § 26 BDSG.
This data is used to set up, provide and personalise your account. The legal basis is Art. 6 para. 1 a, b and f GDPR.
6. Chatbot
We offer a digital chatbot for automated answers to questions. The use of this chatbot and the associated entry of personal data is voluntary and based on your consent in accordance with Art. 6 para. 1 lit. a GDPR. Your personal data will be used to provide the chatbot services and to answer your questions. Further personal data may be requested via the contact form/product configurator, which may then also be used by LAP for advertising purposes. Chats are stored by the provider Zapier Inc. in the USA. Chats are automatically deleted after 60 days. Further information can be found at: Security and Compliance – Zapier
7. Social media
LinkedIn: Our website uses features of the LinkedIn network. The provider is LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland. When you visit one of our pages that contains a LinkedIn plugin, a connection to LinkedIn servers is established. This informs LinkedIn that you have visited our website. If you are logged in to LinkedIn, LinkedIn can associate the visit with your user account. Further information: www.linkedin.com/legal/privacy-policy
Xing: Our website uses functions of the XING network. The provider is New Work SE, Dammtorstraße 30, 20354 Hamburg. When you visit our pages that contain Xing functions, a connection to Xing servers is established. To the best of our knowledge, no personal data is stored. Further information: privacy.xing.com/de/datenschutzerklaerung
YouTube: Videos from the YouTube platform are embedded on our website (provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland). When you play a video, a connection to YouTube's servers is established. YouTube is informed which of our pages you have visited. If you are logged into your YouTube account, YouTube can assign your surfing behaviour to you. Further information: policies.google.com/privacy
We would like to point out that, as the provider of the pages, we have no influence on the content of the data transmitted or its use by the aforementioned services.
8. Newsletter
If you would like to receive the newsletter offered on the website, we require your email address and information that allows us to verify that you are the owner of the email address provided and that you agree to receive the newsletter. Further data will not be collected or will only be collected on a voluntary basis. We at use this data exclusively for sending the requested information and do not pass it on to third parties.
The processing of your data is based exclusively on your consent (Art. 6 para. 1 lit. a GDPR). You can revoke your consent to the storage of data, your email address and its use for sending the newsletter at any time, for example via the "Unsubscribe" link in the newsletter. The legality of the data processing operations already carried out remains unaffected by the revocation.
The data you provide us with for the purpose of receiving the newsletter will be stored by us until you unsubscribe from the newsletter and will be deleted after you unsubscribe. Data stored by us for other purposes remains unaffected by this.
9. Calendly
We use the Calendly tool to book appointments with our employees. When booking an appointment, we request certain personal data (name, company, contact details). This is necessary to create and carry out the appointment. The processing of your personal data is based on your consent in accordance with Art. 6 para. 1 a GDPR. We will not pass on your collected data to third parties.
10. Online conferences
We use the online conference tool "Microsoft Teams" to hold online meetings, webinars and video conferences. The provider is Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA. Even though data from European customers is stored in the EU/EEA in accordance with Microsoft, it cannot be ruled out that the data may also be transferred to the USA.
When you communicate with us via Microsoft Teams (or other video or audio conferencing tools) over the Internet, your personal data will be collected and processed by us and the provider of the respective conference tool.
The legal basis for the processing of your personal data is Art. 6 (1) lit. b GDPR (performance of a contract) or Art. 6 (1) lit. f GDPR (legitimate interest in efficient communication).
The conference tools collect all data that you provide/use to use the tools (e-mail address and/or your telephone number). Furthermore, the conference tools process the duration of the conference, the start and end (time) of participation in the conference, the number of participants and other "contextual information" related to the communication process (metadata).
Furthermore, the tool provider processes all technical data required for the processing of online communication. This includes, in particular, IP addresses, device IDs, device type, operating system type and version, client version, camera type, microphone or loudspeaker, and the type of connection.
If content is exchanged, uploaded or made available in any other way within the tool, this will also be stored on the tool provider's servers. Such content includes, in particular, cloud recordings, chat/instant messages, voicemails, uploaded photos and videos, files, whiteboards and other information shared during the use of the service.
Please note that we have no influence on the data processing operations of the providers of the tools used or on how long they store data.
The data collected directly by us via the conference tools will be deleted from our systems as soon as you request us to delete it, revoke your consent to its storage or the purpose for which it was stored no longer applies.
Further information: https://privacy.microsoft.com/de-de/privacystatement
Online conferences are only recorded with the consent of all participants. Online conferences are not transcribed. This function is not enabled by LAP.
11. Whistleblower system
When we receive messages via one of our whistleblower channels, we process relevant personal data about persons relevant to the respective context, which we have received or collected directly from the whistleblower's report. We process the aforementioned data for the whistleblower process and the respective investigation in compliance with all legal provisions, in particular data protection, whistleblower and labour law regulations, on the basis of Art. 6 para. 1 lit. b GDPR (performance of a contract), Art. 6 (1) lit. c GDPR (fulfilment of legal obligations), and Art. 6 (1) lit. f GDPR (safeguarding of our legitimate interests). Such legitimate interests may include, for example, the prevention and detection of criminal offences. There is no obligation to provide personal data. LAP offers whistleblowers the option of submitting information anonymously. The data will be stored for the duration of the processing of a reported incident and for the statutory retention period. Personal data will only be passed on within the scope of the investigation in accordance with the applicable provisions of the Whistleblower Protection Act.
12. Data transfer
Your data will not be transferred to third parties unless we are legally obliged to do so, or the transfer of data is necessary for the performance of the contractual relationship, or you have expressly consented to the transfer of your data in advance (e.g. via the cookie consent or the use of integrated third-party services). In addition, we can transfer your data to an external sales partner of LAP within or outside the EU/EEA for the purpose of initiating a contract.
The legal basis for the transfer of your data to a third country is, in accordance with Art. 49 (1) a) GDPR, your express consent and/or, in accordance with Art. 49 (1) b) GDPR, the fulfilment of a contract between you and us or the implementation of pre-contractual measures at your request.
External service providers and partner companies, such as online payment providers or the shipping company responsible for delivery, will only receive your data to the extent necessary to process your order. In these cases, however, the scope of the data transmitted is limited to the minimum required. Insofar as our service providers come into contact with your personal data, we ensure that they comply with the provisions of data protection laws in the same way within the framework of order processing in accordance with Art. 28 GDPR . Please also note the respective data protection information of the providers. The respective service provider is responsible for the content of third-party services, whereby we check the services for compliance with legal requirements within the scope of what is reasonable.
Last updated: October 2025