Privacy policy

The protection of your personal data is vitally important to us. We handle your information transparently and responsibly – in accordance with applicable data protection laws.

In this privacy policy we provide information about the personal data we process when you visit our website, when you use our online services, and in the course of other business processes. “Personal data” is any data that relates to an identified or an identifiable person.

We have taken comprehensive technical and operational precautions to protect your data against accidental or intentional manipulation, loss, destruction, and access by unauthorized persons. Our security procedures are reviewed regularly and adapted to technological progress.

1. Data controller
The controller pursuant to Art. 4 para. 7 of the EU General Data Protection Regulation (GDPR) is 

LAP GmbH Laser Applikationen
Zeppelinstr. 23
21337 Lüneburg
Germany
E-mail: info@lap-laser.com

Contact details of the data protection officer:
You can contact our data protection officer at Datenschutz@lap-laser.com or at our postal address with the addition “für den Datenschutzbeauftragten” (“for the data protection officer”).

2. Your rights

If your personal data is processed, you are a “data subject” within the meaning of the GDPR. You therefore have the following rights vis-à-vis the controller:

Right to information (Art. 15 GDPR): You have the right to request information about which personal data about you is being processed and for what purposes.

Right to rectification (Art. 16 GDPR): You have the right to request that we immediately rectify any inaccurate personal data or complete any incomplete personal data.

Right to erasure/”right to be forgotten” (Art. 17 GDPR): You have the right to request that we erase your personal data immediately if one of the following reasons applies:

• The data is no longer necessary for the purposes for which it was collected.

• You withdraw your consent and there is no other legal basis for processing.

• You object to the processing (Art. 21 GDPR).

• The data has been processed unlawfully.

• The erasure is necessary for compliance with a legal obligation.

Please note: The right to erasure does not apply if processing is necessary, e.g., to fulfill a legal obligation or to assert legal claims.

Right to restriction of processing (Art. 18 GDPR): You have the right to request the restriction of processing of your personal data in the following cases:

• You contest the accuracy of the data (for the duration of verification).

• The processing is unlawful but you oppose the erasure.

• We no longer need the data, but you need it to establish legal claims.

• You have objected and it is not yet clear whether our legitimate reasons prevail.

Right to data portability (Art. 20 GDPR): You have the right to receive the personal data concerning you that you have provided to us in a structured, commonly used, and machine-readable format.

Right to object (Art. 21 GDPR): You have the right to object to the processing of your personal data at any time for reasons arising from your particular situation, provided that this is based on Art. 6 para. 1 lit. e or f GDPR. This also applies to profiling on this basis.

If we process your data for direct marketing purposes, you may object to this processing at any time, even without giving any specific reasons.

Right to withdraw consent (Art. 7 para. 3 GDPR): If you have given us your consent to process your data, you can withdraw this consent at any time with future effect. The lawfulness of the processing carried out until then remains unaffected.

Right to lodge a complaint with a supervisory authority (Art. 77 GDPR): You have the right to lodge a complaint with a data protection supervisory authority if you believe that the processing of your personal data violates data protection law.

The supervisory authority responsible is, for example, the supervisory authority of your habitual residence, your place of work, or the place of the alleged infringement.

3. Data collection when you visit our website

3.1 Collection of personal data when you visit our website
When you use our website for informational purposes only, i.e., if you do not register or otherwise provide us with information, we collect only the personal data that your browser transmits to our server. If you wish to view our website, we collect the following data, which is technically necessary for us to display our website and to ensure stability and security. The legal basis for this is Art. 6 para. 1 f GDPR.

• IP address, date and time of the request, time zone difference to Greenwich Mean Time (GMT), content of the request (specific page), access status/HTTP status code, amount of data transferred in each case, website from which the request comes, browser, operating system and its interface, and language and version of the browser software.

Our website uses SSL or TLS encryption for security reasons. 

3.2 Cookies

3.2.1 General

In order to make visiting our website attractive and to enable the use of certain functions, we use so-called cookies on various pages. These are small text files that are stored on your device. Some of the cookies we use are deleted after the end of the browser session, i.e., after you close your browser (so-called session cookies). Other cookies remain on your device and enable us or our partner companies to recognize your browser the next time you visit (so-called long-term cookies). Cookies cannot be used to access other files on your computer or to determine your e-mail address. In addition, various third-party services that are integrated into our website are loaded when you call up the website and can transmit personal data to the service providers (hereinafter “services”).

The first time you visit our website, our consent banner (Usercentrics) appears, allowing you to accept or reject the use of all cookies and services that are not strictly necessary.

The cookies and services listed in the cookie information are used on this website. We do not enable functional cookies/services or those used for marketing purposes until you have actively consented. The legal basis for the use of functional and marketing cookies and services is your consent (Art. 6 para. 1 a GDPR) and for necessary cookies and services, our legitimate interest in operating the website (Art. 6 para. 1 f GDPR).

You can withdraw or modify your consent for functional and marketing cookies at any time via the Cookie Information link. Withdrawal of consent takes effect only in the future.

For additional information regarding cookies and services and their storage period, refer to the Cookie Information.

You can also disable or restrict the transfer of cookies by changing the settings of your web browser. You can delete cookies that have already been stored at any time.

3.2.2 Necessary cookies/services

These cookies and services enable basic functions of our websites. They are essential to access our websites and to use the basic functions of the websites. Without the use of these cookies and services, the website may not function properly or at all. The legal basis for processing personal data collected with the necessary cookies/services is Art. 6 para. 1 lit. f GDPR (legitimate interest in the technically proper display of our website).

The use of the Usercentrics Consent Management Platform, a tool for managing cookie consent, is also based on Art. 6 para. 1 lit. c GDPR (compliance with legal obligations). This platform sets a technically necessary cookie in which the consent status is stored.

3.2.3 Functional and marketing cookies/services

With your consent (Art. 6 para. 1 lit. a GDPR), we use cookies and services via the cookie banner that allow us to statistically evaluate the use of our website, analyze user interests, display targeted advertising and measure the effectiveness of advertising campaigns. We also integrate third-party services that provide additional functions. The following data may be processed thereby:

• IP address, information about pages visited, clicks, length of stay, technical information (browser type, device type, operating system), referrer URL, campaign data (e.g., which advertisement brought you to our site).

This data may also be transferred to the respective service providers that may also be located in third countries, notably in the USA.  These transfers are based on the EU–US Data Privacy Framework and/or additionally on standard EU contractual clauses including technical and organizational protective measures in accordance with Art. 46 GDPR. The service providers also process data for their own purposes to some extent. We have no influence on the processing of transmitted data by the service providers.

3.2.4 Integrated third-party services

Google Maps map service: The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Through our use of Google Maps, information about the use of our website (including your IP address) may be transmitted to a Google server in the USA and stored there. Google may pass this data on to third parties if required by law or if third parties process this data on behalf of Google. We use Google Maps to enable you to view our locations in an appealing manner and to ensure that the locations specified by us on the website are easy to find.

YouTube video platform: The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. We use YouTube in extended data protection mode. According to YouTube, no information about visitors to our website is stored in this mode before they view the video. A connection to YouTube’s servers is not established until you start a video. YouTube is informed which of our pages you have visited. If you are logged in to your YouTube account, YouTube can link your surfing behavior to your personal profile. policies.google.com/privacy

Google Fonts for uniform font display: The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. When you visit a page, your browser loads the required web fonts into your browser cache to display texts and fonts correctly. For this purpose, the browser you are using must connect to Google’s servers. This allows Google to know that our website has been accessed via your IP address. developers.google.com/fonts/faq/privacy

Google Translate to provide content in other languages: The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). When you use Google Translate, your IP address is transmitted to Google. Google may also set cookies to provide the translation function and analyze usage. https://policies.google.com/privacy

The use of the aforementioned services is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR, provided that you have given your consent via our cookie banner. You can withdraw your consent at any time via the cookie settings, whereby you may no longer be able to use the services via our website or functions may no longer be displayed.

Processing is also partly based on a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR in order to present website content in a uniform and appealing manner.

The integrated Google services may transmit your data to servers of Google LLC in the USA. The transfer takes place based on the EU–US Data Privacy Framework and additionally on standard contractual clauses. For additional information, refer to https://policies.google.com/privacy

4. Contact via e-mail or contact form
When you contact us by e-mail or via a contact form, the data you provide (your e-mail address, your name and telephone number, if applicable) will be stored by us in order to answer your questions. If we request information via our contact form that is not required for establishing contact, we always mark these fields as optional. This information helps us define your request more specifically and improve the processing of your inquiry. We may forward your request directly to the sales partner responsible for you (see item 13 below).  This may involve the transfer of data to independent third parties outside the EU/EEA.  The provision of this information is expressly voluntary and takes place with your consent, Art. 6 para. 1 a GDPR. 

We process the data we store in connection with your contact in order to answer and process your inquiry. If a business relationship results from your contact, we will store your contact data in our customer management system and also use it for our own advertising purposes; otherwise, we will delete your contact data. 

5. Job applications
You can apply to our company electronically, in particular via e-mail or web forms. We will, of course, use your information exclusively for processing your application and will not pass it on to third parties. Please note that e-mails sent without encryption are not transmitted in a secure manner. 

If you have applied for a specific position and this position has already been filled, or if we consider you to be equally or even better suited for another position, we would like to forward your application within the company. We require your separate consent for this. Your personal data will be deleted after completion of the application process at the earliest after 2 months and at the latest after 6 months, unless you have explicitly given us your consent to store your data for a longer period or a contract has been concluded.

The legal basis is Art. 6 para. 1 lit. a and b GDPR and § 26 BDSG (German Federal Data Protection Act).

Our career page at career at lap.com, through which the web forms for applying are also provided, is hosted by an external service provider (server in Germany/EU). The applicant data you enter via the career page is transmitted to us (and only to us) in encrypted form. The service provider or other third parties can neither access nor view your data.

The page uses cookies for analysis and measurement of key figures; you can accept or reject these cookies via the separate cookie banner on the page. If you reject the cookies, you will not be restricted from using the page in any way.

All connections with the page are also encrypted using TLS.

6. Chatbot
We offer a digital and AI-based chatbot for automated answers to questions. The use of this chatbot and the associated entry of personal data is voluntary and based on your consent in accordance with Art. 6 para. 1 lit. a GDPR. Your personal data will be used to provide the chatbot services and to answer your questions. Further personal data may be requested via the contact form / product configurator, which may then also be used by LAP for advertising purposes. Chats are stored by the provider Zapier Inc. in the USA. Chats are automatically deleted after 60 days. For additional information, refer to Security and Compliance – Zapier

A contract including the standard EU contractual clauses in accordance with Art. 46 GDPR exists with the provider to process tasks.

You can withdraw your consent to use of the chatbots at any time with future effect by not using the chatbot further or by contacting us directly.

7. Calendly

You can use this function via our website to book appointments directly with our employees. When you book an appointment, we request certain personal data (name, company, contact details). This data is necessary to create and conduct the appointment. The processing of your personal data is based on your consent in accordance with Art. 6 para. 1 a GDPR. We store your collected data in accordance with data protection requirements.

8. Social media

We maintain publicly accessible profiles in various social networks, including Xing, LinkedIn, Facebook, and Instagram as well as a YouTube channel for presenting our company, our products, and our services and for communication. Our website contains links to these profiles. When you visit our website, data is not yet transmitted to the social media platforms. This does not occur until you click the respective social media profile. If you are logged in to your corresponding account, the respective platform operator can link your visit to your user account.

The social networks are merely an additional offering for you. We point out that you use social networks and their functions at your own risk. This applies in particular to the use of interactive functions (such as commenting, sharing, rating).

 The legal basis for operating our social media presence is Art. 6 para. 1 lit. f GDPR (legitimate interest in external presentation and communication with users).

When you visit our social media profiles, personal data is processed by the platform operator and by us, e.g., publicly visible profile data, communication data, interaction data, and statistical and technical data. The respective platform operator bears the primary responsibility for the processing of personal data on the platforms. This operator independently decides especially about the technical basis of data processing and the purposes of processing on the platform (e.g., profile development, tracking, audience measurement, advertisements). As the user, you decide which information about your profile is made public.

As the operator of the company page, we decide on the website settings within the scope of the options provided by the platform operators. We can also receive so-called page insights, i.e., statistical data in aggregated form that provides us with insights into the use of our social media channels, from the platform operators, whereby we share responsibilities for audience measurement, statistical function, and target group analysis with the platform operators. However, the platform operators make the decision on the collected data categories, for which purpose these categories are processed, and how long the data is stored. We use the page insights data provided by the platforms to improve our offering. However, we have no influence on the independent data processing operations of the platforms.

The joint responsibility is governed by the joint controller contracts.

• https://legal.linkedin.com/pages-joint-controller-addendum

• https://www.facebook.com/legal/terms/page_controller_addendum

• https://www.facebook.com/legal/controller_addendum

The platform operators can also transfer personal data to countries outside the European Union (EU) and the European Economic Area (EEA), in particular to the USA, and process it there. If such a third country does not offer a data protection level comparable to that of the EU, the transfer occurs on the basis of suitable guaranties within the meaning of Art. 44 ff. GDPR (e.g., standard EU contractual clauses or adequacy decision of the EU Commission). The respective platform operators provide pertinent details in their privacy notices.

Facebook

https://www.facebook.com/privacy/policy and

Xing

privacy.xing.com/en/privacy-policy

LinkedIn

www.linkedin.com/legal/privacy-policy

Instagram

privacycenter.instagram.com/policy/

YouTube

policies.google.com/privacy

We ourselves transmit personal data to recipients in third countries only if the legal prerequisites are met.

In connection with our social medial profiles, you are also entitled to the rights of data subjects described in this privacy policy (see “Your rights”). However, please note that we do not have direct access to all data processing operations performed exclusively by the platform operator.

WeChat: For the Chinese market we offer the use of WeChat, a communication service of Tencent Holdings Ltd., to keep in touch with customers, interested parties, or business partners. This service is used exclusively on a voluntary basis of the users when they contact us via their WeChat accounts or subscribe to our WeChat channels.

Tencent processes personal data during communication via WeChat, such as chat contents, device information, IP addresses, or usage data. We ourselves process the data only to work on your inquiry or to communicate with you (performance of a contract; consent, if initiated voluntarily).

Please note that WeChat is a service whose provider is headquartered in China and personal data is processed in China. We therefore offer this service only to customers of LAP Laser Applications China Co. Ltd. We have no influence on data processing by Tencent.

If you do not want WeChat to process your data, please use alternative contact options such as e-mail or telephone. For additional information on data processing by WeChat, refer to Tencent’s privacy policy:
www.wechat.com/en/privacy_policy.html

9. Newsletter

If you would like to receive the newsletter offered on the website, we require your e-mail address so that we can add you to our distribution list. Other data will not be collected or will be collected only on a voluntary basis. Registration for our newsletter is voluntary and takes place on the basis of your consent (Art. 6 para. 1 lit. a GDPR). We use the collected data to send the requested information. In addition, your data is stored in our customer management system. We can also analyze your opening and clicking behavior via the newsletter distribution. We do not pass on the collected data to third parties. 

You can withdraw your consent to receiving the newsletter at any time with future effect by clicking the “Unsubscribe” link in the newsletter. The legality of the data processing operations already carried out remains unaffected by the withdrawal.

The data you provide us with for the purpose of receiving the newsletter will be stored by us until you unsubscribe from the newsletter and will be deleted after you unsubscribe. Data stored by us for other purposes remains unaffected by this.

10. Online conferences

We use the "Microsoft Teams" online conference tool to hold online meetings, webinars, and video conferences. The provider is Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA. Even though data from European customers is stored in the EU/EEA according to Microsoft, it cannot be ruled out that the data may also be transferred to the USA.

When you communicate with us via Microsoft Teams (or other video or audio conferencing tools) over the Internet, your personal data will be collected and processed by us and the provider of the respective conference tool.

The legal basis for the processing of your personal data is Art. 6 para. 1 lit. a GDPR (voluntary use of Microsoft Teams for communication with LAP), Art. 6 para. 1 lit. b GDPR (performance of a contract), or Art. 6 para. 1 lit. f GDPR (legitimate interest in efficient communication).

The conference tools collect all data that you provide/enter to use the tools (e-mail address and/or your telephone number). Furthermore, the conference tools process the duration of the conference, the start and end (time) of participation in the conference, the number of participants, and other “contextual information” related to the communication process (metadata).

Furthermore, the tool provider processes all technical data required for the handling of online communication. In particular, this includes IP addresses, device IDs, device type, operating system type and version, client version, camera type, microphone or loudspeaker, and the type of connection.

If content is exchanged, uploaded, or made available in any other way within the tool, this will also be stored on the tool provider’s servers. In particular, such content includes cloud recordings, chat/instant messages, voicemails, uploaded photos and videos, files, whiteboards, and other information shared during the use of the service.

Please note that we have no influence on the data processing operations of the providers of the tools used or on how long they store data.

The data collected directly by us via the conference tools will be deleted from our systems as soon as you request us to delete it, withdraw your consent to its storage, or the purpose for which it was stored no longer applies.

Additional information: https://www.microsoft.com/en-us/privacy/privacystatement

Online conferences are recorded only with the consent of all participants. Online conferences are not transcribed. This function is not enabled by LAP.

11. Processing of personal data from business partners

In the course of cooperation with business partners, LAP processes personal data of contact persons for customers, suppliers, sales partners, and other partners (“business partners”). The data is processed for purposes of communication with business partners regarding LAP products and services, for planning, establishing, and managing the business relationship between LAP and the business partner, for purposes of accounting and billing, and in order to carry out deliveries, maintenance work, or repairs and, if applicable, to carry out compliance screenings.

In particular, contact information is processed, such as first and last name, business address, business telephone number, and business e-mail address; billing and payment information and any other information which must be processed within the scope of a project or processed to carry out a contractual relationship with LAP. In addition, LAP may access data that is available from publicly accessible sources.

Processing is based on Art. 6 para. 1 b GDPR to initiate, carry out, or fulfill contractual obligations, on Art. 6 para. 1 c GDPR to comply with legal obligations that LAP is subject to, and on Art. 6 para. 1 f to protect the legitimate interests of LAP. The legitimate interest of LAP is continually in initiating or carrying out the business relationship with the business partner.

We store data of business partners for the duration of the business relationship and in accordance with statutory retention periods.

LAP is a global company with affiliated companies headquartered in countries throughout the world. Sometimes we transmit personal data to recipients in a third country. In these cases, the transfer takes place in accordance with the data protection policies, especially for initiating and carrying out contracts.

12. Whistleblower system

When we receive messages via one of our whistleblower channels, we process relevant personal data about persons relevant to the respective context that we have received or collected directly from the whistleblower’s report. We process the aforementioned data for the whistleblower process and the respective investigation in compliance with all legal provisions, in particular data protection, whistleblower, and labor law regulations, on the basis of Art. 6 para. 1 lit. b GDPR (performance of a contract), Art. 6 para. 1 lit. c GDPR (fulfillment of legal obligations), and Art. 6 para. 1 lit. f GDPR (safeguarding of our legitimate interests). Such legitimate interests may include, for example, the prevention and detection of criminal offenses. There is no obligation to provide personal data. LAP offers whistleblowers the option of submitting information anonymously. The data will be stored for the duration of handling of a reported incident and for the statutory retention period.  Personal data will be passed on within the scope of the investigation only in accordance with the applicable provisions of the Whistleblower Protection Act. The data will be transferred to third countries only to the extent that this is mandatory to clarify the facts and the legal requirements are met.

13. Transfer to third parties 

We use external service providers for various processing tasks; they process personal data exclusively on our behalf and according to our instructions (so-called processors in accordance with Art. 28 GDPR), e.g., hosting and cloud services, IT support, CRM systems.

In accordance with Art. 28 GDPR, we have contractual agreements with all processors, who guarantee that personal data is processed only within the agreed scope and according to our documented instructions. The service providers are committed to confidentiality, have appropriate technical and organizational measures for data security, and do not process the data for their own purposes. If data is processed by processors outside the European Union, we ensure that suitable guarantees exist for this purpose in accordance with Art. 44 ff. GDPR (e.g., EU–US Data Privacy Framework, standard contractual clauses, or complementary protective measures).

Your data is not transferred to other third parties unless we are legally required to do so or the transfer of the data is necessary to fulfill the contractual relationship (e.g., to affiliated companies, to shipping companies hired to perform delivery, online payment providers). Furthermore, we can transfer data for purposes of initiating and carrying out contracts within the LAP Group as well as to our external sales partners who are responsible for your region. For customers of the American market, e.g., we transfer data to the sales partners who operate in the corresponding American markets, and for Asian customers, to our sales partners in Asia.

The legal basis for the transfer of your data to a third country is your explicit consent in accordance with Art. 49 para. 1 a) GDPR and/or the performance of a contract between you and us or the implementation of pre-contractual measures taken at your request in accordance with Art. 49 para. 1 b) GDPR.

14. Storage period

We process your personal data for only as long as necessary to fulfill the purpose of the processing or until you withdraw your consent, unless legal obligations or the establishment, exercise, or defense of legal claims necessitate a longer storage period.

15. Links to other websites

The LAP websites may contain links to third-party websites and applications. This privacy policy applies only to LAP websites and does not extend to the processing of personal data by third-party providers. For information on the processing of your personal data, we recommend that you read the privacy policies of these companies. We assume no responsibility for the content of external websites.

15.1 RadCalc login

Via our login area you are routed to an area managed by Salesforce. This page does not use third-party cookies.
 

16. Profiling

We do not make automated decisions or use profiling within the meaning of Art. 22 GDPR.

Last updated: February 2026

Changes are published on this page. Please review this page regularly.