Our Privacy Commitment

Last Updated: September 7, 2024

Table of Contents

1. Introduction
2. Information We Collect and How We Use It
3. Legal Basis for Processing
4. Data Storage and Security
5. Data Sharing and International Transfers
6. Your Rights Under GDPR
7. Cookies
8. Privacy by Design and Default
9. Data Protection Impact Assessment
10. Handling of Data Breaches
11. External Links
12. Changes to This Privacy Policy
13. Contact Information and Data Protection Officer
14. Right to Lodge a Complaint
15. Data Minimization
16. Automated Decision-Making

1. Introduction

Welcome to LemioCode, operated by Linkplicity GmbH. We appreciate your trust in our services. This Privacy Policy outlines how we collect, use, and protect your personal information when you use our QR code generation service. Please take a moment to review the following information.

If you have any questions or concerns, please contact us at:

• Email: [email protected]
• Company: Linkplicity GmbH
• Address: Donaufelder Straße 6/6, 1210 Vienna, Austria

2. Information We Collect and How We Use It

We collect and process the following personal data:

• Personal information (name, email address, company name) for order processing and communication
• Payment information for billing purposes
• Uploaded images and videos for QR code generation

As our services are designed for business-to-business (B2B) interactions, we may also process:

• Business contact information of your employees or representatives
• Company-specific data related to QR code usage and performance
• Contract and billing information specific to your business entity

We collect this information when you place an order for our QR code generation service. We process this information to maintain our business relationship and improve our services for corporate clients.

Detailed Data Processing

a) Processing of Images and Videos:

• Uploaded files are stored with AES-256-bit encryption.
• After QR code generation, original files are retained for 30 days and then automatically deleted.

b) Retention Periods:

• Order and billing information is kept for 7 years to comply with tax regulations.
• Communication records are retained for 3 years after the last interaction.
• QR code images and related data are stored for 1 year after generation, unless you request earlier deletion.
• Customer contacts: 3 years after the last interaction
• Usage statistics: 2 years in anonymized form

3. Legal Basis for Processing

The legal basis for this processing is:

1. The performance of our contract with you
2. Our legitimate business interests, which include:
   • Improving and personalizing our services
   • Ensuring the security of our website and services
   • Analyzing usage of our services to enhance user experience
   • Marketing our services to existing customers

Changes to Processing Purposes: If we intend to further process your personal data for a purpose other than that for which the personal data were collected, we will provide you with information on that other purpose and any relevant further information prior to that further processing. We will obtain your explicit consent for any new processing purposes.

4. Data Storage and Security

Your data is stored securely on servers located within the European Union. We implement appropriate technical and organizational measures to protect against unauthorized access, alteration, disclosure, or destruction of your personal data. These measures include:

• Encryption of data in transit and at rest
• Regular security audits and penetration testing
• Access controls and authentication mechanisms
• Employee training on data protection and security

We retain your personal data for the duration of our business relationship and beyond in accordance with legal retention requirements, typically up to 7 years after the last transaction.

5. Data Sharing and International Transfers

We do not sell or share your personal data with third parties unless required by law or necessary for the provision of our services (e.g., payment processors). Any third-party service providers we use are bound by contractual obligations to keep personal information confidential and use it only for the purposes for which we disclose it to them.

Currently, we do not transfer your personal data to countries outside the European Union. All our data processing activities take place within the EU. Should this change in the future, we will update this policy and ensure that any international transfers comply with GDPR requirements, including the use of Standard Contractual Clauses or other appropriate safeguards.

6. Your Rights Under GDPR

As a user based in the European Union, you have the following rights under the General Data Protection Regulation (GDPR):

• Right to access: You can request a copy of the personal data we hold about you.
• Right to rectification: You can ask us to correct any inaccurate or incomplete personal data.
• Right to erasure: In certain circumstances, you can ask us to delete your personal data.
• Right to restrict processing: You can ask us to restrict the processing of your personal data in certain circumstances.
• Right to data portability: You can request a copy of your personal data in a machine-readable format.
• Right to object: You can object to our processing of your personal data in certain circumstances.

To exercise any of these rights, please contact us at [email protected]. We will respond to your request within one month.

7. Cookies

We use only essential cookies that are strictly necessary for the basic functionality of our website. These cookies do not collect any personal information and are used solely to ensure the proper operation of our service. Specifically:

1. Session Cookie: Used to maintain your session while using our service. This cookie is temporary and is deleted when you close your browser.
2. CSRF Token Cookie: Used to prevent cross-site request forgery attacks, enhancing the security of your interaction with our service. This cookie is also temporary and is deleted when you close your browser.

We do not use any tracking, marketing, or analytics cookies. By using our service, you consent to the use of these essential cookies. You can configure your browser to block or alert you about these cookies, but this may cause some parts of the site to not function properly.

For more information about how we use cookies, please contact us at [email protected].

8. Privacy by Design and Default

Our services have been developed according to the principles of data protection by design and by default. This includes:

• Minimal data collection
• Automatic deletion of data no longer needed
• Encryption of all sensitive data
• Default privacy settings that are always set to the most privacy-friendly option

9. Data Protection Impact Assessment

We have conducted a Data Protection Impact Assessment in accordance with Art. 35 GDPR and continuously implement measures to minimize risks. This assessment helps us identify and mitigate any potential risks to your personal data. We review and update this assessment regularly to ensure ongoing compliance and data protection.

10. Handling of Data Breaches

In the unlikely event of a data breach, we will:

1. Inform the competent supervisory authority within 72 hours.
2. Notify affected customers immediately.
3. Take immediate measures for containment and remediation.
4. Provide you with information about the breach and our response to it.

11. External Links

Our website may contain links to external sites. Aesthetic Technology is not responsible for the privacy practices or content of these third-party sites. We encourage users to be aware when leaving our site and to read the privacy statements of any other website that collects personal information.

12. Changes to This Privacy Policy

We reserve the right to update or modify this Privacy Policy at any time. Any changes will be effective immediately upon posting on our website. For material changes, we will notify you via email or a prominent notice on our website at least 30 days before the changes take effect. We encourage you to review this Privacy Policy periodically to stay informed about how we protect your personal information.

13. Contact Information and Data Protection Officer

If you have any questions or concerns regarding this Privacy Policy or our data protection practices, please contact us at:

• Email: [email protected]
• Company: Linkplicity GmbH
• Address: Donaufelder Straße 6/6, 1210 Vienna, Austria

Data Protection Officer: While we are not required to appoint a Data Protection Officer under Article 37 of the GDPR, we have voluntarily designated a contact person for data protection matters. For any data protection related inquiries, please use the email address provided above.

14. Right to Lodge a Complaint

You have the right to lodge a complaint with a data protection supervisory authority about our processing of your personal data. The competent supervisory authority in Austria is the Austrian Data Protection Authority (Österreichische Datenschutzbehörde, www.dsb.gv.at).

15. Data Minimization

We collect and process only the data absolutely necessary for service provision. Regular audits ensure that no superfluous data is stored. We continuously review our data collection practices to ensure we only collect and retain data that is essential for providing and improving our services.

16. Automated Decision-Making

We do not use automated decision-making, including profiling, as defined in Article 22 of the GDPR in our business processes. All significant decisions related to our services are made with human involvement.

Thank you for choosing Aesthetic Technology. We are dedicated to protecting your privacy and providing a secure and enjoyable experience on our website.