Effective date: 18-09-19
When we refer to Lorenz Technology, we refer to our services Lorenz AI-Link® and Lorenz Hive, our webpage, and our internal procedures, where we often switch between being the data processor and data controller, which are further explained in the section; “Data Controller or Processor”.
To contact us about your data, please write at firstname.lastname@example.org.
Data Controller or Processor?
In general, when using our services, our client will be the controller of data collected in the Lorenz Hive. Lorenz Technology acts in general as a data processor of clients’ data and as a controller of other information. With our services, we offer a secure way of storing data and only the minimum number of employees at Lorenz Technology can access client data at our hosting partners through a virtual private network (VPN). The protection and security of data stored by us are described in the next paragraph as well as the certifications of our hosting partner.
At Lorenz technology, security and privacy are important, whereby all client’s data is encrypted by military standards (AES-256) both at rest in our Lorenz Hive and in transit from the Lorenz AI-Link.
We and our hosting provider have employed procedures and technological measures for data loss prevention and encrypting data at rest will ensure that in the case of data loss, data will be unreadable/usable. However, it is impossible to guarantee the absolute safety of your information from intrusion by others. We recommend that you create a strong and unique password to our services and that you logoff, whenever you have completed your session.
Complying with the European General Data Protection Regulation (GDPR)
Being compliant with the GDPR means we process all personal data by the following principles:
Lawfulness, fairness, and transparency: we obey the law; we only process personal data in a way that people would reasonably expect, and we are always open about our data protection practices.
Purpose limitation: we only process personal data for the specific reason we collected it and nothing else.
Data minimization: we do not process any more data than we need.
Accuracy: we make sure that any personal data we hold is adequate and accurate.
Storage limitation: we do not store personal data for longer than we need to.
Integrity and confidentiality: we always process personal data securely.
Types of personal data Lorenz Technology process:
a) Personal data you provide to Lorenz Technology
You provide Lorenz Technology with personal data when you correspond with us via our website, by email, telephone and/or social media either on your own behalf or on behalf of an organization. You also provide us with personal information when you subscribe to our marketing, e.g. our newsletter.
b) Personal data Lorenz Technology collect automatically
As you use our website, Lorenz Technology collects technical data including your browser type, device and the Internet Protocol (IP) address used to connect your computer to the internet, and your usage habits like time spend on our website, which sites is visited and for how long etc. We collect these data using cookies to improve our customer service.
How and why we process personal data
Lorenz Technology has implemented workflows and technical systems to secure the personal data we process. We make use of the services Microsoft Office 365 and Azure Cloud to ensure data protection.
The following list provides for what purposes we use personal data:
To provide clients with log in to our service based on the contract information needed also for billing our clients.
To inform about our services and/or promotional offers if you have given consent to receiving marketing from us.
To send out service announcements for our clients regarding the use of our services.
To improve the design and style of our website.
To produce more relevant content for our media channels.
Our legal basis for processing personal data
According to the GDPR, we can only process your personal data when one of the following six circumstances are met:
When consent has been given by the data subject for a specific purpose.
When processing is necessary to perform or prepare for a contract with the data subject.
When there is a legal obligation.
When protecting the vital interests of the data subject or someone else.
For the public interest or when exercising official authority.
To carry out the legitimate interests of the data controller or a third party where these interests do not infringe on the rights, freedoms, or interests of the data subject.
Retention of Personal Data
If we do not have a specific purpose for storing the personal data it is deleted and maximum kept for 5 years.
Who do we share personal data with?
At Lorenz Technology we seek to practice that only the relevant employees within our organization have access to the personal data we process. We delimited the number by securing the access to personal client data and anonymize it if needed.
Lorenz Technology makes use of third party processors, where we might share some elements of your personal data. We only share information relevant to conduct our business and improving your customer experience.
The following list includes the type of third party processors, which we make use of:
providers of online cloud storage services and other essential IT support.
providers of email management and distribution tools.
payment processors and accountant engaged by us to securely store and handle payment information.
Google Analytics to process data from visitors on our website. Read more about privacy and cookies set by Google.
The right to be informed:
With this policy, we inform you of how we process your data and which third party processors we make use of.
The right of access:
You have the right to view what data is held about you.
The right to rectification:
You have the right to have your data corrected or amended if the data we hold is incorrect in some way.
The right to erasure (known as “the right to be forgotten”):
You can ask for a full erasure of your data by withdrawing your consent from us to process it.
The right to restrict processing:
You can ask for a temporary halt to processing your data or a restriction on what data to process.
The right to data portability:
You have the right to ask for your data in a structured, commonly used, and machine-readable format.
The right to object:
You have the right to object to the further processing of your data if we might use it for other purposes than your primary intention.
Rights in relation to automated decision-making:
Your data is protected from being automated processed without human involvement in the decision-making process.
Changes to this Policy