Privacy Policy.
Thank you for your interest in our website. Below you will find information about the processing of your personal data when visiting our website and online social media presences, such as XING and LinkedIn.
I. Data controller
The data controller responsible under the EU General Data Protection Regulation ("GDPR"):
LUCID – Weihe Preeg Schmoll Rechtsanwälte Partnerschaft mbB
Ledererstr. 19
80331 Munich, Germany
Phone: +49 (0) 89 4622 7322
E-mail: info@lucid-compliance.com
Imprint: lucid-compliance.com/en/impressum
II. Personal data
Personal data is any information relating to an identified or identifiable natural person ("data subject"). This includes in particular your name, date of birth, e-mail address, postal address and telephone number.
Personal data also includes information about your use of our website. This information is automatically transmitted via your browser and is referred to as "access data".
In addition to the access data, personal data is only stored by us if you provide us with this information voluntarily, e.g. via our online contact form. In general, personal data will only be used to the extent necessary, and only for purposes for which you have given consent or for other legally permissible purposes.
III. Collection and use of your data
a. Collection of access data
As mentioned under section II above, your terminal automatically transfers data when you access our website. This data will not be merged with other data that you may additionally transmit to us.
The following access data is stored in server log files:
- Browser type and browser version
- Used operating system
- Referrer URL
- Hostname of the accessing computer
- Date/Time of the visit
- IP address
The handling of your personal data for the purposes of providing this website are carried out on the basis of our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR. It is necessary for us to process this personal data in order to provide this website and to guarantee its security.
Also, for security reasons (e.g. to clarify misuse or fraud), the log file data is stored by us or our hosting provider for a maximum period of 7 days and is then deleted. Data which has to be kept for longer periods of time for the purpose of evidence will not be deleted until the case in question has been finally solved.
The technical management and hosting of this website is carried out by Patrick von Ferenczy, operating as a sole trader under the name addsomepink, Kellerstraße 26, 81667 Munich, Germany (hereinafter: addsomepink), acting as a data processor within the meaning of Art. 28 GDPR. A data processing agreement pursuant to Art. 28 GDPR is in place with addsomepink.
addsomepink uses Netlify, Inc., 44 Montgomery Street, Suite 300, San Francisco, CA 94104, USA (Privacy Policy: netlify.com/privacy), as a sub-processor for hosting. A data processing agreement is also in place between addsomepink and Netlify. For data transfers to the USA, we rely on standard contractual clauses pursuant to Art. 46 para. 2 lit. c GDPR.
b. Making Contact
When you contact us (e.g. via our online contact form, e-mail, telephone or via social media) your data will be processed for us to respond to your query, Art. 6 para. 1 lit. b GDPR. Should you make use of our contact form, we require you to provide us with an e-mail address that we can use to contact you. We will also ask for your name so that we can send a personalised response.
If you use our contact forms, your entries will be processed and forwarded to us via Netlify Forms (Netlify, Inc., San Francisco, USA). Netlify is used by addsomepink as a sub-processor; data processing agreements pursuant to Art. 28 GDPR are in place between LUCID and addsomepink, and between addsomepink and Netlify respectively.
We delete the requests including your data as soon as they are no longer required and no other statutory exceptions preventing deletion exist.
c. Job application data
You may also apply by e-mail for a specific job or submit an unsolicited application.
The data will only be used for the purpose of entering into a potential employment relationship. To process your application, we collect the data that you provide to us as part of the application process. This usually includes your name, your e-mail address and application documents such as certificates and your CV.
We would like to point out that confidentiality cannot be guaranteed if applications are sent via unencrypted e-mail.
The legal basis for processing your application is Art. 6 para. 1 lit. b, Art. 88 para. 1 GDPR in conjunction with Sec. 26 para. 1 lit. 1 of the German Federal Data Protection Act (BDSG).
If we reject your application for a specific position, we will delete your data after six months at the latest. This does not apply if statutory provisions preventing deletion exist or if further storage is necessary for the purpose of securing evidence.
If we are currently unable to offer you a position but believe that your application may be interesting for future vacancies based on your profile, we will store your personal application data for 12 months, provided that you expressly agree to such storage and use.
You can revoke your consent to the processing of your application data at any time (by e-mail at info@lucid-compliance.com). In this case, we will delete your data immediately.
Should the application result in an employment relationship, we will store your data as long as it is necessary for the employment relationship and as long as there is no statutory requirement to retain the data.
IV. Data processing in the context of our online presence
In addition to our website, we are also represented on social networks. If our communication with you takes place in these networks, the terms and data privacy policies of such networks will apply to our communication. You can find these terms and policies on the website of the relevant provider.
In this context, we would like to point out that your data may be processed outside the European Union ("EU") when visiting these online presences. The US-based providers we use have either joined the EU-US Data Privacy Framework (DPF) or we have entered into standard contractual clauses with them pursuant to Art. 46 para. 2 lit. c GDPR.
If you communicate with us via such networks, we process the data in your messages and posts on the basis of either Art. 6 para. 1 lit. b GDPR or Art. 6 para. 1 lit. f GDPR. We use your data in order to be able to respond to your query.
We are currently represented on the following online platforms:
- LinkedIn (LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland) – Privacy Policy
- New Work SE (formerly XING AG), Am Strandkai 1, 20457 Hamburg, Germany – Privacy Policy
V. Use of plug-ins & third-party services
Google Web Fonts
For uniform representation of fonts, this page uses web fonts provided by Google. The Google Web Fonts are installed locally. A connection to Google servers is not thereby established.
VI. SSL- or TLS-encryption
This site uses SSL- or TLS-encryption for security reasons and for the protection of the transmission of confidential content, such as the inquiries you may send to us as the site operator. You can recognise an encrypted connection in your browser's address line when it changes from "http://" to "https://" and the lock icon is displayed in your browser's address bar.
If SSL- or TLS-encryption is activated, the data you transfer to us cannot be read by third parties.
VII. Your rights as data subject
As a data subject, you have the following rights regarding your personal data pursuant to Art. 15 to 22 GDPR:
- Pursuant to Art. 15 GDPR, you have the right to access information about the processing of your personal data. In such requests, the firm provides information held about the individual.
- Pursuant to Art. 16 GDPR, you have the right to demand from us immediate correction of incorrect personal data and completion of incomplete information.
- Pursuant to Art. 17 GDPR, you have the right to request from us the deletion of your personal data. Pursuant to Art. 18 GDPR, you may alternatively request restriction of processing.
- Pursuant to Art. 20 GDPR, you may request that we provide you with the personal information you have provided to us in structured, common and machine-readable format.
Furthermore, you have the right to complain to the competent supervisory authority (Bayerisches Landesamt für Datenschutzaufsicht "BayLDA"). The contact details of the BayLDA are as follows:
Bayerisches Landesamt für Datenschutzaufsicht
Promenade 27
91522 Ansbach, Germany
www.baylda.de
VIII. Your right of objection
If we process your personal data on the basis of a legitimate interest according to Art. 6 para. 1 lit. f GDPR, you have the right to object to such processing. The firm ceases processing unless compelling reasons for continued processing outweigh the individual's rights, or processing serves assertion, execution or defense of legal claims. Written notification to the contact details in the imprint is required.
Version as of July 2025