Privacy Policy:

Lennon GDPR and LGPD Privacy Policy

Lennon respects the privacy of data subjects and strives to protect the privacy of data subjects' personal data. We realize that the rapid growth of the Internet and online services raises questions about the nature, use and confidentiality of consumer information collected. We want data subjects to know that we apply our longstanding commitment to privacy to our online and internet activities.

By providing us with personal information, the data subject agrees to this Privacy Statement and the collection, use, access, transfer, storage and processing of the data subject's personal information as described in this Privacy Statement.

Lennon's web pages may be used without any indication of personal data; however, personal data. If the processing of personal data is necessary and there is no statutory basis for such processing, we will obtain the consent of the data subject.

The processing of personal data, such as the data subject's name, address, email address or telephone number, shall always be in compliance with the General Data Protection Regulation (GDPR) and in accordance with the country-specific data protection provisions applicable to Lennon. With this data protection declaration, our company wishes to inform the public about the nature, scope and purpose of the personal data we collect, use and process. Furthermore, by means of this data protection declaration, data subjects are informed of the rights to which they are entitled.

As controller, Lennon has implemented a number of technical and organizational measures to ensure the most comprehensive protection of personal data processed via the portal. However, Internet-based data transmissions may in principle have security gaps, so absolute protection may not be guaranteed. Each data subject is therefore free to transmit personal data to us by other means (e.g. by telephone).

In addition to the GDPR, please note that we collect, store and process personal information of individuals in accordance with the Personal Data Protection Act 2010 (“PDPA”) and Singapore law. We also fully comply with the Lei Geral de Proteção de Dados (LGPD), which means that data subjects can follow the LGPD process if they want us to provide a copy to the data subject, make corrections or delete the data subject's information. Since we process the data of individuals located in Brazil, the Brazilian LGPD applies to our processing of the personal data of the data subjects.

Please read the Privacy Statement below to understand how we use the personal information we may collect from data subjects. We will not use or share the data subject's information with anyone other than as described in this Privacy Policy.

1. Definition

Lennon's data protection statement is based on the terms used by European lawmakers to adopt the General Data Protection Regulation (GDPR). Our data protection declaration should be clear and comprehensible for the general public as well as our customers and partners. To ensure this, we would like to first explain the terminology used.

In this data protection declaration we use the following terms:

personal data

Personal data is any information relating to an identified or identifiable natural person ("data subject"). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or one or more physical, physiological, genetic, spiritual, economic, cultural or social identity.

data subject

A data subject is any identified or identifiable natural person whose personal data is processed by Lennon.

deal with

Processing is any operation or set of operations performed on personal data or sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, by transmission, dissemination or otherwise make available, align or combine, restrict, delete or destroy for disclosure.

processing limit

Processing restriction is the marking of stored personal data with the aim of restricting its future processing.

analyze

Profiling means any form of automated processing of personal data, including the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or make predictions about that natural person's work performance, economic situation, health status, personal preferences, interests, reliability sex, behaviour, location or movement.

Pseudonymization

Pseudonymization is the processing of personal data in which personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and subject to technical and organizational measures to ensure that the personal data do not belong to the An identified or identifiable natural person.

Controller or controller responsible for the processing

The controller or controller responsible for the processing is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; if the purposes and means of such processing are determined by Union or Member State law , the controller or the specific criteria for its nomination may be regulated by Union or Member State law.

processor

A processor is a natural or legal person, public authority, agency or other body that processes personal data on behalf of Lennon.

recipient

Recipients are natural or legal persons, public authorities, agencies or other bodies to whom personal data are disclosed, whether third parties or not. However, public authorities which may receive personal data within the framework of a specific investigation under Union or Member State law shall not be considered recipients; the processing of such data by these public authorities shall be subject to the applicable data protection rules, depending on the purpose of the processing.

third party third party

is a natural or legal person, public authority, agency or agency other than the data subject, controller, processor and persons authorized to process personal data under the direct authority of Lennon or the processor.

agree

The consent of the data subject is any freely given, specific, informed and unambiguous indication of the will of the data subject for which he or she expresses his or her consent to the processing of personal data relating to him or her by a statement or an express affirmative action.

Other capitalized terms not defined above shall have the meanings assigned to them in our Terms of Service.

2. Name and address of the controller

For the purposes of the General Data Protection Regulation (GDPR), other data protection laws applicable in EU member states and other provisions relating to data protection, the controller is: Lennon 50 Tagore Lane, #04-11C

Phone: +1 347-588-9421

Email: support@lennonc.com

Website: https://www.lennonc.com/

3. Information we collect from you

We value the trust that each data subject provides us with their personal information.

The customer's name, address (post and email) and telephone number are the most important information, but we may ask for additional information, for example, based on subscription or promotional services.

Sharing, Disclosing and Selling Personal Data

Lennon will not share, disclose or sell any personally identifiable information (such as the data subject's name, address, phone number or email address) collected online on the Lennon Portal with other non-affiliated companies or organizations for non-Lennon marketing purposes. Because this information is an essential part of our business, it is treated like our other assets in the event of a merger, sale or other corporate reorganization or legal proceeding.

We will only provide personally identifiable online information in response to subpoenas and other legal requests, and we believe disclosure of this information is necessary to identify, contact, or take legal action against individuals who may endanger public safety or interfere with Lennon services, or our customers or their use by others.

Disclosure of data subject information (if required)

When a data subject provides us with personal information for a specific purpose, we may disclose the data subject's information to other companies we engage to assist us in fulfilling the data subject's request. This may include, but is not limited to, fulfillment agencies, billing services, transaction managers, credit verification services and other third-party service providers. We may also disclose any data subject’s personal information to law enforcement or other appropriate third parties in connection with criminal investigations, fraud investigations, infringement of intellectual property rights, or other suspected illegal activities, or as otherwise required by applicable law, or we, in our sole discretion, believe Necessary to protect Lennon's legal rights.

Information for Children and Underage Youth

Children and underage youth may be users of our products and services, provided they are duly authorized by their parents or guardians, or their parents or guardians are acting on their behalf. If parents or guardians of these children become aware of unauthorized data processing, they may submit their inquiries or complaints to support@lennonc.com.

When do we collect personal information from data subjects?

We may collect personal information directly from data subjects in the following circumstances:-

communicate with us (for example, when a data subject submits an application form to become our customer, or when they contact us with any inquiries, including calling our customer service, registering an account, using our portal services or receiving our publications (for example, newsletters);

participate in any of our surveys;

enter or participate in any contest, contest or loyalty program operated/organized by Lennon;

register interest and/or request information (via our online portal or other available channels) or subscribe to our products and/or services;

respond to any marketing material sent by us;

visit or browse our portals;

complain to us; and/or

Provide us with feedback (e.g. via our portal or in hard copy).

In addition to the personal information obtained directly from the data subject (as described above), we may also obtain personal information about the data subject from third parties (credit reference agencies or financial institutions) with whom the data subject has dealings or ties, and such other parties as the data subject has consented to the disclosure of sources of information relating to the data subject, and/or other sources as permitted by law.

How do we collect personal information from data subjects?

Lennon collects information online by soliciting information from data subjects, for example, when a data subject orders a service, applies for a job, or responds to a survey, offer, or other promotion.

Cookies: Lennon may also use "cookies" and similar technologies to obtain information - including individual and aggregated data that does not identify a data subject - about a data subject's visits to our web portals or a data subject's responses to our emails. These reporting tools tell us which parts of the Portal or emails data subjects have shown interest in or taken some action on and help us improve the quality and usefulness of the Portal.

Content: Data subjects also provide us with information in the content they post to the Portal. The content of the data subject (such as comments, photos and videos) and metadata about the content of the data subject will be viewed by other users. Lennon may, but is not obliged to, monitor content data subjects posted on the Portal. We may delete the postings of any information data subject for any reason or no reason.

Payment method: Depending on the payment method selected by the data subject when accessing, purchasing or subscribing to our products or services, the data subject will also be required to submit personal information. For example, if a data subject chooses to pay for a product/service by credit card, the data subject will be required to provide us with the name of the data subject's credit card issuer, credit card number, billing address, CVV number and expiration date.

Log files: Our servers automatically log certain information sent by the data subject's web browser when the data subject uses the Portal. These server logs may include information such as the data subject's network requests, Internet Protocol ("IP") addresses, browser type, referring/exit pages and URLs, number of clicks and how the data subject interacts with links on the Portal, domain name, login pages, pages viewed, mobile carrier and other such information.

Geolocation Information: When a data subject uses the Portal via a mobile device, we may access, collect, monitor and/or store remotely "location data", which may include GPS coordinates (such as latitude and/or longitude) or similar information about the data Information about the location of the subject's mobile device.

Third Party Tools: Lennon uses third party analytics tools to help understand usage of the Portal. Many of these tools collect information sent by the data subject's browser as part of a web page request, including cookies and the data subject's IP address. These analytical tools also receive this information, and their use of this information is governed by their privacy policies.

How we use the data subject's information

Lennon uses personally identifiable information collected online primarily to provide the data subject with services ordered by the data subject and to inform the data subject of other offerings that may be of interest to the data subject. For example, postal and e-mail address information enables communications about services offered and ordered, and the appropriate provisioning and billing of those services. At any time, should a data subject feel the need to opt-out of future communications with Lennon, an option will be provided in the data subject's account to exclude those communications to the data subject.

Our Requirements for Data Subjects

We require data subjects to provide us with accurate and complete information about themselves and any other person whose personal information is provided to us by the data subject. We further request that data subjects update the information they have provided to us by contacting us should the information become incorrect or out of date. This obligation is a condition of providing our services to the data subject and/or any other person whom the data subject or the data subject's organization/company authorizes or permits to use the products and/or services.

Our Commitment to Privacy and Security

Together, we play an important role in preventing online fraud. Data Subjects shall take care to ensure that each Data Subject does not knowingly or unintentionally share, make available or facilitate unauthorized use of any information including its user ID, password or security code. don't share;

User ID - Each data subject and each account user will receive a unique identifier.

Password - is the password used by each data subject to access our services.

Security Code - sent to each data subject to verify the data subject's access to our services.

At Lennon, we use encryption, firewalls and other technologies and security procedures to help protect the accuracy and security of a data subject's personal information and to prevent unauthorized access or improper use. For example, data subjects will note that when using certain features of the Lennon Portal, data subjects are required to submit passwords or other types of authentication information.

Notice of Privacy Policy Changes

Lennon reserves the right to change this Privacy Policy at any time by notifying registered users of the existence of a new Privacy Policy by email and/or by posting the new Privacy Policy on the Lennon Portal. All changes to the Privacy Policy are effective upon posting, and the data subject's continued use of Lennon, products or services after posting constitutes the data subject's acceptance and agreement to be bound by those changes.

4. Data protection regulations regarding the use of Lennon

We use tracking pixels. Tracking pixels are tiny graphics embedded in web pages that enable log file recording and log file analysis for subsequent statistical analysis. Lennon also sets a cookie on the data subject's information technology system. The definition of cookie is explained above. The setting of cookies enables us to analyze the use of our portal. Using the obtained data, create a usage profile. The usage profile is used to analyze visitor behavior and improve our internet services. Data collected through Lennon components will not be used to identify the data subject without the separate express consent of the data subject. These data will not be merged with personal data or other data covering the same usage. By default, Lennon identifies companies accessing the portal, not individuals, and provides company statistics. Personal information is only collected and stored in accordance with opt-in preferences.

Each time one of the individual pages of the portal is called up, the internet browser on the information technology system of the data subject programmatically requests the submission of data for the online analysis of the Lennon component. During this technical procedure, Lennon learns visitor information, such as the IP address of the request, which in particular helps to understand the origin of visitors and clicks.

Cookies are used to store anonymous information such as access time and frequency of visits to our portal. With each visit to our Internet pages, this visitor data, including the Internet access IP address used by the data subject, is recorded and stored by the Lennon server.

The data subject may at any time prevent the setting of cookies by our web portal by adjusting the web browser used accordingly and thus permanently refuse the setting of cookies. This adjustment of the Internet browser used also prevents Lennon from setting cookies on the information technology system of the data subject. In addition, cookies already in use by Lennon may be deleted at any time via a web browser or other software program. If Lennon selects "Lennon" as the primary identification option for its website, we may transfer the personal data of the data subject to our processor. By implementing this lead identification option, the data subject consents to the transfer of personal data necessary for lead identification . The personal data transmitted to Lennon are generally first name, last name, email address, IP address, telephone number, mobile phone number or other data required for lead identification processing. The purpose of the transmitted data is to identify the leads. Lennon may transfer personal data to our processors, in particular to provide a legitimate interest in a product or service.

5. Cookies

The Portal uses cookies. Cookies are text files that are stored on your computer system by your internet browser.

Many Internet sites and servers use cookies. Many cookies contain a so-called cookie ID. A cookie ID is a unique identifier for a cookie. It consists of a character string by which Internet pages and servers can be assigned to the specific Internet browser that stores the cookie. This allows visited Internet sites and servers to distinguish the subject's individual browser from other Internet browsers that contain other cookies. A specific Internet browser can be identified and identified using a unique cookie ID.

By using cookies, Lennon can provide Portal users with more user-friendly services that would not be possible without the setting of cookies.

Cookies allow the information and offers on our portal to be optimized with the user in mind. As mentioned earlier, cookies allow us to recognize our portal users. The purpose of this recognition is to make it easier for users to use our portal. For example, a portal user using cookies does not have to enter access data (login credentials) each time they visit the portal, as this is taken over by the portal and therefore the cookie is stored on the user's computer system. In other words, there is no need to log in again every time a new page is requested (hit). Another example is cookies for shopping carts in online stores. Online stores use cookies to remember what customers put in their digital shopping carts.

The data subject can at any time prevent the setting of cookies by our web portal via a corresponding setting of the Internet browser used and thus permanently refuse the setting of cookies. Furthermore, already set cookies can be deleted at any time via an internet browser or other software programs. This is possible in all popular Internet browsers. If the data subject deactivates the setting of cookies in the Internet browser used, not all functions of our portal can be fully used.

6. Collection of general data and information

The Lennon Portal collects a range of general data and information when a data subject or an automated system invokes the Portal. These general data and information are stored in server log files. Collected may be (1) the browser type and version used, (2) the operating system used by the accessing system, (3) the website from which the accessing system accessed our portal (so-called referrer), (4) sub- website, (5) date and time of access to the Internet site (so-called time stamp), (6) Internet protocol address (IP address), (7) Internet service provider (ISP) of the accessing system, (8) in our Any other similar data and information that may be used in the event of an attack on an information technology system.

When using these general data and information, Lennon does not draw any conclusions about the data subject. Rather, this information is required to (1) deliver the content of our portal correctly, (2) optimize the content of our portal and its advertising, (3) ensure the long-term viability of our information technology systems and website technology, and (4) ) to provide law enforcement authorities with the information necessary for criminal prosecution in the event of a cyber attack. Lennon therefore performs statistical analyzes of anonymously collected data and information with the aim of enhancing data protection and data security in our business and ensuring optimum protection of the personal data we process. The anonymous data of the server log files are stored separately from all personal data provided by the data subject.

7. Register on our portal

Data subjects can register on the portal and provide personal data. Which personal data Lennon transfers depends on the corresponding registry used for registration, which is available at https://account.lennonc.com/sso/login. The personal data entered by the data subject are collected and stored solely for Lennon's internal use and for his own purposes. Lennon may request that personal data be transferred to one or more processors that also use personal data for internal purposes attributable to Lennon.

By registering on the Lennon Portal, the IP address (assigned by the Internet Service Provider (ISP) and used by the data subject), date and time of registration are also stored. The background to storing this data is that this is the only way to prevent misuse of our services and, if necessary, to investigate crimes. Lennon stores such data only to the extent that its storage is necessary to keep Lennon safe. These data will not be passed on to third parties unless there is a statutory obligation to pass on the data or if the transfer is for the purpose of criminal prosecution.

A data subject registers and voluntarily provides personal data in order to enable Lennon to provide the data subject with content or services that, due to the nature of the matter in question, can only be provided to registered users. Registrants are free at any time to change the personal data specified during registration or to delete it completely from Lennon's database.

The data controller shall, at any time upon request of each data subject, provide information on which personal data concerning the data subject are stored. Furthermore, in the absence of a statutory storage obligation, the data controller shall correct or delete personal data at the request or instruction of the data subject. The Data Protection Officer specifically named in this Data Protection Declaration as well as all Lennon employees may act as contact persons for data subjects in this regard.

8. Subscribe to our newsletter

On Lennon's portal, users have the opportunity to subscribe to our newsletter. The input section for this purpose determines which personal data is transferred and when the newsletter from Lennon is ordered.

Lennon regularly informs its customers and partners about product offers through a newsletter. The data subject can only receive the company's newsletter if (1) the data subject has a valid e-mail address and (2) the data subject has registered for the newsletter delivery. For legal reasons, in a double opt-in procedure, a confirmation e-mail will be sent to the e-mail address with which the data subject first registered for sending the newsletter. This confirmation e-mail is used to prove whether the owner of the e-mail address which is the data subject is authorized to receive the newsletter.

During registration for the newsletter, we also store the IP address of the computer system assigned by the Internet service provider (ISP) and used by the data subject at the time of registration, as well as the date and time of registration. The collection of this data is necessary in order to learn about the (possible) misuse of the data subject's e-mail address at a later date, so it contributes to Lennon's legal protection.

Personal data collected as part of the newsletter registration will only be used to send our newsletter. In addition, newsletter subscribers may receive e-mail notifications insofar as this is necessary for the operation of the newsletter service or the relevant registration, as this may arise when the newsletter offer is amended or in the event of changes in the technical situation case. The personal data collected by the newsletter service will not be transmitted to third parties. The data subject may terminate the subscription to our newsletter at any time. The consent given by the data subject to the storage of personal data for the purpose of sending the newsletter may be withdrawn at any time. In order to withdraw consent, there is a corresponding link (“unsubscribe”) in each newsletter.

9. Newsletter Tracking

Lennon's newsletter contains tracking pixels. Tracking pixels are tiny graphics embedded in such emails that are sent in HTML format to enable log file recording and analysis. This allows statistical analysis of the success or failure of online marketing campaigns. Based on the embedded tracking pixel, Lennon can see if and when the data subject opened the email and which links in the email were called up (clicked on) by the data subject.

Lennon stores and analyzes such personal data collected in the tracking pixels contained in the newsletter in order to optimize the delivery of the newsletter and constantly adapt the content of future newsletters to the interests of the data subject. These personal data will not be passed on to third parties. Data subjects have the right to revoke their respective separate declaration of consent issued through the double opt-in procedure at any time. After revocation, these personal data will be deleted by Lennon. Lennon automatically regards the withdrawal of receipt of the newsletter as revocation.

10. Possibility of contact via the portal

The Lennon Portal contains information that allows us to contact our business quickly electronically, as well as to communicate directly with us, and also includes general addresses for so-called e-mails (email addresses). If the data subject contacts Lennon via e-mail or contact form, the personal data transmitted by the data subject will be stored automatically. Such personal data voluntarily transmitted by the data subject to the data controller will be stored for the purposes of processing or contacting the data subject. This personal data will not be transmitted to third parties.

11. Subscribe to comments on the portal blog

Comments on Lennon's blog may be subscribed to by third parties. In particular, a commenter has the possibility to subscribe to comments after he has commented on a particular blog post.

If the data subject decides to subscribe to the option, Lennon will send an automatic confirmation email to check the double confirmation procedure to see if the owner of the specified email address has decided to support the option. The option to subscribe to comments may be terminated at any time.

12. Routine deletion and blocking of personal data

The data controller shall process and store the personal data of the data subject only for the period necessary to fulfill the storage purpose or as permitted by the European legislator or other legislator to which Lennon is subject by law or regulation. data.

If the purpose of storage does not apply, or if a storage period prescribed by the European legislator or other competent legislator expires, personal data will be blocked or deleted at regular intervals in accordance with legal requirements.

13. Rights of data subjects

Confirmation right

Every data subject has the right, conferred by the European legislator, to obtain confirmation from Lennon as to whether their personal data is being processed. If a data subject wishes to exercise this right of confirmation, he or she may at any time contact our Data Protection Officer or another Lennon employee.

access right

Every data subject has the right, conferred by the European legislator, to obtain from Lennon free of charge information about their personal data stored at any time and a copy of this information. In addition, European directives and regulations grant data subjects access to the following information:

the purpose of the processing;

the categories of personal data;

the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations;

Where possible, the expected storage period of the personal data, or, if not possible, the criteria used to determine this period;

the right to require Lennon to correct or delete personal data, or to restrict the processing of personal data relating to the data subject, or to object to such processing;

the right to lodge a complaint with a supervisory authority;

if the personal data were not collected from the data subject, any available information about its origin;

The existence of automated decision-making (including profiling) referred to in Article 22(1) and (4) of the GDPR, at least in those cases, meaningful information about the logic involved, and such processing of the data subject.

Furthermore, the data subject has the right to obtain information as to whether personal data are transferred to a third country or an international organisation. In such cases, the data subject has the right to be informed of the appropriate safeguards in relation to the transfer.

right to rectification

Every data subject has the right granted by the European legislator to obtain from Lennon without undue delay the right to rectify inaccurate personal data concerning them. Taking into account the purposes of the processing, the data subject has the right to complete incomplete personal data, including by providing a supplementary declaration.

If a data subject wishes to exercise this right to rectification, he or she may at any time contact our Data Protection Officer or another Lennon employee.

Right to erasure (right to be forgotten)

Every data subject has the right granted by the European legislator to obtain from Lennon the erasure of personal data concerning him or her without undue delay, and Lennon is obliged to delete personal data without undue delay in the following cases: A case delay applies, as long as processing is not necessary:

Personal data is no longer required for the purposes for which it was collected or otherwise processed.

The data subject withdraws the consent on which the processing is based pursuant to Article 6(1) (a) GDPR or Article 9(2) (a) GDPR and there is no other legal basis for the processing.

The data subject objects to processing pursuant to Article 21(1) GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects to processing pursuant to Article 21(2) GDPR.

Personal data has been processed unlawfully.

Personal data must be erased in order to comply with a legal obligation under Union or Member State law to which Lennon is subject.

The personal data collected are related to the provision of information society services referred to in Art. 8(1) GDPR.

If one of the above reasons applies and a data subject wishes to request deletion of personal data stored by Lennon, he or she may at any time contact our Data Protection Officer or another Lennon employee. Lennon's data protection officer or other employee should immediately ensure that deletion requests are complied with immediately.

If Lennon has disclosed personal data and is obliged to delete the personal data under Article 17(1), Lennon shall take reasonable steps, including technical measures, taking into account available technology and implementation costs, to notify other controllers processing the data subject requesting such controller to delete Any linking, copying or reproduction of these personal data to the extent that no processing is required. Lennon's Data Protection Officer or other employees will arrange the necessary measures in individual cases.

Right to restriction of processing

Every data subject shall be entitled to the right conferred by the European legislator, to obtain from Lennon the restriction of processing where one of the following applies:

Where the data subject contests the accuracy of the personal data, Lennon may verify the accuracy of the personal data for a period of time.

The processing is unlawful and the data subject objects to the erasure of the personal data and instead requests the restriction of their use.

Lennon no longer needs the personal data for the purposes of the processing, but the data subject needs them for the establishment, exercise or defense of legal claims.

The data subject objects to processing under Art. 21(1) GDPR, pending verification that Lennon's legitimate grounds override those of the data subject.

If one of the above conditions is met and a data subject wishes to request the restriction of processing of personal data stored by Lennon, he or she may at any time contact our Data Protection Officer or another Lennon employee. Lennon's Data Protection Officer or other employee will arrange for the restriction of processing.

Right to data portability

Every data subject shall enjoy the right conferred by the European legislator to receive personal data concerning him or her provided to the controller in a structured, commonly used and machine-readable format. He or she has the right to have these data transmitted to another controller without hindrance from Lennon to whom the personal data was provided, as long as the processing is based on consent pursuant to Art. 6(1) point (a). GDPR or Article 9(2) (a) of the GDPR, or a contract pursuant to Article 6(1) (b) of the GDPR and the processing is carried out by automated means, as long as it is in the public interest or in the exercise of an official authority vested in Lennon And the tasks performed are not required.

Furthermore, when exercising their right to data portability pursuant to Article 20(1) GDPR, the data subject shall have the right to have personal data transferred directly from one controller to another, if this is technically feasible and when this is not the case Adversely affect the rights and freedoms of others.

In order to assert the right to data portability, data subjects may at any time contact a Lennon-appointed data protection officer or other employee.

Right to object

Each data subject has the right to object at any time to the processing of personal data concerning him or her or Article 6(1)(f) GDPR, on grounds relating to his or her particular situation, in accordance with point (e). This also applies to analyzes based on these provisions.

In the event of an objection, Lennon will no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or for the establishment, exercise or defense of legal claims.

If Lennon processes personal data for direct marketing purposes, data subjects have the right to object at any time to the processing of personal data relating to them for such marketing. This applies to analytics related to such direct marketing. If the data subject objects to Lennon's processing of personal data for direct marketing purposes, the data subject may notify Lennon to exclude the subject from any means of direct marketing and Lennon will no longer process the personal data for these purposes.

Furthermore, the data subject has the right to object to the processing of personal data concerning him or her by Lennon for scientific or historical research purposes or for statistical purposes according to his or her particular situation, according to Article 89(1) GDPR, unless the processing is in the public interest Required for the task performed by the reason.

In order to exercise the right to object, data subjects may contact Lennon's Data Protection Officer or another employee directly. Furthermore, notwithstanding Directive 2002/58/EC, a data subject is free to exercise his or her right, in the context of the use of information society services, to lodge an objection by automated means using technical regulations.

Automated individual decision-making, including profiling

Every data subject shall have the right conferred by the European legislator not to be subject to a decision based solely on automated processing (including profiling), which has legal effects on him or her, or similarly significantly affects him or her, So long as the decision (1) is not necessary for the conclusion or performance of a contract between the data subject and the data controller, or (2) does not authorize Lennon to be bound by EU or Member State law and puts in place appropriate measures to protect the data subject rights and freedoms and legitimate interests, or (3) is not based on the express consent of the data subject.

If the decision is (1) necessary for the conclusion or performance of a contract between the data subject and the data controller, or (2) is based on the data subject's express consent, Lennon shall take appropriate measures to protect the rights and freedoms and legitimate interests of the data subject, at least is the right to human intervention on the part of Lennon to express his or her views and to contest decisions.

If a data subject wishes to exercise his or her rights regarding automated personal decision-making, he or she may at any time directly contact our Lennon Data Protection Officer or another Lennon employee.

Right to withdraw data protection consent

Every data subject has the right granted by the European legislator to withdraw his consent to the processing of his personal data at any time.

If a data subject wishes to exercise his or her right to withdraw consent, he or she may at any time directly contact our Lennon Data Protection Officer or another Lennon employee. If such withdrawal of consent means that Lennon is unable to provide its services to the data subject, the data subject will be notified prior to termination of the services.

14. Legal basis for processing

Art. 6(1) lights up. The GDPR is the legal basis for our processing operations to obtain consent for specific processing purposes. If the processing of personal data is necessary for the performance of a contract to which the data subject is a party, for example, when processing operations are necessary for the supply of goods or the provision of any other service, processing is lit in accordance with Article 6(1). b General Data Protection Regulation. This also applies to such processing operations that are necessary for the performance of pre-contractual measures, such as when making inquiries about our products or services. If our company has a legal obligation that requires the processing of personal data, such as fulfilling tax obligations, the processing is based on art. 6(1) lights up. c General Data Protection Regulation. In rare cases, the processing of personal data may be necessary to protect the vital interests of the data subject or other natural persons. For example, this could arise if a visitor is injured on our premises and his name, age, health insurance data or other important information must be passed on to a doctor, hospital or other third party. Then processing will be based on art. 6(1) lights up. GDPR. Finally, processing operations can be based on Article 6(1). fGDPR. This legal basis is used for processing operations not covered by any of the legal bases above, if the processing is required for the purposes of legitimate interests pursued by our company or by third parties, unless such interests are overridden by the interests or fundamental rights of the data subject whose personal data is required to be protected and freedom prevails. Such processing operations are specifically permitted as they have been specifically mentioned by European legislators. In his opinion, a legitimate interest can be presumed if the data subject is a customer of Lennon (sentence 47 para. 2 GDPR).

15. Legitimate interests pursued by Lennon or third parties

Where personal data is processed pursuant to Art. 6 para. 1 GDPR, our legitimate interest is to conduct our business for the well-being of all employees and shareholders, while complying with our obligations;

Prevent fraud by using personal information to prevent and detect fraud and abuse to protect the safety of our customers, Lennon and others. We may also use scoring methods to assess and manage credit risk;

Ensure anti-money laundering compliance through verification to minimize fraud and prevent the creation and use of fraudulent accounts;

Ensuring network and information security by using various procedures that validate our security controls;

To identify criminal or suspicious transactions or threats to public safety;

improve or enhance Lennon's operations, and the services Lennon provides to data subjects; and

Know and understand the conduct of the data subject or any other customer of Lennon in relation to our services.

16. Retention period of personal data

The criteria used to determine the storage period of personal data are the corresponding statutory retention periods. After the expiry of this period, the corresponding data will be routinely deleted as soon as it is no longer necessary for the performance of the contract or the initiation of the contract.

17. Provision of personal data in accordance with statutory or contractual requirements; requirements necessary to enter into a contract; obligations of data subjects to provide personal data; possible consequences of failure to provide such data

We clarify that the provision of personal data may be required by law (e.g. tax regulations) or as a result of contractual provisions (e.g. information about contractual partners). Sometimes it may be necessary to enter into a contract whereby the data subject provides us with personal data, which must then be processed by us. For example, a data subject is obliged to provide us with personal data when our company enters into a contract with him or her. Failure to provide personal data will result in the impossibility of entering into a contract with the data subject. Before a data subject provides personal data, the data subject must contact our Data Protection Officer.

18. Existence of automated decision-making

As a responsible company, we do not use automated decision-making or profiling.