Privacy Policy
We take the protection of your personal data seriously and treat your personal information confidentially.
At a glance
This privacy policy informs you about the type, scope and purpose of processing personal data within our online offering and the websites, functions and content associated with it (hereinafter collectively referred to as the "online offering").
For the terms used, such as "personal data" or "processing", we refer to the definitions in Art. 4 of the General Data Protection Regulation (GDPR).
Controller
lead.online GmbH
Baierbrunner Straße 3
81379 Munich
Germany
Phone: +49 89 244 156 02
Email: info@lead-online.de
Managing directors:
Jannik Schlossberger, Fabian Köller, Philipp Himmel
Types of data processed
We process the following categories of data:
- Inventory data (e.g. names, addresses)
- Contact data (e.g. e-mail, phone numbers)
- Content data (e.g. text entries, photographs, videos)
- Contract data (e.g. subject matter of contract, term)
- Payment data (e.g. bank details, invoices)
- Usage data (e.g. visited websites, interest in content, access times)
- Meta / communication data (e.g. device information, IP addresses)
Purpose of processing
- Provision of the online offering, its functions and content
- Answering contact enquiries and communicating with users
- Security measures
- Reach measurement / marketing
- Fulfilment of contractual services, service and customer care
- Administration and processing of enquiries
Legal bases
Where we ask data subjects for consent to process their data, Art. 6 (1) lit. a GDPR serves as the legal basis.
When processing personal data necessary for the performance of a contract with the data subject, Art. 6 (1) lit. b GDPR serves as the legal basis. This also applies to processing operations required for pre-contractual measures.
Where processing of personal data is necessary for compliance with a legal obligation to which our company is subject, Art. 6 (1) lit. c GDPR serves as the legal basis.
If processing is necessary to protect a legitimate interest of our company or a third party and the interests, fundamental rights and freedoms of the data subject do not override the first-mentioned interest, Art. 6 (1) lit. f GDPR serves as the legal basis for the processing.
Hosting and infrastructure provisioning
We rely on external service providers for hosting and database services to operate our online offering. This ensures our website is available securely, quickly and efficiently. Using these services is a legitimate interest pursuant to Art. 6 (1) lit. f GDPR. Where data processing is required to fulfil a contract with you or to carry out pre-contractual measures, Art. 6 (1) lit. b GDPR serves as the legal basis.
1. Web hosting via Vercel
Our website is hosted by Vercel Inc., 440 N Barranca Ave #4133, Covina, CA 91723, USA (hereinafter "Vercel").
Vercel is a modern hosting platform that ensures high performance and security for our website. Each time you visit our site, Vercel processes usage, meta and communication data such as your IP address, the time of access and technical information about your browser and operating system. This data is stored in server log files and is required to guarantee smooth operation and defend against threats.
We deliberately chose a provider that places great emphasis on data protection. The servers Vercel operates on our behalf are located within the European Union (typically in Frankfurt, Germany). However, Vercel is a US company. Data transfers to the United States therefore cannot be completely ruled out, for example during maintenance or support operations.
To ensure a high level of data protection according to European standards in such cases, we have concluded a data processing agreement (DPA) with Vercel. This agreement incorporates the EU Commission’s Standard Contractual Clauses (SCC). These clauses oblige Vercel to comply with European data protection standards even when processing takes place in the United States.
Further information on data protection at Vercel can be found in their privacy policy: https://vercel.com/legal/privacy-policy
2. Database hosting via Neon
To store the data required for the functionality of our website (e.g. content or user interactions), we use the database services of Neon, Inc., 1111B S Governors Ave STE 6853, Dover, DE 19904, USA (hereinafter "Neon").
Here, too, we ensure that your data is processed securely and within the EU. The databases for our service are operated on servers in the European Union (Frankfurt region, Germany). As a US company, Neon is nevertheless subject to the same framework conditions as Vercel.
To guarantee data protection in the event that data is transferred to the United States, we have also concluded a data processing agreement (DPA) including the EU Standard Contractual Clauses (SCC) with Neon. This contract ensures that your data remains protected in line with European standards.
Further information on data protection at Neon can be found here: https://neon.tech/privacy
Contact form
If you send us enquiries via the contact form, the details you provide, including the contact data you supply, will be stored by us for the purpose of processing the enquiry and in case of follow-up questions.
The processing of this data is based on Art. 6 (1) lit. b GDPR if your request is related to the performance of a contract or necessary for the implementation of pre-contractual measures. In all other cases, processing is based on our legitimate interest in the effective processing of enquiries addressed to us (Art. 6 (1) lit. f GDPR) or on your consent (Art. 6 (1) lit. a GDPR) if this has been requested.
The data you enter in the contact form remains with us until you ask us to delete it, revoke your consent to storage, or the purpose for data storage no longer applies (e.g. after your request has been processed). Mandatory statutory provisions — in particular retention periods — remain unaffected.
Cookies
Our website uses cookies. Cookies are small text files stored on your device by your browser. Cookies do not harm your device and do not contain viruses.
Most of the cookies we use are so-called "session cookies". They are automatically deleted after your visit. Other cookies remain stored on your device until you delete them. These cookies enable us to recognise your browser the next time you visit.
You can set your browser to inform you about the setting of cookies, allow cookies only in individual cases, exclude the acceptance of cookies for certain cases or in general, and activate the automatic deletion of cookies when closing the browser. Deactivating cookies may limit the functionality of this website.
Server log files
The provider of the pages automatically collects and stores information in so-called server log files that your browser automatically transmits to us. These are:
- Browser type and version
- Operating system used
- Referrer URL
- Host name of the accessing computer
- Time of the server request
- IP address
This data is not combined with other data sources. The collection of this data is based on Art. 6 (1) lit. f GDPR. The website operator has a legitimate interest in the technically error-free presentation and optimisation of the website — for this purpose the server log files must be recorded.
Your rights
You have the following rights regarding your personal data:
Right of access (Art. 15 GDPR)
You can request information about the personal data we process about you.
Right to rectification (Art. 16 GDPR)
You have the right to immediate rectification of inaccurate personal data or completion of incomplete data stored with us.
Right to erasure (Art. 17 GDPR)
You may request the deletion of your personal data provided that legal requirements allow this.
Right to restriction of processing (Art. 18 GDPR)
You have the right to request the restriction of processing of your personal data.
Right to data portability (Art. 20 GDPR)
You have the right to receive the data that we process automatically on the basis of your consent or in fulfilment of a contract in a commonly used, machine-readable format, or to have it transmitted to a third party.
Right to withdraw consent (Art. 7 (3) GDPR)
You have the right to withdraw consent you have given with effect for the future.
Right to lodge a complaint (Art. 77 GDPR)
You can lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, your place of work or the place of the alleged infringement, if you believe that the processing of personal data concerning you violates the GDPR.
Data security
We use the widely adopted SSL (Secure Socket Layer) method during your site visit together with the highest level of encryption supported by your browser. This is usually 256-bit encryption. If your browser does not support 256-bit encryption, we fall back on 128-bit v3 technology. You can tell whether an individual page of our website is transmitted in encrypted form by the closed key or lock symbol in the status bar of your browser.
We also take appropriate technical and organisational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction, or unauthorised access by third parties. Our security measures are continuously improved in line with technological developments.
Updates and amendments to this privacy policy
This privacy policy is currently valid and was last updated in October 2025.
Due to the further development of our website and offers or because of changed legal or regulatory requirements, it may become necessary to amend this privacy policy. The current privacy policy can be accessed and printed at any time on the website at https://lead-online.de/privacy.
Questions about privacy?
Please contact us if you have questions about the collection, processing or use of your personal data, if you need information, rectification, blocking or deletion of data, or if you wish to revoke consent you have given: