Data protection

• Information on Transparency and Your Rights

  Legal Basis for Processing Your Personal Data

  The processing of your personal data by our company is carried out on the following legal bases:

  • Contract Performance and Pre-Contractual Measures: To fulfill a contract with you or to take steps prior to entering into a contract (e.g., handling your inquiries, delivering goods, or providing services).

  • Legal Obligation: To comply with statutory requirements (e.g., tax regulations).

  • Consent: Based on your explicit and voluntary consent.

  • Legitimate Interests: Where a balancing of interests indicates that your rights and freedoms do not outweigh our interests (e.g., responding to inquiries via a contact form).

  Your Rights

  With respect to your personal data, you have the following rights:

  1. Access, Rectification, Erasure, and Restriction of Processing
     You may request free information about your stored data at any time, as well as its rectification, erasure, or restriction of processing. If legal retention obligations (e.g., commercial or tax law) prevent deletion, the data will instead be blocked. Please contact our Data Protection Officer for assistance.

  2. Withdrawal of Consent
     You may withdraw any consent you have given to data processing at any time with effect for the future.

  3. Right to Object
     You have the right to object to the processing of your data at any time on grounds relating to your particular situation. In such a case, your data will no longer be processed unless compelling legitimate reasons for processing can be demonstrated which override your interests, rights, and freedoms, or the processing is necessary for the establishment, exercise, or defense of legal claims.

  4. Data Portability
     You have the right to receive the personal data you have provided to us in a structured, commonly used, and machine-readable format. Upon request and where technically feasible, we can transfer this data directly to another controller named by you, provided that this does not adversely affect the rights and freedoms of others.

  Storage Duration

  Personal data is retained only for as long as necessary to fulfill the stated purposes or as required by statutory retention obligations. Data from a completed fiscal year is generally deleted after the expiration of the applicable commercial or tax retention periods (six or ten years), unless longer retention periods apply or retention is required for legitimate reasons. Shorter deletion periods applicable under specific laws are observed accordingly. After the relevant retention periods expire, the data is deleted or, if deletion is not possible, blocked.

  Right to Withdraw Consent and Object to Processing
  You have the right to object to the processing of your personal data at any time. In such a case, we will cease processing your data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or where the processing is necessary for the establishment, exercise, or defense of legal claims. In addition, you may withdraw any consent you have previously given to data processing at any time with effect for the future.

  Right to Data Portability
  You have the right to receive the personal data you have provided to us in a structured, commonly used, and machine-readable format. This right applies if the processing is based on consent or a contract and is carried out by automated means. Where technically feasible and provided that the rights and freedoms of others are not adversely affected, you may also request the direct transfer of the data to another controller.

  Storage Duration
  Personal data is stored only for as long as necessary for the intended purposes and in accordance with statutory retention requirements, and is then deleted. Commercial or tax-relevant data from a completed fiscal year is deleted after the statutory retention periods of typically six or ten years, unless longer retention periods apply or further storage is required for legitimate reasons. In certain cases, shorter retention periods may apply (e.g., in cases of prolonged inactivity). Data not subject to these obligations will be deleted as soon as the purpose of processing no longer applies.

  Right to Lodge a Complaint
  If you believe that the processing of your personal data infringes the General Data Protection Regulation (GDPR), you have the right to lodge a complaint with a competent data protection supervisory authority.

  Requirement to Provide Personal Data
  The provision of certain personal data is required by law (e.g., tax regulations) or necessary for contractual purposes (e.g., information relating to the contracting party). For the conclusion and performance of a contract, it is generally necessary that you provide the required personal data. Without this data, the contract cannot be concluded.

• Informationen für alle Besucherinnen und Besucher unserer Website

  Usage Data

  Each time our website is accessed, our system automatically collects certain data and information from the computer system of the accessing device. This data is collected without your intervention and temporarily stored in so-called log files until it is automatically deleted:

  • IP address of the requesting device

  • Date and time of access

  • Content of the HLesevia request (e.g., page accessed)

  • HLesevia status code of the server response (e.g., “200 OK”, “404 Not Found”)

  • Amount of data transmitted

  • Referrer URL (the website from which the request originated)

  • Browser used and, if applicable, operating system (User-Agent)

  Legal basis: Art. 6(1)(f) GDPR (legitimate interest).
  Our legitimate interest lies in ensuring system security, analyzing technical errors, and maintaining the uninterrupted operation of our website. No personal user profiles are created.

  General Information on Cookies

  Our website uses cookies to make our offering more user-friendly. Cookies are small text files that are stored by your browser on your device and can hold information during or after your visit to a website, such as language settings, login status, shopping cart contents, or video playback position.

  Types of cookies:

  • Necessary cookies: Technically required for the basic functions of the website (e.g., shopping cart).

  • Statistics cookies: Used to analyze user behavior.

  • Marketing cookies: Enable personalized advertising.

  By duration and origin:

  • Session cookies (temporary): Automatically deleted after closing the browser; they allow, for example, recognition during a single visit.

  • Persistent cookies: Remain stored across multiple sessions and enable recognition of the browser on repeat visits (e.g., storage of login data or preferred settings).

  • First-party cookies: Set directly by us.

  • Third-party cookies: Set by external providers, usually for analysis or marketing purposes.

  We also use tracking technologies as part of audience measurement to understand how visitors interact with our website (e.g., browser type, duration of visit, referrer).
  If personal data is processed on the basis of your explicit consent (Art. 6(1)(a) GDPR), this is done to provide you with personalized information about our products and services. You may withdraw this consent at any time with future effect.

  Detailed information on the cookies and tracking technologies used can be found in our Privacy Policy and in our consent management tool (cookie banner).

  Legal Basis

  • Processing of personal data through technically necessary cookies is based on Art. 6(1)(f) GDPR (legitimate interest).

  • Processing of personal data through cookies for analysis or marketing purposes only takes place with your consent in accordance with Art. 6(1)(a) GDPR.

  Storage Duration

  You retain full control over the use of cookies at all times.

  • You can disable or restrict the transmission of cookies via your browser settings.

  • Stored cookies can be deleted at any time – also automatically.

  • Technically necessary cookies are usually deleted when the browser is closed.

  ⚠️ Please note: If cookies are completely disabled, certain functions of our website may no longer be fully usable.

  Cookie Consent and Objection

  For the use of technically non-essential cookies, we obtain your prior consent. For this, we use the consent management tool of Usercentrics GmbH, Sonnenstraße 23, 80331 Munich, Germany (“Usercentrics”).

  • This tool displays the cookie banner and records your selection.

  • A cookie is set to store your chosen settings.

  • The legal basis for the use of this tool is Art. 6(1) sentence 1(c) GDPR (compliance with a legal obligation).

  With your consent, you enable us to analyze and optimize our website. Based on statistical data (e.g., visitor numbers, duration of visit, user behavior), we can improve our content and functions in a targeted manner.

  Data Transfer to the USA

  Some integrated tools are provided by companies based in the USA (e.g., Google). When activated, personal data (including your IP address) may be transmitted to servers in the USA.

  ⚠️ Please note: In the USA, there is a risk that authorities may access this data. By giving your consent, you also agree to the possible processing of your data in the USA.

  Withdrawal of Consent and Adjustment of Settings

  You can deactivate or adjust cookies, including the transfer of data to the USA, at any time via the “Settings” link in the footer of our website.

  Legal Basis

  • The processing of personal data through technically necessary cookies is based on Art. 6(1)(f) GDPR (legitimate interest).

  • The processing of personal data through cookies for analysis or marketing purposes takes place only with your consent pursuant to Art. 6(1)(a) GDPR.

  Storage Duration

  You retain full control over the use of cookies at all times.

  • You can disable or restrict the transmission of cookies via your browser settings.

  • Stored cookies can be deleted at any time – including automatically.

  • Technically necessary cookies are usually deleted when the browser is closed.

  ⚠️ Please note: If cookies are completely disabled, certain functions of our website may not be fully available.

  Cookie Consent and Objection

  For the use of technically non-essential cookies, we obtain your prior consent. To this end, we use the consent management tool of Usercentrics GmbH, Sonnenstraße 23, 80331 Munich, Germany (“Usercentrics”).

  • This tool displays the cookie banner and records your selection.

  • A cookie is set to store your preferences.

  • The legal basis for the use of this tool is Art. 6(1) sentence 1(c) GDPR (compliance with a legal obligation).

  With your consent, you enable us to analyze and optimize our website. Based on statistical data (e.g., visitor numbers, duration of visit, user behavior), we can continuously improve our content and functions.

  Data Transfer to the USA

  Some integrated tools are provided by companies based in the USA (e.g., Google). When activated, personal data (including your IP address) may be transmitted to servers in the USA.

  ⚠️ Please note: In the USA, there is a risk that authorities may access this data. By giving your consent, you also agree to the possible processing of your data in the USA.

  Individual Settings

  • In the settings window, all cookies – except those that are technically necessary – are deactivated by default.

  • You can save your selection or customize it individually.

  • You may withdraw your consent at any time with future effect.

• Blog/Newsletter & Social Media

  Subscription to Our (Blog) Newsletter

  When you subscribe to our (blog) newsletter, we process your email address and any additional voluntary information (e.g., your name) in order to send you regular updates based on your consent (Legal basis: Art. 6(1)(a) GDPR).

  Your Rights: Revocation and Unsubscription

  You can withdraw your consent to receive the newsletter at any time with future effect, thereby ending your subscription. You may unsubscribe in the following ways:

  • Via the unsubscribe link included in every newsletter email.

  • By contacting us through the details provided in our privacy policy or legal notice (Impressum).

  Deletion of Your Data

  Once you unsubscribe, your email address will be promptly removed from our mailing list, unless you have expressly consented to further use of your data, or retention is otherwise legally permitted and explained in this privacy policy.

  ---

  Facebook

  This website uses plugins from the social network facebook.com, operated by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA (“Facebook”).
  An overview of Facebook plugins and their appearance can be found here:
  http://developers.facebook.com/docs/plugins/.

  When you access a page on our website that contains such a plugin, your browser establishes a direct connection to Facebook’s servers. The plugin content is transmitted directly from Facebook to your browser and integrated into the webpage.

  Through this integration, Facebook receives the information that your browser has accessed the corresponding page of our website—even if you do not have a Facebook account or are not currently logged in. This information (including your IP address) is transmitted directly to a Facebook server in the USA and stored there.

  If you are logged in to Facebook, Facebook can directly associate your visit to our website with your Facebook account. If you do not want Facebook to associate the data collected through our website with your account, please log out of Facebook before visiting our site.

  If you interact with the plugins (e.g., by clicking the Like button or posting a comment), the corresponding information is also transmitted directly to a Facebook server and stored there. This information may additionally be published on Facebook and displayed to your Facebook friends.

  For details on the purpose, scope, and further processing of data by Facebook, as well as your rights and options to protect your privacy, please consult Facebook’s privacy policy:
  http://www.facebook.com/about/privacy/.

  Facebook Custom Audience

  Our website uses remarketing tags from the social network Facebook. When you visit our pages, these tags establish a direct connection between your browser and Facebook’s servers. In doing so, Facebook is informed that your device (via your IP address) has accessed our website and can link this activity to your Facebook account.

  We use this information to deliver targeted Facebook ads (Facebook Ads).

  Please note that we, as the provider of this website, have no knowledge of the content of the transmitted data nor how Facebook subsequently uses it.

  Further information can be found in Facebook’s privacy policy:
  https://www.facebook.com/about/privacy/.

  If you do not wish data to be collected via Custom Audiences, you can disable this feature [here].

  Facebook Lead Ads

  Collection of Personal Data
  As part of advertising campaigns on Facebook (Lead Ads), we collect personal data when you, for example, submit a quote request form. This may include:

  • Name (first and last name)

  • Contact details (email address, telephone number)

  Use of Personal Data
  We use your personal data solely to process your quote request.

  • Your name allows us to clearly identify and handle your request.

  • Your contact details enable us to send you a personalized offer, respond to inquiries, and provide any further relevant information.

  Disclosure of Personal Data to Third Parties
  Your personal data will not be disclosed to third parties.

  Facebook Connect

  We offer you the option to register for our services via Facebook Connect. This means no separate registration with us is required.

  To log in, you will be redirected to Facebook’s login page, where you can authenticate using your Facebook credentials. Your Facebook profile will then be linked to our service, and we will automatically receive certain information from Facebook Inc.

  We only use the data that is strictly necessary for the conclusion or performance of the contract—specifically, information that enables us to clearly identify you.

  For more details on Facebook Connect and available privacy settings, please refer to Facebook’s privacy policy and terms of use.

  Twitter

  Our website integrates features of the social network Twitter, provided by Twitter Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107, USA.

  By using Twitter features—particularly the “Re-Tweet” function—the web pages you visit are linked to your Twitter account and may be shared with other Twitter users. In this process, data is also transmitted to Twitter.

  Please note that we, as the provider of this website, have no knowledge of the content of the transmitted data or its further use by Twitter.

  Further information can be found in Twitter’s privacy policy: https://twitter.com/privacy.

  You can adjust your personal privacy preferences at any time in your Twitter account settings.

• Use of web analytics tools and interest-based advertising

  Google Analytics
  This website uses Google Analytics, a web analytics service provided by Google Inc. (“Google”). Google Analytics uses “cookies”, text files stored on your device that enable analysis of website usage. The information generated by cookies about your use of this website is generally transmitted to and stored on a Google server in the USA.
  When IP anonymization is activated, Google truncates your IP address within EU member states or other EEA treaty states. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and truncated there. We have activated IP anonymization and concluded a data processing agreement with Google to ensure compliant data handling.
  On behalf of the website operator, Google processes information to compile website activity reports and provide other services related to website and internet usage. Google may combine personal data from one service with information from other Google services. Depending on your account settings, your activities on websites and apps may be linked with your personal data to improve Google services and displayed advertising.
  You can prevent cookie storage through appropriate browser settings; however, note that some website functions may be limited. You can also prevent the collection of cookie-generated data (including your IP address) and its processing by Google by downloading and installing the browser plugin available at: http://tools.google.com/dlpage/gaoptout?hl=en.
  Additionally, you can prevent Google Analytics data collection by clicking the following link. An opt-out cookie will be set to prevent future data collection when visiting this website: [Click here to disable Google Analytics measurement].
  Further information on terms of use and data protection can be found at:
  https://www.google.com/analytics/terms/ and https://policies.google.com/.
  Google Signals
  Based on our legitimate interests (analysis, optimization, and economic operation of our online offering per Art. 6(1)(f) GDPR), we use Google Signals. This enables cross-device session matching. Google uses data from users who have activated “personalized advertising” in their Google account.
  Google Signals is used exclusively with activated IP anonymization. This truncates IP addresses within EU/EEA member states, eliminating personal references. Identification of individual users is excluded.
  You can object to Google Signals usage at any time by deactivating “personalized advertising” in your Google account: support.google.com/ads/answer/2662922.
  Further information is available in the [Google Privacy Policy] and [Google Terms of Service].
  Google Tag Manager
  This website uses Google Tag Manager, a product of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). Tag Manager allows us to manage website tags through an interface, for example for Google Analytics. The Tag Manager itself is a cookie-free domain and does not collect personal data.
  Google Site Search (Google AJAX Search API)
  Our website uses the Google AJAX Search API via JavaScript. When using the search field, data is transmitted to Google. Google’s privacy policies apply. To prevent execution of JavaScript code, you can install a JavaScript blocker (e.g., www.noscript.net).
  Google reCAPTCHA
  To protect form submissions (e.g., contact form), we use the reCAPTCHA service from Google Inc. in certain cases. reCAPTCHA protects websites from spam and abuse. Your IP address and possibly other data required for the service are transmitted to Google. Google’s privacy policies apply to this data. For more information, please visit the Google Privacy Center: www.google.de/intl/en/privacy.
  DoubleClick by Google
  Our website uses DoubleClick by Google, a service of Google Inc. DoubleClick uses cookies to display relevant ads. A pseudonymous identification number (ID) is assigned to your browser to track which ads have been displayed or clicked. The cookies do not contain personal information.
  DoubleClick cookies allow Google and partner websites to serve ads based on previous visits to our or other websites. The information generated by the cookies is transmitted to and stored on a Google server in the USA. Google only shares this data with third parties if required by law or under data processing agreements. This data is not merged with other Google data.
  By using our website, you consent to the described processing of your data by Google. You can prevent the storage of cookies in your browser settings. Please note, however, that this may limit the functionality of our website. Furthermore, you can prevent Google from collecting and processing the data generated by cookies by installing the browser plugin available at the following link: https://adssettings.google.com/u/0/authenticated?hl=en.
  Google AdWords Conversion Tracking
  As an AdWords customer, we use Google Conversion Tracking. If you reach our website via a Google ad, a cookie is placed on your device. This cookie expires after 30 days and is not used for personal identification. If you visit certain pages of our website while the cookie is active, Google and we can recognize that you clicked on the ad and were redirected to our page.
  Each AdWords customer receives a unique cookie, so cookies cannot be tracked across different AdWords customers’ websites. The information obtained with the conversion cookie is used to create conversion statistics for AdWords customers who use conversion tracking. We learn the total number of users who clicked on our ad and were redirected to a page with a conversion tag. We do not receive personal information that could identify users.
  If you do not wish to participate in tracking, you can refuse the cookie—for example, by adjusting your browser settings to disable the automatic placement of cookies or by blocking cookies from the domain “googleleadservices.com”. Please note that opt-out cookies must remain in place as long as you want to keep the deactivation. After deleting all cookies in your browser, you will need to set the opt-out cookie again.
  Google Optimize
  To improve our website, we use Google Optimize, a tool integrated into Google Analytics. It enables A/B and multivariate testing to optimize content and features for visitors. More information is available from Google.
  Google Dynamic Remarketing
  Our pages use Google remarketing tags. This technology makes it possible to target users who have previously visited our website and shown interest in our offering with advertising on websites within the Google partner network.
  Ads are displayed using cookies that analyze user behavior and enable interest-based product recommendations. If you do not wish to receive interest-based ads, you can disable Google cookies at https://www.google.de/settings/ads. Alternatively, you can disable third-party cookies on the Network Advertising Initiative opt-out page: http://www.networkadvertising.org/choices/.
  By using our website, you agree to the described processing of your data by Google. Please note that these services are subject to Google’s privacy policies, which are independent of ours. We assume no responsibility for these policies and recommend that you review Google’s privacy policy directly.
  Bing Ads
  This website uses Microsoft Bing Ads conversion tracking. If you reach our website via a Bing ad, a cookie is placed on your device. This allows Microsoft Bing and us to recognize that you clicked on an ad, were redirected to our website, and reached a predefined target page (conversion page).
  We only receive the total number of users who clicked on a Bing ad and subsequently reached the conversion page. No personal information identifying users is transmitted.
  If you do not wish to participate in tracking, you can decline the placement of cookies—for example, through the relevant setting in your browser that disables the automatic placement of cookies. Further information on data protection at Microsoft can be found here: https://privacy.microsoft.com/en-us/privacystatement/.
  Hotjar
  To improve usability and customer experience, we use the analytics service of Hotjar Ltd. (Level 2, St. Julians Business Centre, 3 Elia Zammit Street, St. Julians STJ 1000, Malta, Europe).
  Hotjar records mouse movements, clicks, scrolling behavior, and keyboard inputs. The recording is anonymized and no personal reference is established. Hotjar uses a tracking code that automatically collects data when you use our website and stores it on Hotjar servers in Ireland. Additionally, cookies may be placed on your device.
  Further information on how it works can be found here: https://www.hotjar.com/privacy.
  If you wish to opt out of data collection by Hotjar, please use the opt-out link: https://www.hotjar.com/opt-out.
  LinkedIn Analytics and LinkedIn Ads
  This website uses the conversion tracking technology and retargeting function of LinkedIn Corporation. This allows visitors to our website to be shown personalized ads on LinkedIn. Additionally, we receive anonymous reports on ad performance and information about interactions with our website.
  For this purpose, the LinkedIn Insight Tag is integrated into our page, which establishes a connection to LinkedIn servers when you visit our website and are simultaneously logged into your LinkedIn account.
  Further information on data collection and use can be found in LinkedIn’s privacy policy: https://www.linkedin.com/legal/privacy-policy.
  If you are logged into LinkedIn, you can deactivate data collection at any time via the following link: https://www.linkedin.com/psettings/enhanced-advertising.

• Privacy Policy — Lesevia Mobile Apps

  	Privacy Policy — Lesevia Mobile Apps
  	Version: 2.0 (GDPR)
  	Effective date: 17 November 2025
  	Last updated: 17 November 2025
  	1. General Information
  	This Privacy Policy applies to the following mobile applications:
  	Lesevia
  	Lesevia Go
  	simplified version for employees
  	The processing of personal data is carried out in accordance with:
  	General Data Protection Regulation (GDPR), Regulation (EU) 2016/679
  	German Federal Data Protection Act — Bundesdatenschutzgesetz (BDSG)
  	ePrivacy Directive (2002/58/EC) and applicable German legislation on the confidentiality of digital services, including the Telekommunikation-Digitale-Dienste-Datenschutz-Gesetz (TDDDG)
  	1.1. Responsible Company / Data Controller
  	Where Sewerinow GmbH & Co. KG independently determines the purposes and means of processing personal data, the data controller is:
  	Sewerinow GmbH & Co. KG
  	Teplitzerstraße 2
  	30559 Hannover
  	Germany
  	Registration details:
  	Reg.Ger. AG Hannover — HRA 203205
  	phG: Sewerinow Verwaltung GmbH
  	Reg.Ger. AG Hannover — HRB 211437
  	Managing Director: Dmitrij Sewerinow
  	VAT ID: DE 296 404 930
  	Phone: +49 172 515 71 88
  	General email: info@lesevia.com
  	Main email: dmitrij@lesevia.com
  	Data protection email: privacy@lesevia.com
  	If the Lesevia or Lesevia Go applications are used by an employer or client organisation to manage employees, work shifts, absences, tasks, notifications or related organisational data, that employer or client organisation usually acts as the data controller, and Sewerinow GmbH & Co. KG processes the data as a processor on behalf of the client in accordance with Art. 28 GDPR.
  	1.2. Data Protection Contact Point
  	For matters relating to the protection of personal data, you can contact:
  	Email: privacy@lesevia.com
  	Phone: +49 172 515 71 88
  	If the appointment of an official Data Protection Officer / Datenschutzbeauftragter is required by law, or if such a person is appointed voluntarily, their contact details will be provided in this Privacy Policy.
  	2. Categories of Personal Data Processed
  	2.1. Account Data
  	Surname, first name, patronymic if applicable
  	Work email address
  	Work phone number, if provided
  	Position, department
  	Employee ID number assigned by the employer
  	Profile photo, if voluntarily added by the user
  	2.2. Work Activity Data
  	Start and end times of work shifts
  	Presence status: on site, late, absent
  	Confirmations of completed assigned tasks
  	Action history within the app: screens viewed, operations performed, status updates
  	2.3. Technical Data
  	Device model, operating system version
  	Unique device identifier
  	Push notification token
  	IP address
  	Error logs and crash reports
  	System language, time zone
  	2.4. Data We Do Not Collect Unless Necessary
  	We do not collect or process the following data unless it is required for a specific application function and stated separately:
  	Precise geolocation data
  	Biometric personal data
  	Contacts from the phone book
  	Personal messages outside work-related tools
  	Files from the device gallery, except files manually uploaded by the user
  	Data from other applications
  	Face ID, Touch ID or similar functions may only be used locally on the user’s device. Lesevia does not receive or store the user’s biometric templates.
  	3. Legal Bases and Purposes of Processing
  	The processing of personal data is carried out in accordance with Art. 6 GDPR.
  	Category of data	Purposes of processing	Legal basis under GDPR
  	Account data, work activity data	User identification, providing access to the application, managing work processes, absences, shifts, tasks and notifications	Art. 6(1)(b) GDPR — performance of a contract with the client or user, if the user is a direct client; Art. 6(1)(c) GDPR — compliance with a legal obligation, where applicable; Art. 6(1)(f) GDPR — legitimate interest in ensuring service operation, security and administration
  	Technical data, logs	Ensuring security, application stability, prevention of incidents and abuse	Art. 6(1)(f) GDPR — legitimate interests of the controller, client or Sewerinow GmbH & Co. KG
  	Push notifications	Sending work-related notifications, reminders, messages about requests, shifts and actions in the system	Art. 6(1)(f) GDPR — legitimate interest in ensuring timely work-related communication; Art. 6(1)(b) GDPR — where notifications are necessary for the performance of a contract with a direct user or client
  	Usage analytics and error reports, if used	Improving the application, fixing errors, enhancing stability and security	Art. 6(1)(f) GDPR — legitimate interest for strictly technical and necessary logs; Art. 6(1)(a) GDPR — user consent for non-essential analytics and SDKs where consent is required by applicable law
  	Data processed on behalf of an employer or client organisation	Managing work processes within the client organisation	The legal basis is determined by the employer or client organisation as the data controller
  	If Sewerinow GmbH & Co. KG acts as a data processor on behalf of an employer or client organisation, the processing is governed by a data processing agreement in accordance with Art. 28 GDPR. In such cases, the specific legal bases for processing employees’ personal data are determined by the employer or client organisation as the data controller.
  	If special categories of personal data under Art. 9 GDPR are processed, for example health data in the context of sick leave, such processing takes place only where an appropriate legal basis exists. In a B2B scenario, such legal basis is usually determined by the employer or client organisation as the data controller.
  	4. Transfer of Personal Data to Third Parties
  	4.1. Cloud Infrastructure
  	Providers: AWS / Google Cloud / Microsoft Azure
  	The specific provider is indicated in the contract with the client or in the technical documentation of the service.
  	Server location: predominantly EU / EEA, unless otherwise stated in the contract with the client.
  	Safeguards:
  	Security certificates, where applicable
  	Data processing agreement with the provider
  	Processing based on Art. 28 GDPR
  	Standard Contractual Clauses, where applicable
  	Additional technical and organisational measures
  	If technical providers or sub-processors access data from countries outside the EU / EEA, such transfer is carried out only with safeguards provided for in Chapter V GDPR.
  	An up-to-date list of sub-processors, including their location and categories of data processed, is available at:
  	www.lesevia.com/subprocessors
  	We notify clients about the addition of new sub-processors in accordance with the terms of the contract.
  	4.2. Push Notifications
  	Service: Firebase Cloud Messaging (Google) or a similar push notification service
  	Data processed:
  	Device ID
  	Push notification token
  	Technical data necessary for the delivery of notifications
  	Safeguards:
  	Data processing agreement
  	Processing in accordance with GDPR
  	Limitation of processing to the technical purpose of delivering notifications
  	4.3. Analytics and Error Reporting
  	If analytics or error reporting services are used, these may include:
  	Google Analytics / Firebase Analytics
  	Firebase Crashlytics
  	Sentry
  	Bugsnag
  	Similar technical services
  	Such services may process:
  	App version
  	Device model
  	Operating system version
  	Technical error logs
  	Session identifier
  	Aggregated, anonymised or pseudonymised data, depending on the settings of the specific service
  	Strictly necessary technical logs may be used for security, error diagnosis and stable operation of the application.
  	Non-essential analytics SDKs and tracking technologies are used only after obtaining the user’s consent, where such consent is required by applicable law. These SDKs are not activated before consent is obtained.
  	Settings:
  	IP address is anonymised where supported by the service
  	Advertising identifiers are disabled unless required
  	Data is not used for selling advertising or transferring to advertising networks
  	4.4. Data We Do Not Transfer
  	We do not transfer personal data to:
  	Advertising networks
  	Data brokers
  	Social networks for independent user profiling
  	An exception may occur only when using a separate feature, such as “Sign in with Google”, if the user voluntarily chooses that authentication method.
  	4.5. Disclosure Required by Law
  	Personal data may be transferred to public authorities only on a valid legal basis, for example:
  	A court order
  	An official request from a competent authority within a lawful procedure
  	Necessity to protect life, health or other vital interests
  	5. Cross-Border Transfer of Personal Data
  	Data is predominantly stored and processed on servers located within the European Union or the European Economic Area.
  	Transfer of data outside the EU / EEA may take place only with appropriate safeguards as provided for in Chapter V GDPR.
  	Such safeguards may include:
  	An adequacy decision by the European Commission
  	Standard Contractual Clauses adopted by the European Commission
  	Binding Corporate Rules, where applicable
  	Additional technical and organisational measures
  	A data transfer risk assessment, where required
  	When transferring personal data to third countries, in particular to the United States when using cloud providers or services such as Google, AWS, Microsoft Azure, Firebase, Sentry or similar vendors, we conclude Standard Contractual Clauses adopted by the European Commission and carry out an assessment of the level of protection, including an analysis of the legislation of the destination country.
  	Where necessary, additional technical measures are applied, including encryption of data before transfer, pseudonymisation and restriction of access to data.
  	6. Data Retention Periods
  	Category of data	Retention period
  	Active user account	As long as the account is active or the contract with the client remains in force
  	Work data and work activity data	For the duration of the client’s use of the service, unless a different period is determined by the client or by law
  	Activity logs	Up to 12 months, unless a longer period is required for security, incident investigation, business continuity, compliance with legal obligations or defence of legal claims
  	Technical security logs	Up to 6 months, unless a longer period is required for security, incident investigation, compliance with legal obligations or defence of legal claims
  	Deleted account	Data is deleted or anonymised within 30 days after account deletion or receipt of a request, unless a legal retention obligation exists
  	Data subject to legal retention	For the period prescribed by applicable law
  	The above retention periods are based on the need to investigate incidents, ensure service security, maintain business continuity and meet evidentiary requirements in possible employment or contractual disputes.
  	If Lesevia processes data as a processor on behalf of an employer or client organisation, the retention periods for work data may be determined by that employer or client organisation.
  	After the expiry of the retention periods, data will be deleted or anonymised.
  	7. Rights of the Data Subject
  	Under the GDPR, you have the following rights:
  	Access — Art. 15 GDPR
  	The right to obtain confirmation of processing and a copy of your personal data.
  	Rectification — Art. 16 GDPR
  	The right to obtain rectification of inaccurate or incomplete data.
  	Erasure — Art. 17 GDPR
  	The right to obtain erasure of personal data in the circumstances provided by law.
  	Restriction of processing — Art. 18 GDPR
  	The right to obtain restriction of processing in cases provided by the GDPR.
  	Data portability — Art. 20 GDPR
  	The right to receive your data in a structured, commonly used and machine-readable format, where applicable.
  	Objection to processing — Art. 21 GDPR
  	The right to object to processing based on your particular situation, especially where processing is based on legitimate interests.
  	Not to be subject to automated decision-making — Art. 22 GDPR
  	The right not to be subject to a decision based solely on automated processing if that decision produces legal effects concerning you or similarly significantly affects you.
  	Some data may be excluded from erasure or restriction of processing if their retention is necessary for compliance with legal obligations, establishment or defence of legal claims, security or performance of a contract.
  	7.1. Withdrawal of Consent
  	If processing is based on your consent in accordance with Art. 6(1)(a) GDPR or Art. 9(2)(a) GDPR, you may withdraw your consent at any time.
  	Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
  	7.2. Right to Lodge a Complaint with a Supervisory Authority
  	You have the right to lodge a complaint with a data protection supervisory authority:
  	In the country of your habitual residence
  	At your place of work
  	At the place of the alleged infringement
  	For a company located in Hannover, Lower Saxony, the competent supervisory authority is usually:
  	Der Landesbeauftragte für den Datenschutz Niedersachsen
  	Prinzenstraße 5
  	30159 Hannover
  	Germany
  	Phone: +49 511 120-4500
  	Email: poststelle@lfd.niedersachsen.de
  	Website: www.lfd.niedersachsen.de
  	8. How to Exercise Your Data Subject Rights
  	To exercise your rights, please send a request to:
  	Email: privacy@lesevia.com
  	Subject line:
  	Data Subject Request — [Your full name]
  	Response time:
  	1 month from receipt of the request.
  	If the request is complex or you have made a large number of requests, the period may be extended by a further 2 months. In that case, you will be informed of the extension and the reasons for the delay within the first month.
  	To protect your data, we may request additional information necessary to confirm your identity if we have reasonable doubts as to the identity of the requester.
  	If your personal data is processed in the context of your employer’s or a client organisation’s use of the application, we recommend that you first contact your employer or the relevant client organisation as the data controller regarding requests for access, rectification, erasure or restriction of processing.
  	We will assist the employer or client organisation in fulfilling their obligations as data controller.
  	If the request concerns data for which Sewerinow GmbH & Co. KG acts as an independent controller, we will process the request ourselves.
  	9. Security Measures for Personal Data Protection
  	In accordance with Art. 32 GDPR, technical and organisational measures are applied to protect personal data.
  	Technical Measures
  	Encryption of data in transit, for example TLS 1.3
  	Encryption of data at rest, for example AES-256
  	Regular security testing
  	Intrusion and anomaly detection systems
  	Firewalls
  	Antivirus protection
  	Role-based access control
  	Activity logging
  	Backup and recovery
  	Protection of administrative accounts
  	Organisational Measures
  	Restriction of access to personal data on a need-to-know basis
  	Non-disclosure agreements with employees and contractors
  	Staff training on data protection
  	Incident response procedures
  	Appointment of an internal data protection contact person
  	Sub-processor oversight
  	Documentation of technical and organisational measures
  	Notification of Breaches
  	In the event of a personal data breach, the controller shall notify the competent supervisory authority without undue delay and, where feasible, not later than 72 hours after becoming aware of it, unless the breach is unlikely to result in a risk to the rights and freedoms of natural persons.
  	If the breach is likely to result in a high risk to the rights and freedoms of users, affected users will be notified without undue delay.
  	If Lesevia acts as a data processor on behalf of a client, Lesevia will notify the client without undue delay after becoming aware of a breach.
  	10. Processing of Personal Data of Minors
  	The Lesevia Go application is intended for use in a work context.
  	The service is not intended for children and is not directed at individuals under the age of 16.
  	If an employer or client organisation uses the system in relation to minor employees, that employer or client organisation is responsible for having an appropriate legal basis and complying with applicable labour law.
  	If we become aware that a child’s personal data has been processed without the necessary legal basis, such data will be deleted or its processing restricted, unless otherwise required by law.
  	11. Automated Processing and Profiling
  	We do not use automated decision-making that produces legal effects concerning the user or similarly significantly affects the user within the meaning of Art. 22 GDPR.
  	Profiling for advertising purposes is not used.
  	Analytics, if used, are applied for technical, aggregated, anonymised or pseudonymised reporting, improving application stability, fixing errors and enhancing security.
  	12. Cookies and Tracking Technologies
  	The mobile application does not use classical cookies as used on websites.
  	SDKs and similar technologies may be used for the following purposes:
  	Authentication
  	Security
  	Saving settings
  	Push notifications
  	Error diagnosis
  	Stable operation of the application
  	Usage analytics, if enabled
  	Strictly necessary technologies may be used without separate consent if they are necessary to provide a function expressly requested by the user or to transmit a communication.
  	Non-essential analytics SDKs and other tracking technologies are used only after obtaining the user’s consent upon first launch of the application or before activating the relevant feature.
  	You may refuse non-essential analytics. Refusal does not affect the core functionality of the application.
  	You may withdraw your consent at any time:
  	Settings → Privacy → Analytics → Disable
  	If the user initially refuses non-essential analytics, the corresponding SDKs will not be activated.
  	Analytics SDKs may collect:
  	Device identifier
  	Session identifier
  	Technical application data
  	Error and crash data
  	Disabling non-essential analytics does not impair the core functionality of the application.
  	13. Changes to the Privacy Policy
  	When material changes are made:
  	We will notify users via the application or by email
  	The new version will take effect 30 days after the notice, unless a different period is stated in the notice
  	A change log is available at:
  	www.lesevia.com/privacy/changelog
  	14. Contact Information
  	Data protection inquiries:
  	privacy@lesevia.com
  	Technical support:
  	support@lesevia.com
  	Postal address:
  	Sewerinow GmbH & Co. KG
  	Teplitzerstraße 2
  	30559 Hannover
  	Germany
  	Phone:
  	+49 172 515 71 88
  	Last updated: 17 November 2025
  	Version: 2.0 (GDPR)

• Use of location data in the Lisevia app (iOS)

  How Lisevia and the Lisevia app Use Location Data from Employees (iOS)

  When you sign in to the Lisevia app, your device will prompt you to allow access to your location data. This includes information collected via nearby Bluetooth and Wi-Fi signals.

  By default, we recommend enabling location services with the options “While Using the App” and “Precise Location” to provide you with the best possible service.

  We use location data to:

  • find employees and customers near you,

  • track your service and travel history,

  • process and resolve support requests,

  • detect and fix software errors.

  Your Location Options on iOS

  Always

  • Location data may be collected during your working hours while the Lisevia app is in use.

  • If this setting is required for certain services, we will explicitly ask for your consent before activation.

  While Using the App

  • The app can access your location data whenever it is in use, whether in the foreground or background.

  Precise Location

  • You can disable the “Precise Location” option for the Lisevia app.

  • The app will remain usable, but some features may be limited.

  Never

  • Location services for the Lisevia app are completely disabled.

  • You can still use the app, but customer destinations must be entered manually.

  You can adjust your location permissions for the Lisevia app at any time in your iOS device settings under Privacy & Security > Location Services.

  We process your location data in accordance with our Privacy Policy.

  How Lisevia and the Lisevia App Use Customer Location Data (iOS)

  When you log in to the Lisevia app, your device will prompt you to allow access to your location data. This includes information collected via nearby Bluetooth and Wi-Fi signals.

  By default, the app recommends enabling location services with the options “While Using the App” and “Precise Location” to provide you with the best possible service.

  We use location data to:

  • find employees and customers near you,

  • track your service and travel history,

  • process and resolve support requests,

  • detect and fix software errors.

  Your Location Options on iOS

  Always

  • Location data may be collected during your working hours while the Lisevia app is in use.

  • If this setting is required for specific services, we will explicitly ask for your consent before activation.

  While Using the App

  • The app can access your location data whenever it is active, whether in the foreground or background.

  Precise Location

  • You can disable the “Precise Location” option for the Lisevia app.

  • The app will remain usable, but certain features may be limited.

  Never

  • Location services for the Lisevia app are fully disabled.

  • You can still use the app, but customer destinations must be entered manually.

  You can adjust your location permissions for the Lisevia app at any time in your iOS device settings under Privacy & Security > Location Services.

  We process your location data in accordance with our Privacy Policy.

• Use of location data in the Lisevia app (Android)

  How Lisevia and Companies Using the Lisevia App Use Employee Location Data (Android)

  When you log in to the Lisevia app, your device will ask you to grant access to your location data. This also includes information collected via nearby Bluetooth and Wi-Fi signals.

  By default, the app recommends enabling location services with the options “While using the app” and “Precise location” to ensure the best possible service.

  We use location data to:

  • Find employees and customers near you,

  • Track your service and travel history,

  • Process and resolve support requests,

  • Detect and fix software errors.

  Your Location Options on Android

  Allow all the time

  • Location data may be collected at any time, even when you are not actively using the Lisevia app.

  • If this setting is required for specific services, we will explicitly request your consent before activation.

  Allow only while using the app

  • Location data may be collected while the app is active in the foreground or background, for example, during working hours while serving customers (e.g., at a gas station or pharmacy).

  • In this mode, you will receive a persistent notification in the Android notification bar whenever location data is being collected in the background.

  Never

  • Location services for the Lisevia app are completely disabled.

  • You can still use the app, but customer destinations must be entered manually.

  • Please note: While you are on the move, location data may still be collected and linked to your account, even if location services are disabled within the app.

  You can manage your location permissions for the Lisevia app at any time in your Android device settings under Privacy & Security > Location.

  We process your location data in accordance with our Privacy Policy.

  How Lisevia and Companies Using the Lisevia App Use Customer Location Data (Android)

  When you log in to the Lisevia app, your device will ask you to grant access to your location data. This also includes information collected via nearby Bluetooth and Wi-Fi signals.

  By default, the app recommends enabling location services with the options “While using the app” and “Precise location” to ensure the best possible service.

  We use location data to:

  • Find team members and customers near you,

  • Track your service and travel history,

  • Process and resolve support requests,

  • Detect and fix software errors.

  Your Location Options on Android

  Allow all the time

  • Location data may be collected at any time, even when you are not actively using the Lisevia app.

  • If this setting is required for specific services, we will explicitly request your consent before activation.

  Allow only while using the app

  • Location data may be collected while the app is active in the foreground or background, for example, while serving customers or performing other tasks (e.g., at a gas station or pharmacy).

  • In this mode, you will receive a persistent notification in the Android notification bar whenever location data is being collected in the background.

  Never

  • Location services for the Lisevia app are completely disabled.

  • You can still use the app, but customer destinations must be entered manually.

  • Please note: While you are on the move, location data may still be collected and linked to your account, even if location services are disabled within the app.

  You can manage your location permissions for the Lisevia app at any time in your Android device settings under Privacy & Security > Location.

  We process your location data in accordance with our Privacy Policy.

• Additional Terms of Use for Lesevia AI

  (EU B2B Edition)

  These Additional Terms of Use for Lesevia AI (“AI Terms”) form an integral part of the Main Agreement for the Use of Lesevia (the “Agreement”) and govern the use of artificial intelligence features within the service.

  Priority Note: In the event of any conflict between these AI Terms and the Main Agreement, these AI Terms shall prevail specifically regarding AI Features.

  ---

  1. Definition of AI Features

  “Lesevia AI” refers to analytical and recommendation-generation features based on machine learning algorithms. These features provide Users with decision-support information for:

  • Structuring management processes.

  • Generating and processing management signals.

  • Prioritizing tasks and events.

  • Allocating responsibilities.

  • Preparing textual and analytical materials.

  Important: AI Features are intended solely as a decision-support tool and do not perform autonomous actions.

  2. Input and Output

  • Input: Data provided by the User for processing.

  • Output: Conclusions or recommendations generated by the system.

  • Ownership: Both Input and Output are considered the User’s data.

  • User Responsibility: The User is solely responsible for the lawfulness of the data provided, compliance with applicable legislation, and the subsequent use of the Output in management activities.

  3. Absence of Autonomous Decisions

  Lesevia AI is not an automated decision-making system. It:

  • Does not make legally binding decisions.

  • Does not conclude contracts or initiate financial transactions.

  • Does not execute HR actions (hiring/firing) without user confirmation. All management actions require explicit confirmation by the User.

  4. Accuracy and Verification

  AI Features are based on probabilistic models. Output may contain inaccuracies or simplifications. The User must independently verify Output before:

  1. Making HR or disciplinary decisions.

  2. Executing financial transactions.

  3. Changing contractual obligations or legal statuses.

  AI Features are provided on an “as is” basis regarding recommendation accuracy.

  5. Data Usage and Third-Party Providers

  • No Automatic Training: Lesevia does not use User data to train its own AI models unless the User has explicitly opted-in via the service settings.

  • Third-Party Models: We may use providers like OpenAI or Anthropic. Data is transferred only to the extent strictly necessary.

  • GDPR Compliance: Third-party providers act as data processors under Lesevia’s instructions and in strict accordance with EU data protection laws.

  6. Use Restrictions

  It is strictly prohibited to use Lesevia AI to:

  • Develop competing machine learning models.

  • Enable fully automated decision-making without human oversight.

  • Create illegal, harmful, or infringing content.

  7. Service Availability

  The operation of AI Features depends on third-party infrastructure. Temporary failures or limitations affecting these providers may impact the availability of Lesevia AI.

  8. Changes to Functionality

  Lesevia reserves the right to modify AI Features. Users will be notified in advance of material changes affecting data processing or the AI model.

  • Termination Right: If changes materially affect the User, the User may terminate the AI-related part of the Agreement within 14 days of notice.

  9. Liability and Limitation (EU B2B)

  • Full Control: The User retains full responsibility for management decisions made based on AI Output.

  • Liability Cap: Lesevia’s liability is limited to the total amount paid by the User for the 12-month period preceding the claim.

  • Exclusions: This limitation does not apply to cases of intent, gross negligence, injury to life/health, or breach of material contractual obligations (Kardinalpflichten).

  ---

  Last updated: February 28, 2026

• Information on Transparency and Your Rights

  Legal Basis for Processing Your Personal Data

  The processing of your personal data by our company is carried out on the following legal bases:

  • Contract Performance and Pre-Contractual Measures: To fulfill a contract with you or to take steps prior to entering into a contract (e.g., handling your inquiries, delivering goods, or providing services).

  • Legal Obligation: To comply with statutory requirements (e.g., tax regulations).

  • Consent: Based on your explicit and voluntary consent.

  • Legitimate Interests: Where a balancing of interests indicates that your rights and freedoms do not outweigh our interests (e.g., responding to inquiries via a contact form).

  Your Rights

  With respect to your personal data, you have the following rights:

  1. Access, Rectification, Erasure, and Restriction of Processing
     You may request free information about your stored data at any time, as well as its rectification, erasure, or restriction of processing. If legal retention obligations (e.g., commercial or tax law) prevent deletion, the data will instead be blocked. Please contact our Data Protection Officer for assistance.

  2. Withdrawal of Consent
     You may withdraw any consent you have given to data processing at any time with effect for the future.

  3. Right to Object
     You have the right to object to the processing of your data at any time on grounds relating to your particular situation. In such a case, your data will no longer be processed unless compelling legitimate reasons for processing can be demonstrated which override your interests, rights, and freedoms, or the processing is necessary for the establishment, exercise, or defense of legal claims.

  4. Data Portability
     You have the right to receive the personal data you have provided to us in a structured, commonly used, and machine-readable format. Upon request and where technically feasible, we can transfer this data directly to another controller named by you, provided that this does not adversely affect the rights and freedoms of others.

  Storage Duration

  Personal data is retained only for as long as necessary to fulfill the stated purposes or as required by statutory retention obligations. Data from a completed fiscal year is generally deleted after the expiration of the applicable commercial or tax retention periods (six or ten years), unless longer retention periods apply or retention is required for legitimate reasons. Shorter deletion periods applicable under specific laws are observed accordingly. After the relevant retention periods expire, the data is deleted or, if deletion is not possible, blocked.

  Right to Withdraw Consent and Object to Processing
  You have the right to object to the processing of your personal data at any time. In such a case, we will cease processing your data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or where the processing is necessary for the establishment, exercise, or defense of legal claims. In addition, you may withdraw any consent you have previously given to data processing at any time with effect for the future.

  Right to Data Portability
  You have the right to receive the personal data you have provided to us in a structured, commonly used, and machine-readable format. This right applies if the processing is based on consent or a contract and is carried out by automated means. Where technically feasible and provided that the rights and freedoms of others are not adversely affected, you may also request the direct transfer of the data to another controller.

  Storage Duration
  Personal data is stored only for as long as necessary for the intended purposes and in accordance with statutory retention requirements, and is then deleted. Commercial or tax-relevant data from a completed fiscal year is deleted after the statutory retention periods of typically six or ten years, unless longer retention periods apply or further storage is required for legitimate reasons. In certain cases, shorter retention periods may apply (e.g., in cases of prolonged inactivity). Data not subject to these obligations will be deleted as soon as the purpose of processing no longer applies.

  Right to Lodge a Complaint
  If you believe that the processing of your personal data infringes the General Data Protection Regulation (GDPR), you have the right to lodge a complaint with a competent data protection supervisory authority.

  Requirement to Provide Personal Data
  The provision of certain personal data is required by law (e.g., tax regulations) or necessary for contractual purposes (e.g., information relating to the contracting party). For the conclusion and performance of a contract, it is generally necessary that you provide the required personal data. Without this data, the contract cannot be concluded.

• Informationen für alle Besucherinnen und Besucher unserer Website

  Usage Data

  Each time our website is accessed, our system automatically collects certain data and information from the computer system of the accessing device. This data is collected without your intervention and temporarily stored in so-called log files until it is automatically deleted:

  • IP address of the requesting device

  • Date and time of access

  • Content of the HLesevia request (e.g., page accessed)

  • HLesevia status code of the server response (e.g., “200 OK”, “404 Not Found”)

  • Amount of data transmitted

  • Referrer URL (the website from which the request originated)

  • Browser used and, if applicable, operating system (User-Agent)

  Legal basis: Art. 6(1)(f) GDPR (legitimate interest).
  Our legitimate interest lies in ensuring system security, analyzing technical errors, and maintaining the uninterrupted operation of our website. No personal user profiles are created.

  General Information on Cookies

  Our website uses cookies to make our offering more user-friendly. Cookies are small text files that are stored by your browser on your device and can hold information during or after your visit to a website, such as language settings, login status, shopping cart contents, or video playback position.

  Types of cookies:

  • Necessary cookies: Technically required for the basic functions of the website (e.g., shopping cart).

  • Statistics cookies: Used to analyze user behavior.

  • Marketing cookies: Enable personalized advertising.

  By duration and origin:

  • Session cookies (temporary): Automatically deleted after closing the browser; they allow, for example, recognition during a single visit.

  • Persistent cookies: Remain stored across multiple sessions and enable recognition of the browser on repeat visits (e.g., storage of login data or preferred settings).

  • First-party cookies: Set directly by us.

  • Third-party cookies: Set by external providers, usually for analysis or marketing purposes.

  We also use tracking technologies as part of audience measurement to understand how visitors interact with our website (e.g., browser type, duration of visit, referrer).
  If personal data is processed on the basis of your explicit consent (Art. 6(1)(a) GDPR), this is done to provide you with personalized information about our products and services. You may withdraw this consent at any time with future effect.

  Detailed information on the cookies and tracking technologies used can be found in our Privacy Policy and in our consent management tool (cookie banner).

  Legal Basis

  • Processing of personal data through technically necessary cookies is based on Art. 6(1)(f) GDPR (legitimate interest).

  • Processing of personal data through cookies for analysis or marketing purposes only takes place with your consent in accordance with Art. 6(1)(a) GDPR.

  Storage Duration

  You retain full control over the use of cookies at all times.

  • You can disable or restrict the transmission of cookies via your browser settings.

  • Stored cookies can be deleted at any time – also automatically.

  • Technically necessary cookies are usually deleted when the browser is closed.

  ⚠️ Please note: If cookies are completely disabled, certain functions of our website may no longer be fully usable.

  Cookie Consent and Objection

  For the use of technically non-essential cookies, we obtain your prior consent. For this, we use the consent management tool of Usercentrics GmbH, Sonnenstraße 23, 80331 Munich, Germany (“Usercentrics”).

  • This tool displays the cookie banner and records your selection.

  • A cookie is set to store your chosen settings.

  • The legal basis for the use of this tool is Art. 6(1) sentence 1(c) GDPR (compliance with a legal obligation).

  With your consent, you enable us to analyze and optimize our website. Based on statistical data (e.g., visitor numbers, duration of visit, user behavior), we can improve our content and functions in a targeted manner.

  Data Transfer to the USA

  Some integrated tools are provided by companies based in the USA (e.g., Google). When activated, personal data (including your IP address) may be transmitted to servers in the USA.

  ⚠️ Please note: In the USA, there is a risk that authorities may access this data. By giving your consent, you also agree to the possible processing of your data in the USA.

  Withdrawal of Consent and Adjustment of Settings

  You can deactivate or adjust cookies, including the transfer of data to the USA, at any time via the “Settings” link in the footer of our website.

  Legal Basis

  • The processing of personal data through technically necessary cookies is based on Art. 6(1)(f) GDPR (legitimate interest).

  • The processing of personal data through cookies for analysis or marketing purposes takes place only with your consent pursuant to Art. 6(1)(a) GDPR.

  Storage Duration

  You retain full control over the use of cookies at all times.

  • You can disable or restrict the transmission of cookies via your browser settings.

  • Stored cookies can be deleted at any time – including automatically.

  • Technically necessary cookies are usually deleted when the browser is closed.

  ⚠️ Please note: If cookies are completely disabled, certain functions of our website may not be fully available.

  Cookie Consent and Objection

  For the use of technically non-essential cookies, we obtain your prior consent. To this end, we use the consent management tool of Usercentrics GmbH, Sonnenstraße 23, 80331 Munich, Germany (“Usercentrics”).

  • This tool displays the cookie banner and records your selection.

  • A cookie is set to store your preferences.

  • The legal basis for the use of this tool is Art. 6(1) sentence 1(c) GDPR (compliance with a legal obligation).

  With your consent, you enable us to analyze and optimize our website. Based on statistical data (e.g., visitor numbers, duration of visit, user behavior), we can continuously improve our content and functions.

  Data Transfer to the USA

  Some integrated tools are provided by companies based in the USA (e.g., Google). When activated, personal data (including your IP address) may be transmitted to servers in the USA.

  ⚠️ Please note: In the USA, there is a risk that authorities may access this data. By giving your consent, you also agree to the possible processing of your data in the USA.

  Individual Settings

  • In the settings window, all cookies – except those that are technically necessary – are deactivated by default.

  • You can save your selection or customize it individually.

  • You may withdraw your consent at any time with future effect.

• Blog/Newsletter & Social Media

  Subscription to Our (Blog) Newsletter

  When you subscribe to our (blog) newsletter, we process your email address and any additional voluntary information (e.g., your name) in order to send you regular updates based on your consent (Legal basis: Art. 6(1)(a) GDPR).

  Your Rights: Revocation and Unsubscription

  You can withdraw your consent to receive the newsletter at any time with future effect, thereby ending your subscription. You may unsubscribe in the following ways:

  • Via the unsubscribe link included in every newsletter email.

  • By contacting us through the details provided in our privacy policy or legal notice (Impressum).

  Deletion of Your Data

  Once you unsubscribe, your email address will be promptly removed from our mailing list, unless you have expressly consented to further use of your data, or retention is otherwise legally permitted and explained in this privacy policy.

  ---

  Facebook

  This website uses plugins from the social network facebook.com, operated by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA (“Facebook”).
  An overview of Facebook plugins and their appearance can be found here:
  http://developers.facebook.com/docs/plugins/.

  When you access a page on our website that contains such a plugin, your browser establishes a direct connection to Facebook’s servers. The plugin content is transmitted directly from Facebook to your browser and integrated into the webpage.

  Through this integration, Facebook receives the information that your browser has accessed the corresponding page of our website—even if you do not have a Facebook account or are not currently logged in. This information (including your IP address) is transmitted directly to a Facebook server in the USA and stored there.

  If you are logged in to Facebook, Facebook can directly associate your visit to our website with your Facebook account. If you do not want Facebook to associate the data collected through our website with your account, please log out of Facebook before visiting our site.

  If you interact with the plugins (e.g., by clicking the Like button or posting a comment), the corresponding information is also transmitted directly to a Facebook server and stored there. This information may additionally be published on Facebook and displayed to your Facebook friends.

  For details on the purpose, scope, and further processing of data by Facebook, as well as your rights and options to protect your privacy, please consult Facebook’s privacy policy:
  http://www.facebook.com/about/privacy/.

  Facebook Custom Audience

  Our website uses remarketing tags from the social network Facebook. When you visit our pages, these tags establish a direct connection between your browser and Facebook’s servers. In doing so, Facebook is informed that your device (via your IP address) has accessed our website and can link this activity to your Facebook account.

  We use this information to deliver targeted Facebook ads (Facebook Ads).

  Please note that we, as the provider of this website, have no knowledge of the content of the transmitted data nor how Facebook subsequently uses it.

  Further information can be found in Facebook’s privacy policy:
  https://www.facebook.com/about/privacy/.

  If you do not wish data to be collected via Custom Audiences, you can disable this feature [here].

  Facebook Lead Ads

  Collection of Personal Data
  As part of advertising campaigns on Facebook (Lead Ads), we collect personal data when you, for example, submit a quote request form. This may include:

  • Name (first and last name)

  • Contact details (email address, telephone number)

  Use of Personal Data
  We use your personal data solely to process your quote request.

  • Your name allows us to clearly identify and handle your request.

  • Your contact details enable us to send you a personalized offer, respond to inquiries, and provide any further relevant information.

  Disclosure of Personal Data to Third Parties
  Your personal data will not be disclosed to third parties.

  Facebook Connect

  We offer you the option to register for our services via Facebook Connect. This means no separate registration with us is required.

  To log in, you will be redirected to Facebook’s login page, where you can authenticate using your Facebook credentials. Your Facebook profile will then be linked to our service, and we will automatically receive certain information from Facebook Inc.

  We only use the data that is strictly necessary for the conclusion or performance of the contract—specifically, information that enables us to clearly identify you.

  For more details on Facebook Connect and available privacy settings, please refer to Facebook’s privacy policy and terms of use.

  Twitter

  Our website integrates features of the social network Twitter, provided by Twitter Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107, USA.

  By using Twitter features—particularly the “Re-Tweet” function—the web pages you visit are linked to your Twitter account and may be shared with other Twitter users. In this process, data is also transmitted to Twitter.

  Please note that we, as the provider of this website, have no knowledge of the content of the transmitted data or its further use by Twitter.

  Further information can be found in Twitter’s privacy policy: https://twitter.com/privacy.

  You can adjust your personal privacy preferences at any time in your Twitter account settings.

• Use of web analytics tools and interest-based advertising

  Google Analytics
  This website uses Google Analytics, a web analytics service provided by Google Inc. (“Google”). Google Analytics uses “cookies”, text files stored on your device that enable analysis of website usage. The information generated by cookies about your use of this website is generally transmitted to and stored on a Google server in the USA.
  When IP anonymization is activated, Google truncates your IP address within EU member states or other EEA treaty states. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and truncated there. We have activated IP anonymization and concluded a data processing agreement with Google to ensure compliant data handling.
  On behalf of the website operator, Google processes information to compile website activity reports and provide other services related to website and internet usage. Google may combine personal data from one service with information from other Google services. Depending on your account settings, your activities on websites and apps may be linked with your personal data to improve Google services and displayed advertising.
  You can prevent cookie storage through appropriate browser settings; however, note that some website functions may be limited. You can also prevent the collection of cookie-generated data (including your IP address) and its processing by Google by downloading and installing the browser plugin available at: http://tools.google.com/dlpage/gaoptout?hl=en.
  Additionally, you can prevent Google Analytics data collection by clicking the following link. An opt-out cookie will be set to prevent future data collection when visiting this website: [Click here to disable Google Analytics measurement].
  Further information on terms of use and data protection can be found at:
  https://www.google.com/analytics/terms/ and https://policies.google.com/.
  Google Signals
  Based on our legitimate interests (analysis, optimization, and economic operation of our online offering per Art. 6(1)(f) GDPR), we use Google Signals. This enables cross-device session matching. Google uses data from users who have activated “personalized advertising” in their Google account.
  Google Signals is used exclusively with activated IP anonymization. This truncates IP addresses within EU/EEA member states, eliminating personal references. Identification of individual users is excluded.
  You can object to Google Signals usage at any time by deactivating “personalized advertising” in your Google account: support.google.com/ads/answer/2662922.
  Further information is available in the [Google Privacy Policy] and [Google Terms of Service].
  Google Tag Manager
  This website uses Google Tag Manager, a product of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). Tag Manager allows us to manage website tags through an interface, for example for Google Analytics. The Tag Manager itself is a cookie-free domain and does not collect personal data.
  Google Site Search (Google AJAX Search API)
  Our website uses the Google AJAX Search API via JavaScript. When using the search field, data is transmitted to Google. Google’s privacy policies apply. To prevent execution of JavaScript code, you can install a JavaScript blocker (e.g., www.noscript.net).
  Google reCAPTCHA
  To protect form submissions (e.g., contact form), we use the reCAPTCHA service from Google Inc. in certain cases. reCAPTCHA protects websites from spam and abuse. Your IP address and possibly other data required for the service are transmitted to Google. Google’s privacy policies apply to this data. For more information, please visit the Google Privacy Center: www.google.de/intl/en/privacy.
  DoubleClick by Google
  Our website uses DoubleClick by Google, a service of Google Inc. DoubleClick uses cookies to display relevant ads. A pseudonymous identification number (ID) is assigned to your browser to track which ads have been displayed or clicked. The cookies do not contain personal information.
  DoubleClick cookies allow Google and partner websites to serve ads based on previous visits to our or other websites. The information generated by the cookies is transmitted to and stored on a Google server in the USA. Google only shares this data with third parties if required by law or under data processing agreements. This data is not merged with other Google data.
  By using our website, you consent to the described processing of your data by Google. You can prevent the storage of cookies in your browser settings. Please note, however, that this may limit the functionality of our website. Furthermore, you can prevent Google from collecting and processing the data generated by cookies by installing the browser plugin available at the following link: https://adssettings.google.com/u/0/authenticated?hl=en.
  Google AdWords Conversion Tracking
  As an AdWords customer, we use Google Conversion Tracking. If you reach our website via a Google ad, a cookie is placed on your device. This cookie expires after 30 days and is not used for personal identification. If you visit certain pages of our website while the cookie is active, Google and we can recognize that you clicked on the ad and were redirected to our page.
  Each AdWords customer receives a unique cookie, so cookies cannot be tracked across different AdWords customers’ websites. The information obtained with the conversion cookie is used to create conversion statistics for AdWords customers who use conversion tracking. We learn the total number of users who clicked on our ad and were redirected to a page with a conversion tag. We do not receive personal information that could identify users.
  If you do not wish to participate in tracking, you can refuse the cookie—for example, by adjusting your browser settings to disable the automatic placement of cookies or by blocking cookies from the domain “googleleadservices.com”. Please note that opt-out cookies must remain in place as long as you want to keep the deactivation. After deleting all cookies in your browser, you will need to set the opt-out cookie again.
  Google Optimize
  To improve our website, we use Google Optimize, a tool integrated into Google Analytics. It enables A/B and multivariate testing to optimize content and features for visitors. More information is available from Google.
  Google Dynamic Remarketing
  Our pages use Google remarketing tags. This technology makes it possible to target users who have previously visited our website and shown interest in our offering with advertising on websites within the Google partner network.
  Ads are displayed using cookies that analyze user behavior and enable interest-based product recommendations. If you do not wish to receive interest-based ads, you can disable Google cookies at https://www.google.de/settings/ads. Alternatively, you can disable third-party cookies on the Network Advertising Initiative opt-out page: http://www.networkadvertising.org/choices/.
  By using our website, you agree to the described processing of your data by Google. Please note that these services are subject to Google’s privacy policies, which are independent of ours. We assume no responsibility for these policies and recommend that you review Google’s privacy policy directly.
  Bing Ads
  This website uses Microsoft Bing Ads conversion tracking. If you reach our website via a Bing ad, a cookie is placed on your device. This allows Microsoft Bing and us to recognize that you clicked on an ad, were redirected to our website, and reached a predefined target page (conversion page).
  We only receive the total number of users who clicked on a Bing ad and subsequently reached the conversion page. No personal information identifying users is transmitted.
  If you do not wish to participate in tracking, you can decline the placement of cookies—for example, through the relevant setting in your browser that disables the automatic placement of cookies. Further information on data protection at Microsoft can be found here: https://privacy.microsoft.com/en-us/privacystatement/.
  Hotjar
  To improve usability and customer experience, we use the analytics service of Hotjar Ltd. (Level 2, St. Julians Business Centre, 3 Elia Zammit Street, St. Julians STJ 1000, Malta, Europe).
  Hotjar records mouse movements, clicks, scrolling behavior, and keyboard inputs. The recording is anonymized and no personal reference is established. Hotjar uses a tracking code that automatically collects data when you use our website and stores it on Hotjar servers in Ireland. Additionally, cookies may be placed on your device.
  Further information on how it works can be found here: https://www.hotjar.com/privacy.
  If you wish to opt out of data collection by Hotjar, please use the opt-out link: https://www.hotjar.com/opt-out.
  LinkedIn Analytics and LinkedIn Ads
  This website uses the conversion tracking technology and retargeting function of LinkedIn Corporation. This allows visitors to our website to be shown personalized ads on LinkedIn. Additionally, we receive anonymous reports on ad performance and information about interactions with our website.
  For this purpose, the LinkedIn Insight Tag is integrated into our page, which establishes a connection to LinkedIn servers when you visit our website and are simultaneously logged into your LinkedIn account.
  Further information on data collection and use can be found in LinkedIn’s privacy policy: https://www.linkedin.com/legal/privacy-policy.
  If you are logged into LinkedIn, you can deactivate data collection at any time via the following link: https://www.linkedin.com/psettings/enhanced-advertising.

• Privacy Policy — Lesevia Mobile Apps

  	Privacy Policy — Lesevia Mobile Apps
  	Version: 2.0 (GDPR)
  	Effective date: 17 November 2025
  	Last updated: 17 November 2025
  	1. General Information
  	This Privacy Policy applies to the following mobile applications:
  	Lesevia
  	Lesevia Go
  	simplified version for employees
  	The processing of personal data is carried out in accordance with:
  	General Data Protection Regulation (GDPR), Regulation (EU) 2016/679
  	German Federal Data Protection Act — Bundesdatenschutzgesetz (BDSG)
  	ePrivacy Directive (2002/58/EC) and applicable German legislation on the confidentiality of digital services, including the Telekommunikation-Digitale-Dienste-Datenschutz-Gesetz (TDDDG)
  	1.1. Responsible Company / Data Controller
  	Where Sewerinow GmbH & Co. KG independently determines the purposes and means of processing personal data, the data controller is:
  	Sewerinow GmbH & Co. KG
  	Teplitzerstraße 2
  	30559 Hannover
  	Germany
  	Registration details:
  	Reg.Ger. AG Hannover — HRA 203205
  	phG: Sewerinow Verwaltung GmbH
  	Reg.Ger. AG Hannover — HRB 211437
  	Managing Director: Dmitrij Sewerinow
  	VAT ID: DE 296 404 930
  	Phone: +49 172 515 71 88
  	General email: info@lesevia.com
  	Main email: dmitrij@lesevia.com
  	Data protection email: privacy@lesevia.com
  	If the Lesevia or Lesevia Go applications are used by an employer or client organisation to manage employees, work shifts, absences, tasks, notifications or related organisational data, that employer or client organisation usually acts as the data controller, and Sewerinow GmbH & Co. KG processes the data as a processor on behalf of the client in accordance with Art. 28 GDPR.
  	1.2. Data Protection Contact Point
  	For matters relating to the protection of personal data, you can contact:
  	Email: privacy@lesevia.com
  	Phone: +49 172 515 71 88
  	If the appointment of an official Data Protection Officer / Datenschutzbeauftragter is required by law, or if such a person is appointed voluntarily, their contact details will be provided in this Privacy Policy.
  	2. Categories of Personal Data Processed
  	2.1. Account Data
  	Surname, first name, patronymic if applicable
  	Work email address
  	Work phone number, if provided
  	Position, department
  	Employee ID number assigned by the employer
  	Profile photo, if voluntarily added by the user
  	2.2. Work Activity Data
  	Start and end times of work shifts
  	Presence status: on site, late, absent
  	Confirmations of completed assigned tasks
  	Action history within the app: screens viewed, operations performed, status updates
  	2.3. Technical Data
  	Device model, operating system version
  	Unique device identifier
  	Push notification token
  	IP address
  	Error logs and crash reports
  	System language, time zone
  	2.4. Data We Do Not Collect Unless Necessary
  	We do not collect or process the following data unless it is required for a specific application function and stated separately:
  	Precise geolocation data
  	Biometric personal data
  	Contacts from the phone book
  	Personal messages outside work-related tools
  	Files from the device gallery, except files manually uploaded by the user
  	Data from other applications
  	Face ID, Touch ID or similar functions may only be used locally on the user’s device. Lesevia does not receive or store the user’s biometric templates.
  	3. Legal Bases and Purposes of Processing
  	The processing of personal data is carried out in accordance with Art. 6 GDPR.
  	Category of data	Purposes of processing	Legal basis under GDPR
  	Account data, work activity data	User identification, providing access to the application, managing work processes, absences, shifts, tasks and notifications	Art. 6(1)(b) GDPR — performance of a contract with the client or user, if the user is a direct client; Art. 6(1)(c) GDPR — compliance with a legal obligation, where applicable; Art. 6(1)(f) GDPR — legitimate interest in ensuring service operation, security and administration
  	Technical data, logs	Ensuring security, application stability, prevention of incidents and abuse	Art. 6(1)(f) GDPR — legitimate interests of the controller, client or Sewerinow GmbH & Co. KG
  	Push notifications	Sending work-related notifications, reminders, messages about requests, shifts and actions in the system	Art. 6(1)(f) GDPR — legitimate interest in ensuring timely work-related communication; Art. 6(1)(b) GDPR — where notifications are necessary for the performance of a contract with a direct user or client
  	Usage analytics and error reports, if used	Improving the application, fixing errors, enhancing stability and security	Art. 6(1)(f) GDPR — legitimate interest for strictly technical and necessary logs; Art. 6(1)(a) GDPR — user consent for non-essential analytics and SDKs where consent is required by applicable law
  	Data processed on behalf of an employer or client organisation	Managing work processes within the client organisation	The legal basis is determined by the employer or client organisation as the data controller
  	If Sewerinow GmbH & Co. KG acts as a data processor on behalf of an employer or client organisation, the processing is governed by a data processing agreement in accordance with Art. 28 GDPR. In such cases, the specific legal bases for processing employees’ personal data are determined by the employer or client organisation as the data controller.
  	If special categories of personal data under Art. 9 GDPR are processed, for example health data in the context of sick leave, such processing takes place only where an appropriate legal basis exists. In a B2B scenario, such legal basis is usually determined by the employer or client organisation as the data controller.
  	4. Transfer of Personal Data to Third Parties
  	4.1. Cloud Infrastructure
  	Providers: AWS / Google Cloud / Microsoft Azure
  	The specific provider is indicated in the contract with the client or in the technical documentation of the service.
  	Server location: predominantly EU / EEA, unless otherwise stated in the contract with the client.
  	Safeguards:
  	Security certificates, where applicable
  	Data processing agreement with the provider
  	Processing based on Art. 28 GDPR
  	Standard Contractual Clauses, where applicable
  	Additional technical and organisational measures
  	If technical providers or sub-processors access data from countries outside the EU / EEA, such transfer is carried out only with safeguards provided for in Chapter V GDPR.
  	An up-to-date list of sub-processors, including their location and categories of data processed, is available at:
  	www.lesevia.com/subprocessors
  	We notify clients about the addition of new sub-processors in accordance with the terms of the contract.
  	4.2. Push Notifications
  	Service: Firebase Cloud Messaging (Google) or a similar push notification service
  	Data processed:
  	Device ID
  	Push notification token
  	Technical data necessary for the delivery of notifications
  	Safeguards:
  	Data processing agreement
  	Processing in accordance with GDPR
  	Limitation of processing to the technical purpose of delivering notifications
  	4.3. Analytics and Error Reporting
  	If analytics or error reporting services are used, these may include:
  	Google Analytics / Firebase Analytics
  	Firebase Crashlytics
  	Sentry
  	Bugsnag
  	Similar technical services
  	Such services may process:
  	App version
  	Device model
  	Operating system version
  	Technical error logs
  	Session identifier
  	Aggregated, anonymised or pseudonymised data, depending on the settings of the specific service
  	Strictly necessary technical logs may be used for security, error diagnosis and stable operation of the application.
  	Non-essential analytics SDKs and tracking technologies are used only after obtaining the user’s consent, where such consent is required by applicable law. These SDKs are not activated before consent is obtained.
  	Settings:
  	IP address is anonymised where supported by the service
  	Advertising identifiers are disabled unless required
  	Data is not used for selling advertising or transferring to advertising networks
  	4.4. Data We Do Not Transfer
  	We do not transfer personal data to:
  	Advertising networks
  	Data brokers
  	Social networks for independent user profiling
  	An exception may occur only when using a separate feature, such as “Sign in with Google”, if the user voluntarily chooses that authentication method.
  	4.5. Disclosure Required by Law
  	Personal data may be transferred to public authorities only on a valid legal basis, for example:
  	A court order
  	An official request from a competent authority within a lawful procedure
  	Necessity to protect life, health or other vital interests
  	5. Cross-Border Transfer of Personal Data
  	Data is predominantly stored and processed on servers located within the European Union or the European Economic Area.
  	Transfer of data outside the EU / EEA may take place only with appropriate safeguards as provided for in Chapter V GDPR.
  	Such safeguards may include:
  	An adequacy decision by the European Commission
  	Standard Contractual Clauses adopted by the European Commission
  	Binding Corporate Rules, where applicable
  	Additional technical and organisational measures
  	A data transfer risk assessment, where required
  	When transferring personal data to third countries, in particular to the United States when using cloud providers or services such as Google, AWS, Microsoft Azure, Firebase, Sentry or similar vendors, we conclude Standard Contractual Clauses adopted by the European Commission and carry out an assessment of the level of protection, including an analysis of the legislation of the destination country.
  	Where necessary, additional technical measures are applied, including encryption of data before transfer, pseudonymisation and restriction of access to data.
  	6. Data Retention Periods
  	Category of data	Retention period
  	Active user account	As long as the account is active or the contract with the client remains in force
  	Work data and work activity data	For the duration of the client’s use of the service, unless a different period is determined by the client or by law
  	Activity logs	Up to 12 months, unless a longer period is required for security, incident investigation, business continuity, compliance with legal obligations or defence of legal claims
  	Technical security logs	Up to 6 months, unless a longer period is required for security, incident investigation, compliance with legal obligations or defence of legal claims
  	Deleted account	Data is deleted or anonymised within 30 days after account deletion or receipt of a request, unless a legal retention obligation exists
  	Data subject to legal retention	For the period prescribed by applicable law
  	The above retention periods are based on the need to investigate incidents, ensure service security, maintain business continuity and meet evidentiary requirements in possible employment or contractual disputes.
  	If Lesevia processes data as a processor on behalf of an employer or client organisation, the retention periods for work data may be determined by that employer or client organisation.
  	After the expiry of the retention periods, data will be deleted or anonymised.
  	7. Rights of the Data Subject
  	Under the GDPR, you have the following rights:
  	Access — Art. 15 GDPR
  	The right to obtain confirmation of processing and a copy of your personal data.
  	Rectification — Art. 16 GDPR
  	The right to obtain rectification of inaccurate or incomplete data.
  	Erasure — Art. 17 GDPR
  	The right to obtain erasure of personal data in the circumstances provided by law.
  	Restriction of processing — Art. 18 GDPR
  	The right to obtain restriction of processing in cases provided by the GDPR.
  	Data portability — Art. 20 GDPR
  	The right to receive your data in a structured, commonly used and machine-readable format, where applicable.
  	Objection to processing — Art. 21 GDPR
  	The right to object to processing based on your particular situation, especially where processing is based on legitimate interests.
  	Not to be subject to automated decision-making — Art. 22 GDPR
  	The right not to be subject to a decision based solely on automated processing if that decision produces legal effects concerning you or similarly significantly affects you.
  	Some data may be excluded from erasure or restriction of processing if their retention is necessary for compliance with legal obligations, establishment or defence of legal claims, security or performance of a contract.
  	7.1. Withdrawal of Consent
  	If processing is based on your consent in accordance with Art. 6(1)(a) GDPR or Art. 9(2)(a) GDPR, you may withdraw your consent at any time.
  	Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
  	7.2. Right to Lodge a Complaint with a Supervisory Authority
  	You have the right to lodge a complaint with a data protection supervisory authority:
  	In the country of your habitual residence
  	At your place of work
  	At the place of the alleged infringement
  	For a company located in Hannover, Lower Saxony, the competent supervisory authority is usually:
  	Der Landesbeauftragte für den Datenschutz Niedersachsen
  	Prinzenstraße 5
  	30159 Hannover
  	Germany
  	Phone: +49 511 120-4500
  	Email: poststelle@lfd.niedersachsen.de
  	Website: www.lfd.niedersachsen.de
  	8. How to Exercise Your Data Subject Rights
  	To exercise your rights, please send a request to:
  	Email: privacy@lesevia.com
  	Subject line:
  	Data Subject Request — [Your full name]
  	Response time:
  	1 month from receipt of the request.
  	If the request is complex or you have made a large number of requests, the period may be extended by a further 2 months. In that case, you will be informed of the extension and the reasons for the delay within the first month.
  	To protect your data, we may request additional information necessary to confirm your identity if we have reasonable doubts as to the identity of the requester.
  	If your personal data is processed in the context of your employer’s or a client organisation’s use of the application, we recommend that you first contact your employer or the relevant client organisation as the data controller regarding requests for access, rectification, erasure or restriction of processing.
  	We will assist the employer or client organisation in fulfilling their obligations as data controller.
  	If the request concerns data for which Sewerinow GmbH & Co. KG acts as an independent controller, we will process the request ourselves.
  	9. Security Measures for Personal Data Protection
  	In accordance with Art. 32 GDPR, technical and organisational measures are applied to protect personal data.
  	Technical Measures
  	Encryption of data in transit, for example TLS 1.3
  	Encryption of data at rest, for example AES-256
  	Regular security testing
  	Intrusion and anomaly detection systems
  	Firewalls
  	Antivirus protection
  	Role-based access control
  	Activity logging
  	Backup and recovery
  	Protection of administrative accounts
  	Organisational Measures
  	Restriction of access to personal data on a need-to-know basis
  	Non-disclosure agreements with employees and contractors
  	Staff training on data protection
  	Incident response procedures
  	Appointment of an internal data protection contact person
  	Sub-processor oversight
  	Documentation of technical and organisational measures
  	Notification of Breaches
  	In the event of a personal data breach, the controller shall notify the competent supervisory authority without undue delay and, where feasible, not later than 72 hours after becoming aware of it, unless the breach is unlikely to result in a risk to the rights and freedoms of natural persons.
  	If the breach is likely to result in a high risk to the rights and freedoms of users, affected users will be notified without undue delay.
  	If Lesevia acts as a data processor on behalf of a client, Lesevia will notify the client without undue delay after becoming aware of a breach.
  	10. Processing of Personal Data of Minors
  	The Lesevia Go application is intended for use in a work context.
  	The service is not intended for children and is not directed at individuals under the age of 16.
  	If an employer or client organisation uses the system in relation to minor employees, that employer or client organisation is responsible for having an appropriate legal basis and complying with applicable labour law.
  	If we become aware that a child’s personal data has been processed without the necessary legal basis, such data will be deleted or its processing restricted, unless otherwise required by law.
  	11. Automated Processing and Profiling
  	We do not use automated decision-making that produces legal effects concerning the user or similarly significantly affects the user within the meaning of Art. 22 GDPR.
  	Profiling for advertising purposes is not used.
  	Analytics, if used, are applied for technical, aggregated, anonymised or pseudonymised reporting, improving application stability, fixing errors and enhancing security.
  	12. Cookies and Tracking Technologies
  	The mobile application does not use classical cookies as used on websites.
  	SDKs and similar technologies may be used for the following purposes:
  	Authentication
  	Security
  	Saving settings
  	Push notifications
  	Error diagnosis
  	Stable operation of the application
  	Usage analytics, if enabled
  	Strictly necessary technologies may be used without separate consent if they are necessary to provide a function expressly requested by the user or to transmit a communication.
  	Non-essential analytics SDKs and other tracking technologies are used only after obtaining the user’s consent upon first launch of the application or before activating the relevant feature.
  	You may refuse non-essential analytics. Refusal does not affect the core functionality of the application.
  	You may withdraw your consent at any time:
  	Settings → Privacy → Analytics → Disable
  	If the user initially refuses non-essential analytics, the corresponding SDKs will not be activated.
  	Analytics SDKs may collect:
  	Device identifier
  	Session identifier
  	Technical application data
  	Error and crash data
  	Disabling non-essential analytics does not impair the core functionality of the application.
  	13. Changes to the Privacy Policy
  	When material changes are made:
  	We will notify users via the application or by email
  	The new version will take effect 30 days after the notice, unless a different period is stated in the notice
  	A change log is available at:
  	www.lesevia.com/privacy/changelog
  	14. Contact Information
  	Data protection inquiries:
  	privacy@lesevia.com
  	Technical support:
  	support@lesevia.com
  	Postal address:
  	Sewerinow GmbH & Co. KG
  	Teplitzerstraße 2
  	30559 Hannover
  	Germany
  	Phone:
  	+49 172 515 71 88
  	Last updated: 17 November 2025
  	Version: 2.0 (GDPR)

• Use of location data in the Lisevia app (iOS)

  How Lisevia and the Lisevia app Use Location Data from Employees (iOS)

  When you sign in to the Lisevia app, your device will prompt you to allow access to your location data. This includes information collected via nearby Bluetooth and Wi-Fi signals.

  By default, we recommend enabling location services with the options “While Using the App” and “Precise Location” to provide you with the best possible service.

  We use location data to:

  • find employees and customers near you,

  • track your service and travel history,

  • process and resolve support requests,

  • detect and fix software errors.

  Your Location Options on iOS

  Always

  • Location data may be collected during your working hours while the Lisevia app is in use.

  • If this setting is required for certain services, we will explicitly ask for your consent before activation.

  While Using the App

  • The app can access your location data whenever it is in use, whether in the foreground or background.

  Precise Location

  • You can disable the “Precise Location” option for the Lisevia app.

  • The app will remain usable, but some features may be limited.

  Never

  • Location services for the Lisevia app are completely disabled.

  • You can still use the app, but customer destinations must be entered manually.

  You can adjust your location permissions for the Lisevia app at any time in your iOS device settings under Privacy & Security > Location Services.

  We process your location data in accordance with our Privacy Policy.

  How Lisevia and the Lisevia App Use Customer Location Data (iOS)

  When you log in to the Lisevia app, your device will prompt you to allow access to your location data. This includes information collected via nearby Bluetooth and Wi-Fi signals.

  By default, the app recommends enabling location services with the options “While Using the App” and “Precise Location” to provide you with the best possible service.

  We use location data to:

  • find employees and customers near you,

  • track your service and travel history,

  • process and resolve support requests,

  • detect and fix software errors.

  Your Location Options on iOS

  Always

  • Location data may be collected during your working hours while the Lisevia app is in use.

  • If this setting is required for specific services, we will explicitly ask for your consent before activation.

  While Using the App

  • The app can access your location data whenever it is active, whether in the foreground or background.

  Precise Location

  • You can disable the “Precise Location” option for the Lisevia app.

  • The app will remain usable, but certain features may be limited.

  Never

  • Location services for the Lisevia app are fully disabled.

  • You can still use the app, but customer destinations must be entered manually.

  You can adjust your location permissions for the Lisevia app at any time in your iOS device settings under Privacy & Security > Location Services.

  We process your location data in accordance with our Privacy Policy.

• Use of location data in the Lisevia app (Android)

  How Lisevia and Companies Using the Lisevia App Use Employee Location Data (Android)

  When you log in to the Lisevia app, your device will ask you to grant access to your location data. This also includes information collected via nearby Bluetooth and Wi-Fi signals.

  By default, the app recommends enabling location services with the options “While using the app” and “Precise location” to ensure the best possible service.

  We use location data to:

  • Find employees and customers near you,

  • Track your service and travel history,

  • Process and resolve support requests,

  • Detect and fix software errors.

  Your Location Options on Android

  Allow all the time

  • Location data may be collected at any time, even when you are not actively using the Lisevia app.

  • If this setting is required for specific services, we will explicitly request your consent before activation.

  Allow only while using the app

  • Location data may be collected while the app is active in the foreground or background, for example, during working hours while serving customers (e.g., at a gas station or pharmacy).

  • In this mode, you will receive a persistent notification in the Android notification bar whenever location data is being collected in the background.

  Never

  • Location services for the Lisevia app are completely disabled.

  • You can still use the app, but customer destinations must be entered manually.

  • Please note: While you are on the move, location data may still be collected and linked to your account, even if location services are disabled within the app.

  You can manage your location permissions for the Lisevia app at any time in your Android device settings under Privacy & Security > Location.

  We process your location data in accordance with our Privacy Policy.

  How Lisevia and Companies Using the Lisevia App Use Customer Location Data (Android)

  When you log in to the Lisevia app, your device will ask you to grant access to your location data. This also includes information collected via nearby Bluetooth and Wi-Fi signals.

  By default, the app recommends enabling location services with the options “While using the app” and “Precise location” to ensure the best possible service.

  We use location data to:

  • Find team members and customers near you,

  • Track your service and travel history,

  • Process and resolve support requests,

  • Detect and fix software errors.

  Your Location Options on Android

  Allow all the time

  • Location data may be collected at any time, even when you are not actively using the Lisevia app.

  • If this setting is required for specific services, we will explicitly request your consent before activation.

  Allow only while using the app

  • Location data may be collected while the app is active in the foreground or background, for example, while serving customers or performing other tasks (e.g., at a gas station or pharmacy).

  • In this mode, you will receive a persistent notification in the Android notification bar whenever location data is being collected in the background.

  Never

  • Location services for the Lisevia app are completely disabled.

  • You can still use the app, but customer destinations must be entered manually.

  • Please note: While you are on the move, location data may still be collected and linked to your account, even if location services are disabled within the app.

  You can manage your location permissions for the Lisevia app at any time in your Android device settings under Privacy & Security > Location.

  We process your location data in accordance with our Privacy Policy.

• Additional Terms of Use for Lesevia AI

  (EU B2B Edition)

  These Additional Terms of Use for Lesevia AI (“AI Terms”) form an integral part of the Main Agreement for the Use of Lesevia (the “Agreement”) and govern the use of artificial intelligence features within the service.

  Priority Note: In the event of any conflict between these AI Terms and the Main Agreement, these AI Terms shall prevail specifically regarding AI Features.

  ---

  1. Definition of AI Features

  “Lesevia AI” refers to analytical and recommendation-generation features based on machine learning algorithms. These features provide Users with decision-support information for:

  • Structuring management processes.

  • Generating and processing management signals.

  • Prioritizing tasks and events.

  • Allocating responsibilities.

  • Preparing textual and analytical materials.

  Important: AI Features are intended solely as a decision-support tool and do not perform autonomous actions.

  2. Input and Output

  • Input: Data provided by the User for processing.

  • Output: Conclusions or recommendations generated by the system.

  • Ownership: Both Input and Output are considered the User’s data.

  • User Responsibility: The User is solely responsible for the lawfulness of the data provided, compliance with applicable legislation, and the subsequent use of the Output in management activities.

  3. Absence of Autonomous Decisions

  Lesevia AI is not an automated decision-making system. It:

  • Does not make legally binding decisions.

  • Does not conclude contracts or initiate financial transactions.

  • Does not execute HR actions (hiring/firing) without user confirmation. All management actions require explicit confirmation by the User.

  4. Accuracy and Verification

  AI Features are based on probabilistic models. Output may contain inaccuracies or simplifications. The User must independently verify Output before:

  1. Making HR or disciplinary decisions.

  2. Executing financial transactions.

  3. Changing contractual obligations or legal statuses.

  AI Features are provided on an “as is” basis regarding recommendation accuracy.

  5. Data Usage and Third-Party Providers

  • No Automatic Training: Lesevia does not use User data to train its own AI models unless the User has explicitly opted-in via the service settings.

  • Third-Party Models: We may use providers like OpenAI or Anthropic. Data is transferred only to the extent strictly necessary.

  • GDPR Compliance: Third-party providers act as data processors under Lesevia’s instructions and in strict accordance with EU data protection laws.

  6. Use Restrictions

  It is strictly prohibited to use Lesevia AI to:

  • Develop competing machine learning models.

  • Enable fully automated decision-making without human oversight.

  • Create illegal, harmful, or infringing content.

  7. Service Availability

  The operation of AI Features depends on third-party infrastructure. Temporary failures or limitations affecting these providers may impact the availability of Lesevia AI.

  8. Changes to Functionality

  Lesevia reserves the right to modify AI Features. Users will be notified in advance of material changes affecting data processing or the AI model.

  • Termination Right: If changes materially affect the User, the User may terminate the AI-related part of the Agreement within 14 days of notice.

  9. Liability and Limitation (EU B2B)

  • Full Control: The User retains full responsibility for management decisions made based on AI Output.

  • Liability Cap: Lesevia’s liability is limited to the total amount paid by the User for the 12-month period preceding the claim.

  • Exclusions: This limitation does not apply to cases of intent, gross negligence, injury to life/health, or breach of material contractual obligations (Kardinalpflichten).

  ---

  Last updated: February 28, 2026