Privacy Policy

This privacy policy is governed by German data protection law (DSGVO/GDPR). The German version is the legally binding version.

Last updated: 04.04.2026

1. Controller

The controller within the meaning of the General Data Protection Regulation (DSGVO/GDPR) is:

Jochen Weingarth
Albert-Einstein-Straße 80
68766 Hockenheim
Germany

Phone: 017697650128
E-Mail: info@lfid.net

2. Collection and Processing of Personal Data

2.1 Registration and User Account

When registering, we collect the following data:

  • Username (nickname)
  • E-mail address
  • Password (stored encrypted as a bcrypt hash, not in plain text)
  • Preferred language
  • Selected plan (Digital or Digital + Tag)
  • Subscription status and duration

Legal basis: Art. 6(1)(b) DSGVO/GDPR (performance of a contract) — the data is required to provide the LFID service.

2.2 Payment Data

Subscription payment is made exclusively by bank transfer. When paying, you transmit your bank details to our financial institution at your own responsibility. We only receive the payment reference and the transferred amount.

We store payment transactions (date, amount, payment reference, subscription period) for accounting purposes and to fulfil statutory retention obligations. Legal basis: Art. 6(1)(b) DSGVO/GDPR (performance of a contract) and Art. 6(1)(c) DSGVO/GDPR (legal obligation, in particular § 147 AO).

2.3 LFID Codes

Each registered user is assigned one or more unique 13-digit LFID codes. These codes are stored in our database and are linked to the user account. Legal basis: Art. 6(1)(b) DSGVO/GDPR.

2.4 Found Item Reports

When a finder reports an LFID code via our form, we collect:

  • Finder's name
  • Finder's e-mail address
  • Optional: phone number, location found, date found, message
  • IP address (to protect against misuse and for traceability)
  • Timestamp of the report

This data is forwarded exclusively to the owner of the reported LFID code. Legal basis: Art. 6(1)(f) DSGVO/GDPR (legitimate interest — enabling the return of lost items).

2.5 Contact Form

When using our contact form, your name, e-mail address and message are processed in order to respond to your enquiry. Legal basis: Art. 6(1)(f) DSGVO/GDPR.

2.6 Server Log Files and Security Logs

When you visit our website, the following data is automatically logged: IP address, browser type, operating system, referrer URL, date and time of access. This data is used solely to ensure the operation of the service and is deleted after a maximum of 7 days.

To protect against automated attacks and misuse, we also store IP addresses as part of rate limiting for repeated requests to sensitive functions (e.g. login, registration, contact form). This data is automatically deleted after a short time (maximum 24 hours). Legal basis: Art. 6(1)(f) DSGVO/GDPR (legitimate interest in the security of the service).

3. Cookies

We use the following cookies:

  • Session cookie: Stores your session data during your visit (deleted when the browser is closed). Technically necessary.
  • Remember-me cookie: If you select "Stay logged in", an encrypted cookie is set for up to 30 days. Technically necessary for the requested function.
  • Language preference cookie: Stores your preferred language. Technically necessary.
  • Consent cookie (CookieFirst): Stores your cookie consent. Set by our consent manager CookieFirst (Digital Data Solutions B.V., Netherlands). Technically necessary for managing your consent. Further information: CookieFirst Privacy Policy.

No tracking, analytics or marketing cookies are set. Technically necessary cookies do not require consent (§ 25 Para. 2 TTDSG).

4. Disclosure of Data to Third Parties / External Services

Your personal data will only be disclosed to third parties in the following cases:

  • to the extent necessary to provide the service (e.g. forwarding found item reports to the LFID owner),
  • where we are legally required to do so.

The following external services are integrated on our website and automatically establish connections to their servers when the page is accessed:

  • Bootstrap / jsDelivr CDN (Prospect One, Krolewska 65A, 30-081 Krakow, Poland): CSS and JavaScript libraries are loaded from jsDelivr. Your IP address is transmitted in this process. Further information: jsDelivr Privacy Policy.
  • CookieFirst (Digital Data Solutions B.V., Plantage Middenlaan 42a, 1018 DH Amsterdam, Netherlands): Consent management platform. Processes your consent decision. Further information: CookieFirst Privacy Policy.

Legal basis for the integration of external services: Art. 6(1)(f) DSGVO/GDPR (legitimate interest in the technical provision of the website).

5. Retention Periods

  • User data: Stored for the duration of the contractual relationship and deleted within 30 days of termination, unless statutory retention obligations apply.
  • Payment data: Retained for 10 years in accordance with statutory retention obligations (§ 147 Para. 3 AO, § 257 HGB).
  • Found item reports: Automatically deleted after 2 years.
  • Activation tokens: Automatically invalidated after expiry (48 hours) and removed from the database.
  • Rate limiting logs: Automatically deleted after a maximum of 24 hours.
  • Server log files: Deleted after a maximum of 7 days.

6. Your Rights

You have the following rights with respect to your personal data:

  • Right of access (Art. 15 DSGVO/GDPR): You may request information about the data we process.
  • Right to rectification (Art. 16 DSGVO/GDPR): You may request the correction of inaccurate data.
  • Right to erasure (Art. 17 DSGVO/GDPR): You may request the deletion of your data, provided no statutory retention obligations apply.
  • Right to restriction of processing (Art. 18 DSGVO/GDPR)
  • Right to data portability (Art. 20 DSGVO/GDPR)
  • Right to object (Art. 21 DSGVO/GDPR): You have the right to object at any time, on grounds relating to your particular situation, to the processing of your personal data which is based on Art. 6(1)(f) DSGVO/GDPR (legitimate interest). We will then no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms, or the processing serves the establishment, exercise or defence of legal claims.

To exercise your rights, please contact: info@lfid.net

7. Right to Lodge a Complaint with a Supervisory Authority

You have the right to lodge a complaint with a data protection supervisory authority regarding our processing of your personal data. The competent supervisory authority for Baden-Württemberg is:

Landesbeauftragte für den Datenschutz und die Informationsfreiheit Baden-Württemberg
(State Commissioner for Data Protection and Freedom of Information Baden-Württemberg)
Postfach 10 29 32, 70025 Stuttgart, Germany
www.baden-wuerttemberg.datenschutz.de

8. Data Security

All data transmissions are encrypted (SSL/TLS). Passwords are stored exclusively as bcrypt hashes. We implement technical and organisational measures in accordance with Art. 32 DSGVO/GDPR to protect your data against unauthorised access, loss or manipulation.