top of page

DATA SECURITY

​

Data Protection Statement

LTF Partners GmbH – Website: http://www.ltfp.de

​

We, LTF Partners GmbH (hereinafter collectively referred to as "the Company," "we," or "us"), take the protection of your personal data seriously and wish to inform you about data protection within our organisation.

With the entry into force of the EU General Data Protection Regulation (Regulation (EU) 2016/679; hereinafter "GDPR"), additional obligations have been imposed on us as data controllers to ensure the protection of personal data of individuals whose data are processed (hereinafter also referred to as "Client," "User," "You," or "Data Subject").

​

Where we alone or jointly with others determine the purposes and means of processing personal data, this includes the obligation to inform you transparently about the type, scope, purpose, duration, and legal basis of the processing (cf. Articles 13 and 14 GDPR). This statement (hereinafter: "Data Protection Information") informs you how your personal data is processed by us.

Our Data Protection Information is modular in structure. It consists of:

  • a general section for all processing of personal data and situations that occur whenever a website is accessed (Section A: General), and

  • a specific section, which applies only to the processing situation described therein, particularly regarding website visits (Section B: Website Visit).

​

A. General

(1) Definitions

The following definitions, in accordance with Article 4 GDPR, apply to this Data Protection Statement:

  • "Personal data" (Art. 4(1) GDPR) means any information relating to an identified or identifiable natural person ("Data Subject"). A person is identifiable if they can be identified, directly or indirectly, in particular by reference to an identifier such as a name, identification number, online identifier, location data, or by reference to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that person. Identifiability may also be achieved through the combination of such information or additional knowledge. The format, form, or embodiment of the information is irrelevant (photos, video, or audio recordings may also constitute personal data).

  • "Processing" (Art. 4(2) GDPR) means any operation or set of operations performed on personal data, whether or not by automated means, including collecting, recording, organising, structuring, storing, adapting, altering, retrieving, consulting, using, disclosing, disseminating, aligning, combining, restricting, erasing, or destroying personal data, as well as altering the purpose for which the data was originally collected.

  • "Controller" (Art. 4(7) GDPR) refers to the natural or legal person, public authority, agency, or other body which alone or jointly with others determines the purposes and means of the processing of personal data.

  • "Third party" (Art. 4(10) GDPR) is any natural or legal person, public authority, agency, or body other than the Data Subject, Controller, Processor, and persons authorised to process personal data under the direct authority of the Controller or Processor. This includes other affiliated legal entities.

  • "Processor" (Art. 4(8) GDPR) is a natural or legal person, public authority, agency, or other body which processes personal data on behalf of the Controller, particularly according to their instructions (e.g., IT service providers). For the purposes of data protection law, a Processor is not considered a Third Party.

  • "Consent" (Art. 4(11) GDPR) of the Data Subject means any freely given, specific, informed, and unambiguous indication of the Data Subject’s wishes by which they signify agreement to the processing of personal data relating to them, in the form of a statement or a clear affirmative action.

(2) Name and Address of the Controller

The Controller responsible for the processing of your personal data pursuant to Art. 4(7) GDPR is:

LTF Partners GmbH
Represented by: Benedikt von Kontz, Dominik Schütte
Opernplatz 14
60313 Frankfurt am Main, Germany
Telephone: +49 69 153294455
Fax: +49 69 153294410
Email: info@ltfp.de

​

(3) Contact Details of the Data Protection Officer

For all questions regarding data protection, our appointed Data Protection Officer is available at any time:

Dr. Philipp Wehler (External Data Protection Officer, TÜV)
Hoffmann Liebs Partnership of Lawyers mbB
Kaiserswerther Straße 119
40474 Düsseldorf, Germany
Email: datenschutz@ltfp.de

​

(4) Legal Basis for Processing Personal Data

As a rule, processing of personal data is prohibited unless one of the following legal bases applies:

  • Art. 6(1)(a) GDPR ("Consent"): The Data Subject has given consent for one or more specific purposes.

  • Art. 6(1)(b) GDPR: Processing is necessary for the performance of a contract to which the Data Subject is a party or for pre-contractual measures at the Data Subject’s request.

  • Art. 6(1)(c) GDPR: Processing is necessary for compliance with a legal obligation to which the Controller is subject.

  • Art. 6(1)(d) GDPR: Processing is necessary to protect vital interests of the Data Subject or another natural person.

  • Art. 6(1)(e) GDPR: Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority.

  • Art. 6(1)(f) GDPR ("Legitimate Interests"): Processing is necessary for the purposes of the legitimate interests pursued by the Controller or a third party, except where overridden by the interests or fundamental rights and freedoms of the Data Subject.

For each processing operation described below, the applicable legal basis is specified. Processing may also rely on multiple legal bases.

(5) Data Retention and Deletion

We will store personal data only as long as necessary for the purposes outlined. Where no specific retention period is indicated, data will be deleted or blocked as soon as the purpose or legal basis no longer applies. Data is generally stored on servers in Germany, subject to possible transfer under Sections A.(7) and A.(8).

Retention may exceed the specified period in case of (threatened) legal disputes or as required by law (e.g., §257 HGB, §147 AO). Once the statutory retention period expires, data is deleted or blocked unless further storage is legally justified.

​

(6) Data Security

We implement appropriate technical and organisational measures to protect your data against accidental or unlawful manipulation, loss, destruction, or unauthorised access (e.g., TLS encryption for our website), taking into account current technology, implementation costs, the nature, scope, context, purpose of processing, and risk levels. Security measures are continuously updated in line with technological developments.

Further information can be requested from our Data Protection Officer (see A.(3)).

​

(7) Cooperation with Processors

We may engage service providers to facilitate our business operations. They act only under our instructions and are contractually obligated to comply with data protection laws (Art. 28 GDPR).

Transfers of data to subsidiaries or from subsidiaries are also based on existing processing agreements.

​

(8) Transfers to Third Countries

Personal data may be disclosed to third-party entities outside the European Economic Area (EEA) solely to fulfil contractual and business obligations. Adequate safeguards, such as binding corporate rules, Standard Contractual Clauses, or recognised codes of conduct, are applied. For details, please contact our Data Protection Officer.

​

(9) Automated Decision-Making (Including Profiling)

We do not use personal data for automated decision-making processes, including profiling.

​

(10) No Obligation to Provide Personal Data

You are not obliged to provide personal data. However, some services may be limited or unavailable if data is not provided, and you will be informed in such cases.

​

(11) Legal Obligation to Provide Data

We may be required to provide personal data to authorities under applicable law (Art. 6(1)(c) GDPR).

​

(12) Your Rights

You have the following rights under the GDPR:

  • Right of access (Art. 15)

  • Right to rectification (Art. 16)

  • Right to erasure (Art. 17)

  • Right to restriction of processing (Art. 18)

  • Right to data portability (Art. 20)

  • Right to object (Art. 21)

  • Right to withdraw consent (Art. 7(3))

  • Right to lodge a complaint with a supervisory authority (Art. 77), e.g., Hessian Data Protection Officer

(13) Amendments to Data Protection Information

This Data Protection Statement is regularly reviewed and updated to reflect legal and technical changes. Current version: February 2021.

​

B. Website Visit

(1) Purpose

Information about our company and services is available at http://www.ltfp.de

​

(2) Personal Data Collected

  • Log Data: Referrer URL, requested page URL, date/time of visit, browser type/version, IP address (anonymised), transmitted data volume, OS, access status, GMT offset.

  • Contact Form Data: Name, address, company, email, message, timestamp.

  • Newsletter Data: Email, subscription confirmation, IP, timestamp. Web beacons and tracking pixels are used pseudonymously.

    (3) Purpose and Legal Basis

  • Log data: statistical purposes, website improvement (Art. 6(1)(f) GDPR)

  • Contact form: handling enquiries (Art. 6(1)(b)/(f) GDPR)

  • Newsletter: consent via double opt-in (Art. 6(1)(a) GDPR)

    (4) Duration

  • Data is processed only as long as necessary to achieve the purpose. Retention of cookies is described under Section A.(5)

    (5) Disclosure to Third Parties

  • Website/IT service providers

  • Authorities for legal obligations

  • Business partners (auditors, banks, legal advisors)

    (6) Cookies and Plugins

  • Technical: necessary for website function

  • Performance: anonymous usage statistics

  • Advertising/Targeting: requires consent, max. 13 months

  • Sharing: enhances interactivity, max. 13 months

  • No social media plugins are used; any icons are passive links.

  • LinkedIn

© 2025 LTF Partners GmbH, Opernplatz 14, 60313 Frankfurt am Main, Germany

Imprint     Data Security  

bottom of page