Privacy Policy

Part I provides you with general information about how we process your personal data when you visit and use our website, as well as information about your rights as a data subject.

Part II explains how we process your data outside of the website context.

Part III informs you of your right to object to the processing of your data.

Part I: General Information on Data Protection

Name and Contact Details of the Controller

levelbuild AG
Petersstraße 15–17
04109 Leipzig, Germany
Email: datenschutz@levelbuild.com
Contact form: Link to form

Contact Details of the Data Protection Officer

Jan Marschner, LL.M.
Attorney | Data Protection Officer
Markt 9
04109 Leipzig, Germany
Email: jm@datenschutzbeauftragter-leipzig.de
Phone: +49 (0) 341 – 2618 9373

Cookie Consent

To renew or modify your cookie consent, please click here.

Website Access and Log Files

Each time you access our website, our system automatically collects data and information from the device accessing the site. The following data is collected:

• Browser type and version

• The user’s operating system

• The user’s internet service provider

• The user’s IP address

• Date and time of access

• Referring websites

• Pages visited on our website

This data is stored in log files by our technical service provider, netcup GmbH, Daimlerstraße 25, 76185 Karlsruhe, Germany. The legal basis for temporary storage is Article 6(1)(f) of the GDPR. Temporary storage of the IP address is necessary to deliver the website to the user’s device. The IP address must be stored for the duration of the session. This also constitutes our legitimate interest in data processing under Article 6(1)(f) GDPR.

The data is stored in log files to ensure the functionality of our website, optimize the website, and guarantee IT security (e.g., detecting attacks). These purposes also represent our legitimate interest in data processing under Article 6(1)(f) GDPR.

The data is deleted once it is no longer required for the purpose of its collection. For data collected to provide the website, this is the case once the session ends. Log files are stored for 7 days.

The collection of data for website provision and storage in log files is essential for operating the website. Therefore, users cannot object to this processing.

Rights of the Data Subject

Under Article 15 GDPR, you have the right to request information about your stored personal data. If inaccurate personal data is being processed, you have the right to correction under Article 16 GDPR.

Where legal requirements are met, you can request deletion or restriction of processing and object to processing (Articles 17, 18, and 21 GDPR). Under Article 20 GDPR, you may request data portability for data processed based on your consent or a contract.

If you believe your data is being processed unlawfully, you have the right to file a complaint with a data protection authority of your choice (Article 77 GDPR in conjunction with §19 BDSG). This includes our competent authority: the Saxon Commissioner for Data Protection and Transparency.

Part II: Data Processing Outside the Website

Communication, Customer Database, and Contract Fulfillment

We process your personal data based on Article 6(1)(b) GDPR. The processing is necessary to fulfill our contracts or pre-contractual obligations with you and to carry out your request, along with all required internal tasks.

The specific purposes of data processing are outlined in the relevant contract documents and terms of service. Additionally, we process personal data provided during contact. This is based on Article 6(1)(f) GDPR—permissible if the processing is required to safeguard our legitimate interests or those of a third party, provided your fundamental rights and freedoms do not override these.

Such legitimate interests include:

• The assertion and defense of legal claims

• Payment processing through third parties

• Ensuring IT security and system operation

• Direct marketing

We also process personal data to comply with legal obligations per Article 6(1)(c) GDPR, such as commercial and tax-related retention duties under § 257 HGB and § 147 AO.

Within our company, only those units that require access to your data to meet contractual or legal obligations will receive it. We may also share your data with processors (Article 28 GDPR), including IT services, logistics, collections, and sales/marketing. In special cases, professionals bound to confidentiality (e.g., tax advisors, lawyers) or public authorities may receive your data.

We process and store personal data for the duration of the business relationship, including contract initiation and handling. We also retain the data as required for warranty and legal retention periods (e.g., § 257 HGB, § 147 AO).

Processing is necessary for communication and contract fulfillment. Without your data, we generally cannot enter into or continue a contract.

Data Protection Information for Applicants

We process data you provide as part of your application to evaluate the potential for an employment relationship. This is based on Article 6(1)(b) GDPR and § 26 BDSG. If you consent to be included in our applicant pool, we process your data based on your consent (Article 6(1)(a) GDPR), which you may withdraw at any time (effective only for the future).

Beyond the application process, we may process your data under Article 6(1)(f) GDPR to protect legitimate interests, such as:

• Legal defense or enforcement

• Fulfilling legal obligations (Article 6(1)(c) GDPR)

Within our company, only those departments that need your data for hiring decisions and legal compliance will have access. External processors (e.g., IT service providers and consultants) may also process data for these purposes.

If no employment relationship is established, your data will be deleted within six months after the application process concludes. If employment is established, your application will become part of your personnel file.

If you consent to remain in our applicant pool, your data will be retained and deleted no later than two years afterward.

Part III: Information About Your Right to Object Under Article 21 GDPR