LMC-Services
Request
Back to Homepage

Privacy Policy

Last updated: 13. May 2026

Privacy Policy

Date: May 2026

1. Data controller

Data controller:

Ibrahim Awad
LMC Services
Region: Hesse, Germany
Email: privacy@lmc-services.de
Tel: +49 176 61062234

No data protection officer has been appointed (Art. 37(1) GDPR).

2. hosting

This website is hosted on Namecheap Webhosting (USA).

Technical security:

  • HTTPS encryption (TLS 1.3)
  • Cloudflare DDoS protection and CDN
  • Automatic backups

Data processing (DPA): Namecheap has a DPA in accordance with Article 28 of the GDPR. When using US servers, the EU Commission’s Standard Contractual Clauses (SCCs) apply.

3. Contact forms & bookings

When forms are submitted, the following data is processed:

  • Name, email address, telephone number
  • Message/booking details
  • IP address (for spam prevention, stored for 7 days)

Legal basis: Art. 6(1)(f) GDPR (legitimate interest) for booking enquiries; Art. 6(1)(b) GDPR (contract) when placing an order.

Retention period: 30 days after the end of communication or 3 years upon conclusion of the contract (retention under commercial law).

4. Spam protection (Cloudflare Turnstile)

We use Cloudflare Turnstile for spam protection on forms.

  • Processor: Cloudflare, Inc. (USA)
  • Data: Browser information, IP address (anonymised)
  • Legal basis: Art. 6(1)(f) GDPR (legitimate interest)

More: Cloudflare Privacy Policy

5. Email delivery (GoSMTP)

We use GoSMTP with Brevo (formerly Sendinblue) for email dispatch.

  • Processor: Brevo (France/EU)
  • No disclosure to third parties for marketing purposes
  • Legal basis: Art. 6(1)(f) GDPR

6. WhatsApp contact

We offer a WhatsApp contact option (button on the website).

  • Processor: WhatsApp Inc. (Meta Platforms, USA)
  • Data is only transferred to Meta when the service is actively used
  • Legal basis: Art. 6(1)(a) GDPR (consent upon first opening)

More: WhatsApp Privacy Policy

7. Cookies & Tracking

We use Compliance as our Consent Management Platform (CMP).

Cookie categories:

Essential cookies (always active – Art. 6(1)(f) GDPR):

  • WordPress session cookies (PHPSESSID, wordpress_logged_in)
  • CSRF protection
  • Complianz cookie settings (cmplz*)

Functional cookies (with consent – Art. 6(1)(a) GDPR):

  • WhatsApp chat widget
  • TranslatePress language settings (trp_language)

Marketing/analytics cookies (with consent – Art. 6(1)(a) GDPR):

  • Google Analytics 4 (via Google Site Kit)
  • Google Consent Mode v2

Consent: A cookie banner appears on your first visit. You can change your settings at any time via the "Cookie Settings" link.

8. Google Site Kit & Analytics

We use Google Analytics 4 via Google Site Kit.

  • Processor: Google LLC (USA)
  • IP anonymisation: Enabled
  • Consent Mode v2: Enabled (only with consent)
  • Legal basis: Art. 6(1)(a) GDPR (consent)

Data transfer to the USA based on Standard Contractual Clauses (SCC).

9. Consent logging

Consents are logged using Compliance:

  • Timestamp of consent
  • Selected cookie categories
  • Anonymised IP (last octets removed)
  • Retention period: 12 months (duty of proof under the GDPR)

Legal basis: Art. 6(1)(c) GDPR (legal obligation).

10. Data transfer to third countries

Data is transferred to the following countries outside the EU:

  • USA (Google Analytics, Cloudflare, WhatsApp/Meta) – Basis: Standard Contractual Clauses (SCC)

11. Your rights

You have the following rights under the GDPR:

  • Right of access (Art. 15) – What data is being processed?
  • Rectification (Art. 16) – Have incorrect data corrected
  • Erasure (Art. 17) – ‘Right to be forgotten’
  • Restriction (Art. 18) – Pause processing
  • Data portability (Art. 20) – Receive data in a machine-readable format
  • Objection (Art. 21) – Object to processing
  • Withdrawal of consent (Art. 7(3)) – At any time via cookie settings

12. Contact for data protection enquiries

For enquiries regarding your data:

Email:
privacy@lmc-services.de

Response time:
Within 30 days (Art. 12(3) GDPR)

13. Right to lodge a complaint

You have the right to lodge a complaint with a supervisory authority:

Hessian Data Protection Commissioner
PO Box 3163
65021 Wiesbaden
Email: poststelle@datenschutz.hessen.de

or to your local supervisory authority:

List of all data protection supervisory authorities

14. TTDSG compliance

This website complies with the Telecommunications and Telemedia Data Protection Act (TTDSG):

  • No storage of information on the end device without consent (Section 25 TTDSG)
  • Technically necessary exceptions in accordance with Section 25(2)(2) TTDSG
  • Express consent for marketing cookies