1. General
This data protection declaration provides information on how, to what extent and for what purposes personal data of visitors (hereinafter "you" or "user") to the website are processed. The company named in section 3 (hereinafter "we") is a service provider within the meaning of the German Telemedia Act (TMG) and the responsible party within the meaning of data protection law. Data processing based on the use of this website is carried out on the basis of the General Data Protection Regulation (DSGVO), the Federal Data Protection Act (BDSG) and the TMG. Depending on the individual case, other legal bases may also apply.
2 Definitions
a) "Personal data
Personal data is any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
(b) 'processing' means
Processing means any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organisation, filing, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
3. name and contact details of the data controller
This privacy statement provides information about the processing of personal data on the law firm website of
Dr. Dodos & Vartian
- Rechtsanwälte, Steuerberater -
Theodor-Heuss-Ring 52
Telephone: (0221) 16863001
Fax: (0221) 16863002
E-mail: office(at)dv-steuer.de
4 Name and contact details of the company data protection officer
The company data protection officer can be contacted as follows:
Madlen Vartian
Dr. Dodos & Vartian
- Rechtsanwälte, Steuerberater -
Theodor-Heuss-Ring 52
Telephone: (0221) 16863001
Fax: (0221) 16863002
E-mail: datenschutz@dv-steuer.de
5. collection and storage of personal data as well as scope and purpose of processing
a) Data storage when calling up the website
When you visit our website https://www..de, the browser used on your terminal device automatically sends information to our website server. This information is temporarily stored by us in a so-called log file and automatically anonymised or deleted 7 days after the end of your visit to our website. The following information is collected without your intervention and stored until automated deletion:
IP address of the requesting computer,
Date and time of access,
name and URL of the file accessed,
website from which the access was made (referrer URL),
the browser used,
if applicable, the operating system of your computer,
name of the access provider you use,
status and amount of data transferred during your visit to our website.
We process the aforementioned data
to ensure a smooth connection of the website, to ensure a comfortable use of our website, to evaluate the system security and stability as well as to facilitate and improve the administration of the website. The legal basis for data processing in accordance with this privacy policy is Article 6 (1) f) DSGVO. Our legitimate interest follows from the data collection purposes listed above. The processing is expressly not carried out for the purpose of gaining knowledge about the person of the visitor to the website. When visiting our website, we use cookies and analysis services. Further explanations on the use of cookies and analysis services can be found in sections 7 and 10 of this data protection declaration.
b) Data storage when registering for our newsletter
By registering for the newsletter, the visitor expressly agrees to the processing of the personal data transmitted. There is a reference to this data protection declaration. The legal basis for the processing of the visitor's personal data for the purpose of sending newsletters is consent pursuant to Art. 6 (1) a) DSGVO. We use your e-mail address to send you our newsletter on a regular basis.
To receive the newsletter, it is sufficient to provide an e-mail address (mandatory field). The user's e-mail address will be stored as long as the subscription to the newsletter is active. Unsubscribing is possible at any time. Unsubscribing can be done via a link at the end of each newsletter or at any time by sending an e-mail to VAT-Redaktion@.de.
c) Data storage when using our contact form
(call-back service)
If you have any questions, you can contact us via a form provided on the website. It is necessary to provide a valid e-mail address so that we know who the enquiry is from and so that we can answer it. Further information can be provided voluntarily. By sending the message via the contact form, the visitor consents to the processing of the personal data transmitted. A reference to this data protection declaration is made. The data is processed exclusively for the purpose of handling and answering enquiries via the contact form. This is done on the basis of the voluntarily given consent in accordance with Art. 6 Para. 1 a) of the DSGVO. The personal data collected for the use of the contact form are automatically deleted as soon as the enquiry has been dealt with and there are no reasons for further storage (e.g. subsequent commissioning of our law firm). The user has the possibility to revoke his consent to the processing of personal data at any time.
d) Data storage in the course of sending an e-mail
The legal basis for the processing of data transmitted in the course of sending an e-mail is Art. 6 (1) f) DSGVO. The personal data sent by e-mail will be deleted when the respective conversation with the user has ended. The conversation is deemed to have ended when it is clear from the circumstances that the matter in question has been conclusively clarified. If the user contacts us by e-mail, he or she can object to the storage of his or her personal data at any time. In such a case, the conversation cannot be continued. All personal data stored in the course of contacting us will be deleted in this case.
e) Data storage in the course of an enquiry by telephone or fax
If you contact us by telephone or fax, your enquiry including all personal data resulting from it (name, enquiry) will be stored and processed by us for the purpose of processing your request. We do not pass on this data without your consent. The processing of this data is based on Art. 6 (1) lit. b DSGVO if your request is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the enquiries addressed to us (Art. 6 (1) (f) DSGVO) or on your consent (Art. 6 (1) (a) DSGVO) if this has been requested.
The data you send to us via contact requests will remain with us until you request us to delete it, revoke your consent to store it or the purpose for storing the data no longer applies (e.g. after we have completed processing your request). Mandatory statutory provisions - in particular statutory retention periods - remain unaffected.
6. disclosure of data
We only pass on your personal data if
you have given your express consent to this in accordance with Article 6 (1) sentence 1 letter a DSGVO,
the disclosure according to article 6 paragraph 1 page 1 letter f DSGVO
o for the assertion,
o to exercise or
o for the defence
legal claims and there is no reason to assume that you have an overriding interest worthy of protection in the non-disclosure of your data, there is a legal obligation for the disclosure pursuant to Article 6 paragraph 1 sentence 1 letter c DSGVO, this is necessary pursuant to Article 6 paragraph 1 sentence 1 letter b DSGVO for the processing of contractual relationships with you.
Note on data transfer to the USA and other third countries:
Among other things, we use tools from companies based in the USA or other third countries that are not secure under data protection law. If these tools are active, your personal data may be transferred to these third countries and processed there. We would like to point out that no level of data protection comparable to that in the EU can be guaranteed in these countries. For example, US companies are obliged to hand over personal data to security authorities without you as a data subject being able to take legal action against this. It can therefore not be ruled out that US authorities (e.g. intelligence services) process, evaluate and permanently store your data located on US servers for monitoring purposes. We have no influence on these processing activities.
7. cookies
So-called cookies are used on the website. These are data packets that are exchanged between the server of the law firm's website and the visitor's browser. These are stored by the respective devices used (PC, notebook, tablet, smartphone, etc.) when visiting the website. In this respect, cookies cannot cause any damage to the devices used. In particular, they do not contain viruses or other malware. In the cookies, information is stored that arises in connection with the specific end device used. We can therefore in no way gain direct knowledge of the identity of the visitor to the website. Cookies are mostly accepted according to the basic settings of the browsers. The browser settings can be configured in such a way that cookies are either not accepted on the devices used or that a special notice is given before a new cookie is created. However, it should be noted that deactivating cookies may mean that not all functions of the website can be used in the best possible way. The use of cookies serves to make the use of our website more comfortable and secure. For example, our own session cookies can be used to track whether the visitor has already visited individual pages of the website. After leaving the website, these session cookies are automatically deleted.
In order to improve user-friendliness, our own temporary cookies may be used. They are stored on the visitor's device for a temporary period of max. 3 days. When the website is visited again within this period, it is automatically recognised that the visitor has already called up the page at an earlier time and which entries and settings were made at that time so that they do not have to be repeated.
Cookies are also used to analyse website visits for statistical purposes and for the purpose of improving the website. These cookies make it possible to automatically recognise on a new visit that the website has already been called up by the visitor before. In this case, the cookies are automatically deleted after a specified period of time. The data processed by cookies are justified for the above-mentioned purposes in order to protect the legitimate interests of the law firm pursuant to Article 6(1) sentence 1 letter f DSGVO.
8. your rights as a data subject
Insofar as your personal data is processed on the occasion of your visit to our website, you are entitled to the following rights as a "data subject" within the meaning of the GDPR:
8.1 Information You can request information from us as to whether personal data of yours is being processed by us. There is no right to information if the provision of the requested information would violate the duty of confidentiality pursuant to § 57 (1) and § 62 StBerG, § 43a BRAO and § 43 (1) sentence 1 and § 50 WPO or if the information must be kept secret for other reasons, in particular due to an overriding legitimate interest of a third party. Notwithstanding the above, there may be an obligation to provide the information if your interests outweigh the interest in secrecy, in particular taking into account imminent damage. The right to information is also excluded if the data is only stored because it may not be deleted due to legal or statutory retention periods or exclusively serves the purposes of data security or data protection control, provided that the provision of information would require a disproportionately high effort and the processing for other purposes is excluded by appropriate technical and organisational measures. Provided that the right to information is not excluded in your case and your personal data is processed by us, you can request information from us about the following:
The purposes of the processing, categories of personal data processed by you, recipients or categories of recipients to whom your personal data are disclosed, in particular in the case of recipients in third countries, if possible the planned duration for which your personal data will be stored or, if this is not possible, the criteria for determining the storage period, the existence of a right to rectify or erase or restrict the processing of personal data concerning you or a right to object to such processing, the existence of a right to lodge a complaint with a data protection supervisory authority, if the personal data have not been collected from you as the data subject, the information available on the origin of the data, if applicable. The existence of automated decision-making including profiling and meaningful information about the logic involved as well as the scope and intended effects of automated decision-making, if applicable in the case of transfer to recipients in third countries, if there is no decision by the EU Commission on the adequacy of the level of protection pursuant to Article 45 (3) of the GDPR, information about which appropriate safeguards are provided pursuant to Article 46 (2) of the GDPR for the protection of the personal data.
8.2 Correction and completion
If you discover that we have inaccurate personal data about you, you may request that we correct this inaccurate data without delay. If your personal data is incomplete, you may request that it be completed.
8.3 Deletion
You have a right to erasure ("right to be forgotten"), unless the processing is necessary for the exercise of the right to freedom of expression, the right to information or for compliance with a legal obligation or for the performance of a task carried out in the public interest and one of the following reasons applies:
The personal data are no longer necessary for the purposes for which they were processed,
The justification for the processing was solely your consent, which you have withdrawn,
You have objected to the processing of your personal data which we have made public,
You have objected to the processing of personal data which we have not made public and there are no overriding legitimate grounds for the processing,
Your personal data has been processed unlawfully,
The erasure of the personal data is necessary for compliance with a legal obligation to which we are subject.
There is no entitlement to erasure if, in the case of lawful non-automated data processing, erasure is not possible or only possible with disproportionate effort due to the special nature of the storage and your interest in erasure is low. In this case, the restriction of processing shall take the place of deletion.
8.4 Restriction of processing
You may request us to restrict processing if one of the following reasons applies:
You dispute the accuracy of the personal data. In this case, the restriction may be requested for the period of time that enables us to verify the accuracy of the data,
the processing is unlawful and you request the restriction of the use of your personal data instead of deletion,
your personal data is no longer required by us for the purposes of processing but you need it for the assertion, exercise or defence of legal claims,
you have lodged an objection pursuant to Art. 21 (1) DSGVO. Restriction of processing can be requested as long as it is not yet clear whether our legitimate reasons outweigh your reasons.
Restriction of processing means that the personal data will only be processed with your consent or for the assertion, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest. Before we lift the restriction, we have a duty to inform you.
8.5 Data portability
You have a right to data portability if the processing is based on your consent (Art. 6(1)(1)(a) or Art. 9(2)(a) DSGVO) or on a contract to which you are a party and the processing is carried out with the help of automated procedures. The right to data portability in this case includes the following rights, provided that this does not affect the rights and freedoms of other persons:
You may request us to provide you with the personal data you have provided to us in a structured, commonly used and machine-readable format. You have the right to transfer this data to another controller without hindrance on our part. Where technically feasible, you may request that we transfer your personal data directly to another controller.
8.6 Objection
Insofar as the processing is based on Art. 6 (1) sentence 1 letter e DSGVO (performance of a task in the public interest or in the exercise of official authority) or on Art. 6 (1) sentence 1 letter f DSGVO (legitimate interest of the controller or a third party), you have the right to object to the processing of personal data relating to you at any time for reasons arising from your particular situation. This also applies to profiling based on Art. 6 (1) sentence 1 e) or f) DSGVO. After exercising the right to object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
You may object at any time to the processing of personal data concerning you for direct marketing purposes. This also applies to profiling related to such direct marketing. After exercising this right of objection, we will no longer use the personal data concerned for direct marketing purposes.
You have the option of informally notifying our office of your objection by telephone, by e-mail, if applicable by fax or to our postal address listed at the beginning of this privacy policy.
8.7 Revocation of consent
You have the right to revoke your consent at any time with effect for the future. The revocation of consent can be communicated informally by telephone, by e-mail, if necessary by fax or to our postal address. The revocation does not affect the lawfulness of the data processing that was carried out on the basis of the consent until receipt of the revocation. After receipt of the revocation, the data processing, which was based exclusively on your consent, will be discontinued.
8.8 Complaint
If you believe that the processing of personal data concerning you is unlawful, you may lodge a complaint with a data protection supervisory authority competent for the place where you reside or work or for the place of the alleged infringement.
9. data protection during applications and the application procedure
The controller collects and processes the personal data of applicants for the purpose of handling the application procedure. The processing may also take place electronically. This is in particular the case if an applicant submits relevant application documents to the controller by electronic means, for example by e-mail or via a web form located on the website. If the controller concludes an employment contract with an applicant, the transmitted data will be stored for the purpose of processing the employment relationship in compliance with the statutory provisions. If the controller does not conclude an employment contract with the applicant, the application documents are automatically deleted 2 months after notification of the decision, provided that no other legitimate interests of the controller prevent deletion. Other legitimate interest in this sense is, for example, a duty to provide evidence in proceedings under the General Equal Treatment Act (AGG).
10. analysis tools
Tracking tools
We strive to ensure that our website is designed to meet the needs of our customers and that it is optimised on an ongoing basis. On the basis of Article 6 (1) sentence 1 letter f DSGVO, we therefore use the tracking measures listed below. We also use the tracking measures to statistically record the use of our website and to evaluate it for the purpose of optimising our offer for you. These interests are to be regarded as legitimate within the meaning of the aforementioned provision. The respective data processing purposes and data categories can be found in the corresponding tracking tools.
11. plug-ins
We use social plug-ins of the social network LinkedIn on our website on the basis of Art. 6 para. 1 p. 1 f) DSGVO. This serves to make our law firm better known and the underlying promotional purpose is to be regarded as a legitimate interest within the meaning of the DSGVO. The responsibility for data protection-compliant operation is to be ensured by their respective providers. We integrate these plug-ins using the so-called "two-click method" in order to protect visitors to our website as best as possible.
Google Maps
This website uses Google Maps to display a map of the site. Google Maps is operated by Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. By using this website, you consent to the collection, processing and use of automatically collected data and data provided by you by Google, one of its representatives, or third parties. The use of Google Maps is in the interest of an appealing presentation of our online offers and an easy location of the places indicated by us on the website. This constitutes a legitimate interest within the meaning of Art. 6 (1) f) DSGVO. Data transfer to the USA is based on the standard contractual clauses of the EU Commission.Details can be found here:https://privacy.google.com/businesses/gdprcontrollerterms/ and https://privacy.google.com/businesses/gdprcontrollerterms/sccs/.
More information on the handling of user data can be found in Google's privacy policy:https://policies.google.com/privacy?hl=de.
12. use of web fonts
External fonts from Google Fonts may be used on our website. Google Fonts is a service of Google Inc. ("Google"). These fonts are integrated by means of a server call, usually a Google server. This transmits to the server which of our Internet pages you have visited. The IP address of the browser of the end device of the visitor to these Internet pages is also stored by Google.
Google Web Fonts are used in the interest of a uniform and appealing presentation of our online offers. This constitutes a legitimate interest within the meaning of Art. 6 (1) f) DSGVO.
If your browser does not support web fonts, a standard font from your computer will be used.
You can find more information on Google Web Fonts at https://developers.google.com/fonts/faq and in Google's privacy policy: https://policies.google.com/privacy?hl=de&gl=de.
13. audio and video conferencing
Data processing
One of the tools we use to communicate with our clients is online conferencing. The specific tools we use are listed below. If you communicate with us by video or audio conference via the internet, your personal data will be collected and processed by us and the provider of the respective conference tool. The conferencing tools collect all data that you provide/enter to use the tools (e-mail address and/or your telephone number). Furthermore, the conference tools process the duration of the conference, start and end (time) of participation in the conference, number of participants and other "contextual information" in connection with the communication process (metadata).
Furthermore, the provider of the tool processes all technical data required to handle the online communication. This includes in particular IP addresses, MAC addresses, device IDs, device type, operating system type and version, client version, camera type, microphone or loudspeaker as well as the type of connection. If content is exchanged, uploaded or otherwise made available within the tool, this is also stored on the servers of the tool providers. Such content includes, but is not limited to, cloud recordings, chat/instant messages, voicemails uploaded photos and videos, files, whiteboards and other information shared while using the service. Please note that we do not have full control over the data processing operations of the tools used. Our options are largely determined by the company policy of the respective provider. For further information on data processing by the conference tools, please refer to the data protection statements of the respective tools used, which we have listed below this text.
Purpose and legal basis
The conference tools are used to communicate with prospective or existing contractual partners or to offer certain services to our customers (Art. 6 para. 1 lit. b DSGVO). Furthermore, the use of the tools serves the general simplification and acceleration of communication with us or our company (legitimate interest within the meaning of Art. 6 para. 1 lit. f DSGVO). If consent has been requested, the tools in question are used on the basis of this consent; consent can be revoked at any time with effect for the future.
Storage period
The data collected directly by us via the video and conference tools will be deleted from our systems as soon as you request us to delete it, revoke your consent to store it or the purpose for storing the data no longer applies. Stored cookies remain on your terminal device until you delete them. Mandatory legal retention periods remain unaffected. We have no influence on the storage period of your data, which is stored by the operators of the conference tools for their own purposes. For details, please contact the operators of the conference tools directly.
Conference tools used We use the following conference tools: Google Meet
We use Google Meet. The provider is Google, USA. For details on data processing, please refer to Google's privacy policy:
https://policies.google.com/privacy?hl=de.
Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here:https://logmeincdn.azureedge.net/legal/lmi-customer-dpa-2020v1-de.pdf.
Order processing
We have concluded a contract on order processing (AVV) with the provider named above. This is a contract required by data protection law, which ensures that this provider only processes the personal data of our website visitors in accordance with our instructions and in compliance with the DSGVO.
14. hosting
We host our website with Strato AG. The provider is Otto-Ostrowski-Straße 7,10249 Berlin(hereinafter: Strato). When you visit our website, Strato collects various log files including your IP addresses. Details can be found in Strato's data protection declaration: https://www.strato.de/datenschutz/.
The use of Strato is based on Art. 6 para. 1 lit. f DSGVO. We have a legitimate interest in ensuring that our website is presented as reliably as possible. Insofar as a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a DSGVO; the consent can be revoked at any time.
Order processing
We have concluded an order processing agreement (AVV) with the above-mentioned provider. This is a contract required by data protection law, which ensures that the provider only processes the personal data of our website visitors in accordance with our instructions and in compliance with the DSGVO.
15 Data security
We would like to point out that the transfer of data via the Internet is not completely secure. We therefore cannot guarantee absolute security for the transmission of information to us via the Internet.
If possible, we use the widespread TLS (Transport Layer Security) procedure in connection with the highest encryption level supported by your browser when visiting our website. As a rule, this is 256-bit encryption. If your browser does not support 256-bit encryption, we use 128-bit technology instead. You can see whether an individual page of our website is transmitted in encrypted form by the closed display of the key or lock symbol in the lower status bar of your browser.
We use appropriate technical and organisational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorised access by third parties, insofar as this is within our power. Our security measures are continuously improved in line with technological developments.
16. up-to-dateness and amendment of this data protection declaration
We continuously develop our website and the services we offer. In particular, when new technologies are implemented and used, it may become necessary to amend this data protection declaration. The same applies in the event of legal changes or official requirements. We therefore recommend that you read this data protection declaration carefully not only now, but also from time to time.
This data protection declaration is valid as of January 2021.
This data protection declaration provides information on how, to what extent and for what purposes personal data of visitors (hereinafter "you" or "user") to the website are processed. The company named in section 3 (hereinafter "we") is a service provider within the meaning of the German Telemedia Act (TMG) and the responsible party within the meaning of data protection law. Data processing based on the use of this website is carried out on the basis of the General Data Protection Regulation (DSGVO), the Federal Data Protection Act (BDSG) and the TMG. Depending on the individual case, other legal bases may also apply.
2 Definitions
a) "Personal data
Personal data is any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
(b) 'processing' means
Processing means any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organisation, filing, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
3. name and contact details of the data controller
This privacy statement provides information about the processing of personal data on the law firm website of
Dr. Dodos & Vartian
- Rechtsanwälte, Steuerberater -
Theodor-Heuss-Ring 52
Telephone: (0221) 16863001
Fax: (0221) 16863002
E-mail: office(at)dv-steuer.de
4 Name and contact details of the company data protection officer
The company data protection officer can be contacted as follows:
Madlen Vartian
Dr. Dodos & Vartian
- Rechtsanwälte, Steuerberater -
Theodor-Heuss-Ring 52
Telephone: (0221) 16863001
Fax: (0221) 16863002
E-mail: datenschutz@dv-steuer.de
5. collection and storage of personal data as well as scope and purpose of processing
a) Data storage when calling up the website
When you visit our website https://www..de, the browser used on your terminal device automatically sends information to our website server. This information is temporarily stored by us in a so-called log file and automatically anonymised or deleted 7 days after the end of your visit to our website. The following information is collected without your intervention and stored until automated deletion:
IP address of the requesting computer,
Date and time of access,
name and URL of the file accessed,
website from which the access was made (referrer URL),
the browser used,
if applicable, the operating system of your computer,
name of the access provider you use,
status and amount of data transferred during your visit to our website.
We process the aforementioned data
to ensure a smooth connection of the website, to ensure a comfortable use of our website, to evaluate the system security and stability as well as to facilitate and improve the administration of the website. The legal basis for data processing in accordance with this privacy policy is Article 6 (1) f) DSGVO. Our legitimate interest follows from the data collection purposes listed above. The processing is expressly not carried out for the purpose of gaining knowledge about the person of the visitor to the website. When visiting our website, we use cookies and analysis services. Further explanations on the use of cookies and analysis services can be found in sections 7 and 10 of this data protection declaration.
b) Data storage when registering for our newsletter
By registering for the newsletter, the visitor expressly agrees to the processing of the personal data transmitted. There is a reference to this data protection declaration. The legal basis for the processing of the visitor's personal data for the purpose of sending newsletters is consent pursuant to Art. 6 (1) a) DSGVO. We use your e-mail address to send you our newsletter on a regular basis.
To receive the newsletter, it is sufficient to provide an e-mail address (mandatory field). The user's e-mail address will be stored as long as the subscription to the newsletter is active. Unsubscribing is possible at any time. Unsubscribing can be done via a link at the end of each newsletter or at any time by sending an e-mail to VAT-Redaktion@.de.
c) Data storage when using our contact form
(call-back service)
If you have any questions, you can contact us via a form provided on the website. It is necessary to provide a valid e-mail address so that we know who the enquiry is from and so that we can answer it. Further information can be provided voluntarily. By sending the message via the contact form, the visitor consents to the processing of the personal data transmitted. A reference to this data protection declaration is made. The data is processed exclusively for the purpose of handling and answering enquiries via the contact form. This is done on the basis of the voluntarily given consent in accordance with Art. 6 Para. 1 a) of the DSGVO. The personal data collected for the use of the contact form are automatically deleted as soon as the enquiry has been dealt with and there are no reasons for further storage (e.g. subsequent commissioning of our law firm). The user has the possibility to revoke his consent to the processing of personal data at any time.
d) Data storage in the course of sending an e-mail
The legal basis for the processing of data transmitted in the course of sending an e-mail is Art. 6 (1) f) DSGVO. The personal data sent by e-mail will be deleted when the respective conversation with the user has ended. The conversation is deemed to have ended when it is clear from the circumstances that the matter in question has been conclusively clarified. If the user contacts us by e-mail, he or she can object to the storage of his or her personal data at any time. In such a case, the conversation cannot be continued. All personal data stored in the course of contacting us will be deleted in this case.
e) Data storage in the course of an enquiry by telephone or fax
If you contact us by telephone or fax, your enquiry including all personal data resulting from it (name, enquiry) will be stored and processed by us for the purpose of processing your request. We do not pass on this data without your consent. The processing of this data is based on Art. 6 (1) lit. b DSGVO if your request is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the enquiries addressed to us (Art. 6 (1) (f) DSGVO) or on your consent (Art. 6 (1) (a) DSGVO) if this has been requested.
The data you send to us via contact requests will remain with us until you request us to delete it, revoke your consent to store it or the purpose for storing the data no longer applies (e.g. after we have completed processing your request). Mandatory statutory provisions - in particular statutory retention periods - remain unaffected.
6. disclosure of data
We only pass on your personal data if
you have given your express consent to this in accordance with Article 6 (1) sentence 1 letter a DSGVO,
the disclosure according to article 6 paragraph 1 page 1 letter f DSGVO
o for the assertion,
o to exercise or
o for the defence
legal claims and there is no reason to assume that you have an overriding interest worthy of protection in the non-disclosure of your data, there is a legal obligation for the disclosure pursuant to Article 6 paragraph 1 sentence 1 letter c DSGVO, this is necessary pursuant to Article 6 paragraph 1 sentence 1 letter b DSGVO for the processing of contractual relationships with you.
Note on data transfer to the USA and other third countries:
Among other things, we use tools from companies based in the USA or other third countries that are not secure under data protection law. If these tools are active, your personal data may be transferred to these third countries and processed there. We would like to point out that no level of data protection comparable to that in the EU can be guaranteed in these countries. For example, US companies are obliged to hand over personal data to security authorities without you as a data subject being able to take legal action against this. It can therefore not be ruled out that US authorities (e.g. intelligence services) process, evaluate and permanently store your data located on US servers for monitoring purposes. We have no influence on these processing activities.
7. cookies
So-called cookies are used on the website. These are data packets that are exchanged between the server of the law firm's website and the visitor's browser. These are stored by the respective devices used (PC, notebook, tablet, smartphone, etc.) when visiting the website. In this respect, cookies cannot cause any damage to the devices used. In particular, they do not contain viruses or other malware. In the cookies, information is stored that arises in connection with the specific end device used. We can therefore in no way gain direct knowledge of the identity of the visitor to the website. Cookies are mostly accepted according to the basic settings of the browsers. The browser settings can be configured in such a way that cookies are either not accepted on the devices used or that a special notice is given before a new cookie is created. However, it should be noted that deactivating cookies may mean that not all functions of the website can be used in the best possible way. The use of cookies serves to make the use of our website more comfortable and secure. For example, our own session cookies can be used to track whether the visitor has already visited individual pages of the website. After leaving the website, these session cookies are automatically deleted.
In order to improve user-friendliness, our own temporary cookies may be used. They are stored on the visitor's device for a temporary period of max. 3 days. When the website is visited again within this period, it is automatically recognised that the visitor has already called up the page at an earlier time and which entries and settings were made at that time so that they do not have to be repeated.
Cookies are also used to analyse website visits for statistical purposes and for the purpose of improving the website. These cookies make it possible to automatically recognise on a new visit that the website has already been called up by the visitor before. In this case, the cookies are automatically deleted after a specified period of time. The data processed by cookies are justified for the above-mentioned purposes in order to protect the legitimate interests of the law firm pursuant to Article 6(1) sentence 1 letter f DSGVO.
8. your rights as a data subject
Insofar as your personal data is processed on the occasion of your visit to our website, you are entitled to the following rights as a "data subject" within the meaning of the GDPR:
8.1 Information You can request information from us as to whether personal data of yours is being processed by us. There is no right to information if the provision of the requested information would violate the duty of confidentiality pursuant to § 57 (1) and § 62 StBerG, § 43a BRAO and § 43 (1) sentence 1 and § 50 WPO or if the information must be kept secret for other reasons, in particular due to an overriding legitimate interest of a third party. Notwithstanding the above, there may be an obligation to provide the information if your interests outweigh the interest in secrecy, in particular taking into account imminent damage. The right to information is also excluded if the data is only stored because it may not be deleted due to legal or statutory retention periods or exclusively serves the purposes of data security or data protection control, provided that the provision of information would require a disproportionately high effort and the processing for other purposes is excluded by appropriate technical and organisational measures. Provided that the right to information is not excluded in your case and your personal data is processed by us, you can request information from us about the following:
The purposes of the processing, categories of personal data processed by you, recipients or categories of recipients to whom your personal data are disclosed, in particular in the case of recipients in third countries, if possible the planned duration for which your personal data will be stored or, if this is not possible, the criteria for determining the storage period, the existence of a right to rectify or erase or restrict the processing of personal data concerning you or a right to object to such processing, the existence of a right to lodge a complaint with a data protection supervisory authority, if the personal data have not been collected from you as the data subject, the information available on the origin of the data, if applicable. The existence of automated decision-making including profiling and meaningful information about the logic involved as well as the scope and intended effects of automated decision-making, if applicable in the case of transfer to recipients in third countries, if there is no decision by the EU Commission on the adequacy of the level of protection pursuant to Article 45 (3) of the GDPR, information about which appropriate safeguards are provided pursuant to Article 46 (2) of the GDPR for the protection of the personal data.
8.2 Correction and completion
If you discover that we have inaccurate personal data about you, you may request that we correct this inaccurate data without delay. If your personal data is incomplete, you may request that it be completed.
8.3 Deletion
You have a right to erasure ("right to be forgotten"), unless the processing is necessary for the exercise of the right to freedom of expression, the right to information or for compliance with a legal obligation or for the performance of a task carried out in the public interest and one of the following reasons applies:
The personal data are no longer necessary for the purposes for which they were processed,
The justification for the processing was solely your consent, which you have withdrawn,
You have objected to the processing of your personal data which we have made public,
You have objected to the processing of personal data which we have not made public and there are no overriding legitimate grounds for the processing,
Your personal data has been processed unlawfully,
The erasure of the personal data is necessary for compliance with a legal obligation to which we are subject.
There is no entitlement to erasure if, in the case of lawful non-automated data processing, erasure is not possible or only possible with disproportionate effort due to the special nature of the storage and your interest in erasure is low. In this case, the restriction of processing shall take the place of deletion.
8.4 Restriction of processing
You may request us to restrict processing if one of the following reasons applies:
You dispute the accuracy of the personal data. In this case, the restriction may be requested for the period of time that enables us to verify the accuracy of the data,
the processing is unlawful and you request the restriction of the use of your personal data instead of deletion,
your personal data is no longer required by us for the purposes of processing but you need it for the assertion, exercise or defence of legal claims,
you have lodged an objection pursuant to Art. 21 (1) DSGVO. Restriction of processing can be requested as long as it is not yet clear whether our legitimate reasons outweigh your reasons.
Restriction of processing means that the personal data will only be processed with your consent or for the assertion, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest. Before we lift the restriction, we have a duty to inform you.
8.5 Data portability
You have a right to data portability if the processing is based on your consent (Art. 6(1)(1)(a) or Art. 9(2)(a) DSGVO) or on a contract to which you are a party and the processing is carried out with the help of automated procedures. The right to data portability in this case includes the following rights, provided that this does not affect the rights and freedoms of other persons:
You may request us to provide you with the personal data you have provided to us in a structured, commonly used and machine-readable format. You have the right to transfer this data to another controller without hindrance on our part. Where technically feasible, you may request that we transfer your personal data directly to another controller.
8.6 Objection
Insofar as the processing is based on Art. 6 (1) sentence 1 letter e DSGVO (performance of a task in the public interest or in the exercise of official authority) or on Art. 6 (1) sentence 1 letter f DSGVO (legitimate interest of the controller or a third party), you have the right to object to the processing of personal data relating to you at any time for reasons arising from your particular situation. This also applies to profiling based on Art. 6 (1) sentence 1 e) or f) DSGVO. After exercising the right to object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
You may object at any time to the processing of personal data concerning you for direct marketing purposes. This also applies to profiling related to such direct marketing. After exercising this right of objection, we will no longer use the personal data concerned for direct marketing purposes.
You have the option of informally notifying our office of your objection by telephone, by e-mail, if applicable by fax or to our postal address listed at the beginning of this privacy policy.
8.7 Revocation of consent
You have the right to revoke your consent at any time with effect for the future. The revocation of consent can be communicated informally by telephone, by e-mail, if necessary by fax or to our postal address. The revocation does not affect the lawfulness of the data processing that was carried out on the basis of the consent until receipt of the revocation. After receipt of the revocation, the data processing, which was based exclusively on your consent, will be discontinued.
8.8 Complaint
If you believe that the processing of personal data concerning you is unlawful, you may lodge a complaint with a data protection supervisory authority competent for the place where you reside or work or for the place of the alleged infringement.
9. data protection during applications and the application procedure
The controller collects and processes the personal data of applicants for the purpose of handling the application procedure. The processing may also take place electronically. This is in particular the case if an applicant submits relevant application documents to the controller by electronic means, for example by e-mail or via a web form located on the website. If the controller concludes an employment contract with an applicant, the transmitted data will be stored for the purpose of processing the employment relationship in compliance with the statutory provisions. If the controller does not conclude an employment contract with the applicant, the application documents are automatically deleted 2 months after notification of the decision, provided that no other legitimate interests of the controller prevent deletion. Other legitimate interest in this sense is, for example, a duty to provide evidence in proceedings under the General Equal Treatment Act (AGG).
10. analysis tools
Tracking tools
We strive to ensure that our website is designed to meet the needs of our customers and that it is optimised on an ongoing basis. On the basis of Article 6 (1) sentence 1 letter f DSGVO, we therefore use the tracking measures listed below. We also use the tracking measures to statistically record the use of our website and to evaluate it for the purpose of optimising our offer for you. These interests are to be regarded as legitimate within the meaning of the aforementioned provision. The respective data processing purposes and data categories can be found in the corresponding tracking tools.
11. plug-ins
We use social plug-ins of the social network LinkedIn on our website on the basis of Art. 6 para. 1 p. 1 f) DSGVO. This serves to make our law firm better known and the underlying promotional purpose is to be regarded as a legitimate interest within the meaning of the DSGVO. The responsibility for data protection-compliant operation is to be ensured by their respective providers. We integrate these plug-ins using the so-called "two-click method" in order to protect visitors to our website as best as possible.
Google Maps
This website uses Google Maps to display a map of the site. Google Maps is operated by Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. By using this website, you consent to the collection, processing and use of automatically collected data and data provided by you by Google, one of its representatives, or third parties. The use of Google Maps is in the interest of an appealing presentation of our online offers and an easy location of the places indicated by us on the website. This constitutes a legitimate interest within the meaning of Art. 6 (1) f) DSGVO. Data transfer to the USA is based on the standard contractual clauses of the EU Commission.Details can be found here:https://privacy.google.com/businesses/gdprcontrollerterms/ and https://privacy.google.com/businesses/gdprcontrollerterms/sccs/.
More information on the handling of user data can be found in Google's privacy policy:https://policies.google.com/privacy?hl=de.
12. use of web fonts
External fonts from Google Fonts may be used on our website. Google Fonts is a service of Google Inc. ("Google"). These fonts are integrated by means of a server call, usually a Google server. This transmits to the server which of our Internet pages you have visited. The IP address of the browser of the end device of the visitor to these Internet pages is also stored by Google.
Google Web Fonts are used in the interest of a uniform and appealing presentation of our online offers. This constitutes a legitimate interest within the meaning of Art. 6 (1) f) DSGVO.
If your browser does not support web fonts, a standard font from your computer will be used.
You can find more information on Google Web Fonts at https://developers.google.com/fonts/faq and in Google's privacy policy: https://policies.google.com/privacy?hl=de&gl=de.
13. audio and video conferencing
Data processing
One of the tools we use to communicate with our clients is online conferencing. The specific tools we use are listed below. If you communicate with us by video or audio conference via the internet, your personal data will be collected and processed by us and the provider of the respective conference tool. The conferencing tools collect all data that you provide/enter to use the tools (e-mail address and/or your telephone number). Furthermore, the conference tools process the duration of the conference, start and end (time) of participation in the conference, number of participants and other "contextual information" in connection with the communication process (metadata).
Furthermore, the provider of the tool processes all technical data required to handle the online communication. This includes in particular IP addresses, MAC addresses, device IDs, device type, operating system type and version, client version, camera type, microphone or loudspeaker as well as the type of connection. If content is exchanged, uploaded or otherwise made available within the tool, this is also stored on the servers of the tool providers. Such content includes, but is not limited to, cloud recordings, chat/instant messages, voicemails uploaded photos and videos, files, whiteboards and other information shared while using the service. Please note that we do not have full control over the data processing operations of the tools used. Our options are largely determined by the company policy of the respective provider. For further information on data processing by the conference tools, please refer to the data protection statements of the respective tools used, which we have listed below this text.
Purpose and legal basis
The conference tools are used to communicate with prospective or existing contractual partners or to offer certain services to our customers (Art. 6 para. 1 lit. b DSGVO). Furthermore, the use of the tools serves the general simplification and acceleration of communication with us or our company (legitimate interest within the meaning of Art. 6 para. 1 lit. f DSGVO). If consent has been requested, the tools in question are used on the basis of this consent; consent can be revoked at any time with effect for the future.
Storage period
The data collected directly by us via the video and conference tools will be deleted from our systems as soon as you request us to delete it, revoke your consent to store it or the purpose for storing the data no longer applies. Stored cookies remain on your terminal device until you delete them. Mandatory legal retention periods remain unaffected. We have no influence on the storage period of your data, which is stored by the operators of the conference tools for their own purposes. For details, please contact the operators of the conference tools directly.
Conference tools used We use the following conference tools: Google Meet
We use Google Meet. The provider is Google, USA. For details on data processing, please refer to Google's privacy policy:
https://policies.google.com/privacy?hl=de.
Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here:https://logmeincdn.azureedge.net/legal/lmi-customer-dpa-2020v1-de.pdf.
Order processing
We have concluded a contract on order processing (AVV) with the provider named above. This is a contract required by data protection law, which ensures that this provider only processes the personal data of our website visitors in accordance with our instructions and in compliance with the DSGVO.
14. hosting
We host our website with Strato AG. The provider is Otto-Ostrowski-Straße 7,10249 Berlin(hereinafter: Strato). When you visit our website, Strato collects various log files including your IP addresses. Details can be found in Strato's data protection declaration: https://www.strato.de/datenschutz/.
The use of Strato is based on Art. 6 para. 1 lit. f DSGVO. We have a legitimate interest in ensuring that our website is presented as reliably as possible. Insofar as a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a DSGVO; the consent can be revoked at any time.
Order processing
We have concluded an order processing agreement (AVV) with the above-mentioned provider. This is a contract required by data protection law, which ensures that the provider only processes the personal data of our website visitors in accordance with our instructions and in compliance with the DSGVO.
15 Data security
We would like to point out that the transfer of data via the Internet is not completely secure. We therefore cannot guarantee absolute security for the transmission of information to us via the Internet.
If possible, we use the widespread TLS (Transport Layer Security) procedure in connection with the highest encryption level supported by your browser when visiting our website. As a rule, this is 256-bit encryption. If your browser does not support 256-bit encryption, we use 128-bit technology instead. You can see whether an individual page of our website is transmitted in encrypted form by the closed display of the key or lock symbol in the lower status bar of your browser.
We use appropriate technical and organisational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorised access by third parties, insofar as this is within our power. Our security measures are continuously improved in line with technological developments.
16. up-to-dateness and amendment of this data protection declaration
We continuously develop our website and the services we offer. In particular, when new technologies are implemented and used, it may become necessary to amend this data protection declaration. The same applies in the event of legal changes or official requirements. We therefore recommend that you read this data protection declaration carefully not only now, but also from time to time.
This data protection declaration is valid as of January 2021.