When you use this website, your personal data is processed by us as the data controller and stored for the period required to fulfill the specified purposes and legal obligations. In the following, we will inform you about what data is involved, how it is processed and what rights you have in this regard.
According to Art. 4 No. 1 of the General Data Protection Regulation (GDPR), personal data is any information relating to an identified or identifiable natural person.
1. NAME AND CONTACT DETAILS OF THE DATA CONTROLLER AND THE COMPANY DATA PROTECTION OFFICER
This data protection information applies to data processing on the website
www.haerting.de by the controller:
HÄRTING Rechtsanwälte PartGmbB Chausseestr. 13 10115 Berlin
(hereinafter referred to as “HÄRTING”)
Email: mail@haerting.de
Telephone: +49 (0)30 28 30 57 40
Fax: +49 (0)30 28 30 57 44
HÄRTING’s data protection officer can be contacted at the above address, Attn: Data Protection Officer or at datenschutz@haerting.de.
You can contact our data protection officer directly at any time if you have any questions about data protection law or your rights as a data subject.
2. PROCESSING OF PERSONAL DATA AND PURPOSES OF PROCESSING
a) Web hosting
We use the web hosting service of Kinsta Inc. (hereinafter referred to as “Kinsta”) to provide this website.
In order to offer a website, it is necessary to commission a web hosting service. Kinsta is used in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR due to our legitimate economic interest in making our offer available on this website. In connection with hosting, Kinsta processes personal data on our behalf that is generated when the website is used.
To host our website, Kinsta uses the Google Cloud Platform service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter referred to as “Google Cloud Platform”). The information about the use of our website is transmitted to servers of Google LLC in the USA and processed there. The transmitted data are only pseudonyms; it is not possible to draw conclusions about your name. On 10.07.2023, the EU Commission issued an adequacy decision for the Data Privacy Framework for the transfer of data to recipients based in the USA. According to this, an adequate level of data protection is assumed for data transfers to certified recipients based in the USA (see also section 3. b) ). Google LLC is a certified company.
We store your personal data for as long as is necessary for its use.
b) WHEN VISITING THE WEBSITE
You can visit the website www.haerting.de without having to disclose your identity. The browser used on your end device only automatically sends information to the server of our website (e.g. browser type and version, date and time of access) to enable the website to establish a connection. This also includes the IP address of your requesting device. This is temporarily stored in a log file and automatically deleted after 9 weeks at the latest:
The IP address is processed for technical and administrative purposes of connection establishment and stability in order to ensure the security and functionality of our website and to prevent any unauthorized access. The legal basis for the processing of the IP address is Art. 6 para. 1 sentence 1 lit. f GDPR. Our legitimate interest follows from the aforementioned security interest and the need to provide our website without disruption.
We cannot draw any direct conclusions about your identity from the processing of the IP address and other information in the log file.
Further information on cookies and similar technologies used on our website can be found in section 4 onwards.
We store your personal data for as long as is necessary for its use.
c) WHEN ORDERING OUR NEWSLETTER
If you have expressly consented in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR, we will use your e-mail address to send you our newsletter on a regular basis. To receive the newsletter, it is sufficient to provide an e-mail address. You can voluntarily provide further information about yourself (salutation, title, first name and surname). We use this information exclusively to personalize the newsletter. You will then receive a registration notification by e-mail, which you must confirm in order to receive the newsletter (so-called double opt-in). This serves as proof for us that the registration was actually initiated by you. We process this information on the basis of Art. 6 para. 1 sentence 1 lit. f GDPR. We have a legitimate interest in storing this proof.
You can unsubscribe at any time, e.g. via a link at the end of each newsletter. Alternatively, you can also send your unsubscribe request to newsletter@haerting.de by email. Your e-mail address will be blocked immediately after you withdraw your consent to receive the newsletter. We store your revocation on the basis of Art. 6 para. 1 sentence 1 lit. f GDPR. We have a legitimate interest in not sending you (any more) newsletters if you withdraw your consent.
We use the service of Sendinblue GmbH, Köpernicker Str. 126, 10179 Berlin (hereinafter: Sendinblue) as a specialized service provider to send the newsletter.
We store your personal data for as long as is necessary for its use.
d) WHEN VISITING A WEBINAR
We offer various webinars on legal topics. To participate in the webinars, you must register and we need the following data from you:
- First and last name,
- e-mail address.
We need this data to send you the access data for the webinars and to identify you. We process this data on the basis of Art. 6 para. 1 sentence 1 lit. b GDPR to fulfill our contractual obligation to offer you the webinar. We will also use your e-mail address to send you documents relating to the webinar you attended after the webinar.
When registering for the webinar, you have the option of consenting to the sending of advertising on the basis of Art. 6 para. 1 lit. a GDPR.
We will then use your e-mail address and your first and last name to send you advertising.This will only include information about planned webinars.We will not use your email address for our newsletter.You can revoke your consent at any time for the future via the link at the end of the email.
We use the service of LogMeIn Inc, 333 Summer Street, Boston, MA 02210 USA (hereinafter: LogMeIn) for the webinar.
LogMeIn processes and stores your data on servers in the USA, among other places. On July 10, 2023, the EU Commission issued an adequacy decision for the Data Privacy Framework for data transfers to recipients based in the USA. According to this, an adequate level of data protection is assumed for data transfers to certified recipients based in the USA.LogMeIn is not a certified company. We have therefore concluded a contract with LogMeIn that includes the EU standard contractual clauses. This ensures that there is a level of protection comparable to that in the EU (see also section 3. b) on data transfer to the USA).
You can find more information on data protection at LogMeIn here.
Your data will be deleted automatically after the end of the webinar.If you have consented to being contacted for advertising purposes, we will store your e-mail address and your first and last name until you withdraw your consent.
3. DISCLOSURE OF PERSONAL DATA TO THIRD PARTIES
a) TRANSFER OF DATA TO THIRD PARTIES
Except in the aforementioned cases of processing on our behalf, we will only pass on your personal data to third parties if
you have given your express consent to this in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR;
this is necessary for the performance of a contract with you pursuant to Art. 6 para. 1 sentence 1 lit. b GDPR
in the event that there is a legal obligation for the disclosure pursuant to Art. 6 para. 1 sentence 1 lit. c GDPR.
The transferred data may only be used by the third party for the stated purposes.
b) TRANSFER TO THIRD PARTIES
In connection with data processing by , data may be transferred to third countries, i.e. to recipients outside the EU or the European Economic Area (EEA). If the European Commission has issued a decision on the existence of an adequate level of protection in relation to the third country (see Art. 45 (3) GDPR), no additional measures are required for the data transfer.
If data is transferred to recipients based in the USA, this is done on the basis of the Transatlantic Data Privacy Framework of 10.07.2023, provided that the recipient has appropriate certification. A list of currently certified companies is available here. In other cases and in the case of data transfers to other so-called non-secure third countries, data will only be transferred if the requirements of Art. 46 et seq. GDPR are met. Specifically, this means that data is only transferred to third countries if
- the recipient provides sufficient so-called guarantees in accordance with Art. 46 GDPR for the protection of personal data
- you have expressly consented to the transfer, after we have informed you of the risks, in accordance with Art. 49 para. 1 lit. a) GDPR
- the transfer is necessary for the fulfillment of contractual obligations between you and us, or
- another exception pursuant to Art. 49 GDPR applies.
- Which of the above-mentioned bases applies in individual cases is described in the respective processing.
- Data transfers to recipients based in the USA who do not have TADPF certification and for whom an adequate level of data protection cannot be established by means of guarantees within the meaning of Art. 46 GDPR will only be made with your consent within the meaning of Art. 49 para. 1 lit. a GDPR.
We would like to point out that for recipients based in the USA without TADPF certification, an adequate level of data protection comparable to that in the EU cannot be guaranteed. Such a transfer of personal data therefore involves the following risks: There is a risk that US authorities may gain access to the personal data on the basis of the PRISM and UPSTREAM surveillance programs based on Section 702 of the FISA (Foreign Intelligence Surveillance Act) and on the basis of Executive Order 12333 or Presidential Police Directive 28. EU citizens have no effective legal protection against this access in the USA or the EU.
4. COOKIES AND SIMILAR TECHNOLOGIES
We use so-called cookies or similar functions such as tracking pixels on our website in order to provide our website technically and to statistically record the use of our website. We base the processing of your data by the cookies and pixels used for the aforementioned technically necessary purposes in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR on our legitimate interest, which is to be regarded as legitimate within the meaning of the aforementioned provision.
In addition, we use cookies and process the data through the cookies used only on the basis of your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR. You can revoke your consent at any time with effect for the future via our consent management tool. You can access the consent management tool at any time via the link at the bottom of the website.
a) COOKIES
Cookies are small files that your browser automatically creates and that are stored on your end device (laptop, tablet, smartphone, etc.) when you visit our website. Cookies do not cause any damage to your end device and do not contain any viruses, Trojans or other malware. Information is stored in the cookie that results in each case in connection with the specific end device used. However, this does not mean that we obtain direct knowledge of your identity.
On the one hand, the use of cookies serves to make the use of our website more pleasant for you. For example, we use so-called session cookies to recognize that you have already visited individual pages of our website. These are automatically deleted after you leave our site. These cookies enable us to automatically recognize that you have already visited our website when you visit it again. Cookies are also used to make our website technically available and to offer you tools. These cookies are automatically deleted after a defined period of time.
b) CONSENT MANAGEMENT TOOL
We use the consent management tool Cookiebot from Usercentrics A/S, Havnegade 39, 1058 Copenhagen, Denmark (hereinafter: “Cookiebot”). In this context, the date and time of the visit, browser information, consent information, device information and the IP address of the requesting device are processed. The legal basis is Art. 6 para. 1 sentence 1 lit. f GDPR (legitimate interest). Obtaining and managing legally required consent is to be regarded as a legitimate interest within the meaning of the aforementioned provision. Cookiebot stores consents and revocations on our behalf and on our instructions. You can find more information about data protection at Cookiebot here.
We store your personal data for as long as is necessary for its use.
5. GOOGLE MAPS
This website uses the map service Google Maps to display map material. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter: “Google Maps” or “Google”). We use Google Maps on the basis of your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR and § 25 para. 1 sentence 1 TTDSG.
When using Maps, Google collects personal data such as the search terms entered, the IP address, the location, etc. A NID cookie is stored on the user’s device for this purpose. The use of Google Maps requires a connection via your browser to Google’s servers, which may be located in insecure third countries such as the USA and processed there.
The transmitted data are only pseudonyms; it is not possible to draw conclusions about your name. The data is transferred to Google LLC servers in the USA and processed there. The data transmitted are only pseudonyms; it is not possible to identify you by name. On 10.07.2023, the EU Commission issued an adequacy decision for the Data Privacy Framework for the transfer of data to recipients based in the USA. According to this, an adequate level of data protection is assumed for data transfers to certified recipients based in the USA (see also section 3. b) ). Google LLC is a certified company.
You can revoke your consent at any time for the future via the Consent Management Tool. You can access the consent management tool via the link at the bottom of the website.
We store your personal data for as long as is necessary for its use.
6. Integrated YouTube videos
We use components (videos) of the YouTube service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter: “YouTube” or “Google”) on our website. The implementation is based on your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR and § 25 para. 1 sentence 1 TTDSG.
Here we use the “extended data protection mode” option provided by YouTube. If you call up a page that has an embedded video, this only establishes a connection to the Google servers and the content is displayed on the website by notifying your browser when you actually watch the video. By loading the videos on our website, data is then forwarded to Google. If you are logged in to YouTube at the same time, this information will be assigned to your YouTube member account. You can prevent this by logging out of your member account before visiting our website. Device-specific information, including the IP address, is also transmitted. The use of YouTube requires a connection via your browser to Google’s servers, which may be located in insecure third countries such as the USA and processed there.
The transmitted data are only pseudonyms; it is not possible to draw conclusions about your name. The data is transferred to Google LLC servers in the USA and processed there. The data transmitted are only pseudonyms; it is not possible to identify you by name. On 10.07.2023, the EU Commission adopted an adequacy decision for the Data Privacy Framework for the transfer of data to recipients based in the USA. According to this, an adequate level of data protection is assumed for data transfers to certified recipients based in the USA (see also section 3. b) ). Google LLC is a certified company.
You can revoke your consent at any time for the future via the Consent Management Tool. You can access the consent management tool via the link at the bottom of the website.
We store your personal data for as long as is necessary for its use.
7. RIGHTS OF DATA SUBJECTS
You have the right
in accordance with Art. 7 para. 3 GDPR, to withdraw your consent once given to us at any time. As a result, we may no longer continue the data processing based on this consent in the future;
to request information about your personal data processed by us in accordance with Art. 15 GDPR. In particular, you can request information about the purposes of processing, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right to lodge a complaint, the origin of your data if it was not collected by us, and the existence of automated decision-making including profiling and, if applicable, meaningful information about its details;
in accordance with Art. 16 GDPR, to immediately request the correction of incorrect or incomplete personal data stored by us
in accordance with Art. 17 GDPR, to request the erasure of your personal data stored by us, unless the processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defense of legal claims
in accordance with Art . 18 GDPR, to demand the restriction of the processing of your personal data if the accuracy of the data is disputed by you, the processing is unlawful but you refuse to delete it and we no longer need the data, but you need it to assert, exercise or defend legal claims or you have lodged an objection to the processing in accordance with Art. 21 GDPR
in accordance with Art. 20 GDPR, to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format or to request its transmission to another controller; and
to lodge a complaint with a supervisory authority in accordance with Art. 77 GDPR. As a rule, you can contact the supervisory authority of your usual place of residence or workplace or our company headquarters.
INFORMATION ABOUT YOUR RIGHT TO OBJECT PURSUANT TO ART. 21 GDPR
You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on Article 6(1)(e) GDPR (data processing in the public interest) and Article 6(1)(f) GDPR (data processing on the basis of a balancing of interests); this also applies to profiling based on this provision of Article 4(4) GDPR
If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the establishment, exercise or defense of legal claims.
If you object to the processing of data for the purpose of direct marketing, we will cease processing immediately. In this case, it is not necessary to specify a particular situation. This also applies to profiling insofar as it is associated with such direct advertising.
If you wish to exercise your right to object, simply send an email to datenschutz@haerting.de
8. DATA SECURITY
All data transmitted by you personally is encrypted using the common and secure TLS (Transport Layer Security) standard. TLS is a secure and proven standard that is also used in online banking, for example. You can recognize a secure TLS connection by the s appended to the http (i.e. https://..) in the address bar of your browser or by the lock symbol at the bottom of your browser.
We also use suitable technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or unauthorized access by third parties. Our security measures are continuously improved in line with technological developments.
8. UPDATING AND AMENDMENT OF THIS PRIVACY POLICY
This privacy policy is currently valid and was last updated in May 2024.
It may become necessary to amend this data protection information as a result of the further development of our website and services or due to changes in legal or official requirements.