1. NAME AND CONTACT DETAILS OF THE PERSON RESPONSIBLE FOR PROCESSING AND THE DATA PROTECTION OFFICER
HÄRTING Rechtsanwälte PartGmbB
Phone: +49 (0)30 28 30 57 40
Fax: +49 (0)30 28 30 57 44
The Härting data protection officer can be contacted at the above address, for the attention of the data protection officer or at firstname.lastname@example.org.
You can contact our data protection officer directly at any time if you have any questions regarding data protection law or your rights as a data subject.
2. PROCESSING OF PERSONAL DATA AND PURPOSES OF PROCESSING
For the hosting of this website we use the web hosting service of Kinsta Inc. (hereinafter “Kinsta”).
In order to offer a website, it is necessary to commission a web hosting service. In accordance with Art. 6 para. 1 sentence 1 lit. f DSGVO, the web hosting service is used because of our legitimate economic interest in making our services available on this website. In connection with the hosting service, Kinsta processes personal data on our behalf, which are generated while using the website.
We have concluded a data processing agreement with Kinsta. Through this agreement, the service provider assures that it processes the data in accordance with the General Data Protection Regulation and guarantees the protection of the rights of the data subject.
Kinsta uses the Google Cloud Platform service of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter referred to as “Google”) to host our website. The information regarding the use of our website is transferred to Google servers in the USA and processed there. The data transferred are purely pseudonyms, it is not possible to draw conclusions from the data about your name. The transfer between Kinsta and Google is based on standard contractual clauses. This ensures a level of protection comparable to that in the EU (see also point 3b on data transfer to the US).
b) VISITING THE WEBSITE
You can access www.haerting.de without revealing your identity. The browser used on your terminal device will automatically send information to the server of our website (e.g. browser type and version, date and time of access) to enable a connection to the server. This also includes the IP address of your requesting terminal device. The data is temporarily stored in a so-called log file and automatically deleted after 9 weeks at the latest:
The IP address is processed for technical and administrative purposes of establishing and maintaining the connection, in order to guarantee the security and functionality of our website and to be able to trace possible illegal attacks on it if necessary.
The legal basis for the processing of the IP address and log-fils is Art. 6 para. 1 sentence 1 lit. f GDPR. Our legitimate interest follows from the above-mentioned security interest and the need to ensure that our website is available without disruption.
We cannot draw any direct conclusions about your identity from the processing of the IP address and other information in the log file.
c) ORDERING OUR NEWSLETTER
As long as you have given your explicit consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR, we will use your email address to regularly send you our newsletter. To receive the newsletter, it is sufficient to provide an e-mail address. You can voluntarily provide further information about your person (salutation, title, first and last name). We use this information exclusively to personalise the newsletter. After you have registered, you will then receive a registration notification by email, which you must confirm in order to receive the newsletter (so-called double opt-in). This serves us as proof that the registration was actually initiated by you.
You can unsubscribe at any given time, e.g. via a link at the end of each newsletter. Alternatively, you are welcome to send your unsubscription request to email@example.com by email. Your email address will be blocked immediately after you have revoked your consent to receive the newsletter.
We use the services of Sendinblue GmbH, Köpernicker Str. 126, 10179 Berlin (hereinafter Sendinblue) as a specialised service provider for sending the newsletter. We have concluded a contract with Sendinblue for the processing of personal data. Through this contract, Sendinblue assures that it will process the data in accordance with the GDPR and guarantee the protection of the rights of the data subject. The servers are located in Germany or Europe. There shall be no data transfer to states outside the EEA.
d) Joining a Webinar
We offer various webinars on legal topics. To participate in the webinars, you must register. To do so, we require the following data from you:
– First and last name,
– email address.
We need this data to send you the login details for the webinars and to identify you. We process this data on the basis of Art. 6 para. 1 sentence 1 lit. b GDPR to fulfil our contractual obligation to offer you the webinars. We will also use your email address to send you documents relating to the webinar you attended as a follow-up.
When registering for the webinar, you have the option of consenting to the sending of advertising on the basis of Art. 6 Para. 1 lit. a DSGVO. We will then use your email address and your first and last name to send you advertising. This will only include information about planned webinars. We will not use your email address for our newsletter. You can revoke your consent for the future at any time via the link at the end of the email.
We use the service of LogMeIn Inc, 333 Summer Street, Boston, MA 02210 USA (hereinafter: LogMeIn) for the webinar. We have concluded a data processing agreement with LogMeIn. In this contract, LogMeIn guarantees to comply with the applicable data protection regulations.
Your data will be automatically deleted after the webinar has ended. If you have consented to being contacted for advertising purposes, we will store your email address and your first and last name until you revoke your consent.
LogMeIn processes and stores your data on servers in the USA, among other places. We have concluded a contract with LogMeIn incorporating the EU standard contractual clauses. This ensures that a level of protection comparable to that in the EU exists (see also section 3b on data transfer to the USA).
Further information on data protection and LogMeIn-Services can be found here.
3. TRANSFER OF PERSONAL DATA TO THIRD PARTIES
a) TRANSFER OF DATA TO THIRD PARTIES
We will only transfer your personal data to third parties if:
- you have given your explicit consent in accordance with Art. 6 Para. 1 S. 1 lit. a GDPR
- it is necessary for the fulfilment of a contract with you in accordance with Art. 6 para. 1 sentence 1 lit. b GDPR
- in the event that there is a legal obligation to pass on the data pursuant to Art. 6 para. 1 sentence 1 lit. c GDPR.
The data passed on may be used by the third party exclusively for the specified purpose.
b) THIRD COUNTRY TRANSFER
A transfer of personal data to a third country or an international organisation will only take place if we inform you of this and if the conditions of Art. 44 et seqq. GDPR are given.
A third country is defined as a country outside the European Economic Area (EEA) in which the GDPR is not directly applicable. A third country is deemed to be unsafe if the EU Commission has not issued an adequacy decision for this country in accordance with Art. 45 (1) GDPR, confirming that adequate protection for personal data exists in the country.
The USA is a so-called unsafe third country. This means, that the US does not offer a level of data protection comparable to that in the EU. The risks involved in transferring personal data to the US are as follows: There is a risk that US authorities may gain access to personal data on the basis of the PRISM and UPSTREAM surveillance programmes based on Section 702 of the FISA (Foreign Intelligence Surveillance Act), and on the basis of Executive Order 12333 or Presidential Police Directive 28. EU citizens have no effective means of redress against such access in the US or the EU.
- the recipient provides appropriate safeguards in accordance with Art. 46 GDPR for the protection of personal data,
- you have explicitly agreed to the transmission, after we have informed you of the risks, in accordance with Art. 49 para. 1 lit. a) GDPR,
- the transmission is necessary for the fulfilment of contractual obligations between you and us
- or another exception from Art. 49 GDPR applies.
Safeguards under Art. 46 DSGVO can be so-called standard contractual clauses. In these standard contractual clauses, the recipient assures to protect the data sufficiently and thus to ensure a level of protection comparable to that provided by the GDPR.
4. COOKIES AND TRACKING PIXELS
We use so-called cookies or similar functions such as tracking pixels on our website to provide our website technically and to record the use of our website statistically and evaluate it for the purpose of optimisation (see section 5). We base the processing of your data through the cookies and pixels used for the above-mentioned technically necessary purposes in accordance with Art. 6 para. 1 sentence 1 lit. f) GDPR on our legitimate interest, which is to be regarded as justified in the sense of the above-mentioned regulation.
In addition, we set cookies and process the data through the cookies used only on the basis of your consent in accordance with Art. 6 para. 1 sentence 1 lit. a) GDPR. You can revoke your consent at any time with effect for the future using our Consent Management Tool. You can access the Consent Management Tool at any time via the link at the end of the website.
Cookies are small files that are automatically created by your browser and stored on your end device (laptop, tablet, smartphone or similar) when you visit our site. Cookies do not cause any damage on your terminal device, do not contain viruses, Trojans or other malware. Information is stored in the cookie that is related to the specific terminal device used. However, this does not mean that we obtain direct knowledge of your identity.
Tracking pixels are small 1×1 pixel GIF files that can be hidden in graphics when visiting our website. Pixels do not cause any damage to your terminal device, do not contain viruses, Trojans or other malware.
The pixels send your IP address, the referrer URL of the visited website, the time when the pixel was viewed, the browser used and previously set cookie information to a web server. This enables us to carry out range measurements and other statistical evaluations, which serve to optimise our platform and our offer.
c) Consent management tool
We use the Consent Management Tool of e-pixler GmbH, Leuchtenfabrik Aufgang E, Edisonstr. 63, 12459 Berlin (hereinafter: e-pixler). In this context, date and time of the visit, browser information, information on consents, device information and the IP address of the requesting device are processed. The legal basis is Art. 6 para. 1 sentence 1. lit. f DSGVO (legitimate interest). The obtaining and administration of legally required consents is to be regarded as a legitimate interest within the meaning of the aforementioned provision. e-pixler stores consents and revocations on our behalf and on our instructions. Further information on data protection at e-pixler can be found here.
5. WEB ANALYSIS: GOOGLE ANALYTICS
On our website we use Google Analytics, a web analysis service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter Google). In this context, pseudonymous user profiles are created and cookies are used.
The information generated by the cookie about the use of our website (e.g. IP address of the accessing computer, time of access, referrer URL and information about the browser and operating system used) is transferred to Google servers in the USA and processed there.
The use of Google Analytics is based on your consent in accordance with Art. 6 Para. 1 S. 1 lit. a GDPR. Google processes the information on our behalf in order to evaluate the use of the website, to compile reports on the website activities and to provide us with further services associated with the use of the website for the purposes of market research and the design of this website.
We have concluded a data processing contract with Google for the use of Google Analytics. Through this contract, Google assures that they process the data in accordance with the General Data Protection Regulation and guarantee the protection of the rights of the data subject.
We only use Google Analytics with activated IP anonymisation.This means that the IP address of the user is shortened by Google within the European Union or in other states that are party to the Agreement on the European Economic Area. The IP address is not combined with other data from Google.
We do not use the Universal Analytics with User ID offered by Google.
If necessary, the collected data will be transferred to third parties if this is required by law or if third parties process the data on our behalf.
The user data collected via cookies is automatically deleted after 14 months.
The information generated by the cookies set by Google Analytics about the use of our website is transferred to Google servers in the USA and processed there. The transmitted data consist only of pseudonyms, a conclusion on your name is not possible. We have concluded a contract with Google that includes the EU standard contract clauses. This ensures a level of protection comparable to that in the EU (see also section 3b on data transfer to the USA).
In addition, we will only transfer your data if you expressly consent to its processing by Google. In this case, while being aware of the risks described in No. 3.b, you also consent to your data being transferred to the USA in accordance with Art. 49 para. 1 lit. a GDPR.
You can revoke your consent for the future at any time using our Consent Management Tool. You can access the tool via the link at the end of the website.
6. GOOGLE MAPS
This website uses the map service Google Maps to display map material. The provider is Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. We use Google Maps on the basis of your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR.
When you click on a Google Maps on our website, information about your use of this website and your IP address is transmitted to a Google server in the USA. This takes place regardless of whether you have a Google Account through which you are logged in or whether no user account exists. If you are logged in with Google Account, your data will be linked directly to your account. Your data will be deleted if they are no longer required for the purpose of processing.
Further information on the purpose and scope of data collection and its processing by Google can be found at https://www.google.de/intl/de/policies/privacy.
Google transfers the information to Google’s servers in the USA. The transmitted data consist only of pseudonyms, a conclusion on your name is not possible (see also section 3b for data transfer to the USA).
We will only transfer your data to Google if you have explicitly consented to this. In this case, you consent to your data being transferred to the USA while being aware of the risks described in section 3b in accordance with Art. 49 para. 1 lit. a GDPR.
You can revoke your consent for the future at any time using the Consent Management Tool. You can access the Consent Management Tool via the link at the bottom of the website.
7. EMBEDDED YOUTUBE VIDEOS
We use videos on our website from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter: YouTube), a Google company. The implementation takes place on the basis of your consent pursuant to Art. 6 para. 1 sentence 1 lit. a GDPR. By loading the videos on our website, data is forwarded to Google. In particular, the information which of our websites you have visited and device-specific information including the IP address is transmitted to Google.
For implementing the videos, we are using the “extended privacy mode” provided by YouTube. If you call up a page that has an embedded video, a connection only establishes to the YouTube servers when you actually view the video.
If you are logged in to YouTube at the same time, this information is associated with your YouTube membership account. You can prevent this by logging out of your account before visiting our website. Your data will be deleted if they are no longer required for the purpose of processing.
For more information about the purpose and extent of data collection and processing by Google, please visit https://www.google.de/intl/de/policies/privacy.
Google transfers the information to Google’s servers in the USA. The transmitted data consists only of pseudonyms, a conclusion on your name is not possible. We will only transmit your data if you explicitly agree to the processing by Google. In this case, you consent to your data being transferred to the USA while being aware of the risks described in section 3b in accordance with Art. 49 para. 1 lit. a GDPR.
You can revoke your consent for the future at any time using the Consent Management Tool. You can access the Consent Management Tool via the link at the bottom of the website.
8. DATA SUBJECT RIGHTS
You have the right:
- pursuant to Art. 7 Subs. 3 GDPR to withdraw your consent to us at any time. This means that we may no longer continue processing the data based on that consent for the future;
- pursuant to Art. 15 GDPR to demand information about your personal data we process. In particular, you can demand information about the purposes of the processing, the category of the personal data, the categories of recipients to whom your data were or will be disclosed, the planned storage period, the existence of a right to rectification, deletion, restriction or revocation of processing, the existence a right to lodge a complaint, the origin of your data, in so far as not collected by us, and also about the existence of automated decision-making including profiling and where appropriate meaningful information about to details thereof;
- pursuant to Art. 16 GDPR to demand immediate rectification of inaccurate or completion of your personal data saved with us;
- pursuant to Art. 17 GDPR to demand deletion of your personal data saved with us, in so far as the processing is not required for exercising the right of freedom of expression and information, to comply with a legal obligation, for reasons of public interest or to establish, exercise or defend legal claims;
- pursuant to Art. 18 GDPR to demand restriction of processing of your personal data, in so far as you contest the accuracy of the data, the processing is unlawful but you oppose deletion and we no longer need the data but you do to establish, exercise or defend legal claims or you have objected to processing pursuant to Art. 21 GDPR;
- pursuant to Art. 20 GDPR to receive your personal data you have provided us in a structured, commonly used and machine-readable format or to demand transmission to another controller;
- pursuant to Art. 77 GDPR to lodge a complaint to a supervisory authority. As a rule, you can contact the supervisory authority for your habitual residence or place of work or our registered offices.
Right to object pursuant to Art. 21 GDPR
In so far as your personal data are processed on the basis of legitimate interests pursuant to Art. 6 Subs. 1 Sentence 1 lit. e and Art. 6 Subs. 1 Sentence 1 lit. f GDPR, you have the right, pursuant to Art. 21 GDPR, to object to the processing of your personal data, in so far as there are grounds arising from your particular situation or it relates to objection to direct marketing. In the latter case, you have a general right to object which we shall heed without the stating of a particular situation; This also applies to profiling based on those provisions as defines in Art. 4 no 4 GDPR.
If you submit an objection we shall no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or the processing is necessary for the establishment, exercise or defence of legal claims.
If your objection is to the processing of data for direct marketing purposes, we shall cease processing immediately. In this case it is not necessary for you to assert a particular situation. This also applies to profiling to the extent that it is related to such direct marketing.
If you want to exercise your right to object, simply send an email to firstname.lastname@example.org.
9. DATA SECURTIY
All the data you personally transfer will be sent encrypted with the customary and secure TLS standard (Transport Layer Security). TLS is a secure and proven standard, which is also used for online banking, for example. You can recognise a secure TLS connection inter alia by the “s” appended to the http (i.e. https://..) in the address bar of your browser or by the lock symbol at the bottom of your browser.
We also use suitable technical and organisational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, de-struction or against unauthorised access by third parties. Our security measures are continually monitored and improved to reflect technological developments.
10. Actuality of and changes to this Data Protection Policy
This Data Protection Policy is the latest version and was last amended as of November 2020.
The further development of our website and offers on it or changes in statutory or public-authority requirements many render it necessary to amend this Data Protection Policy.