I. Introduction and terms
“Personal data” means any information relating to an identified or identifiable individual (Art. 4 No. 1 GDPR). Information of an identified person can be, for example, the name or the e-mail address. However, personal data is also data for which the identity is not immediately apparent, but which can be determined by combining one’s own information or that of others and thus finding out who it is. A person becomes identifiable, for example, by providing your address or bank details, date of birth or user name, IP addresses and/or location data. Relevant here is all information that in any way allows a conclusion to be drawn about a person.
A “processing” is understood by Art. 4 No. 2 GDPR to mean any operation related to personal data. This applies in particular to the collection, recording, organization, ordering, storage, adaptation or modification, reading, querying, use, disclosure, transmission, dissemination or any other form of provision, comparison or linking, restriction, deletion or destruction of personal data.
II. Person responsible and data protection officer
Responsible for data processing is:
Beiler, Karl, Platzbecker & Partner Attorneys at Law Partnership (“we”)
represented by the attorneys Harald Beiler, Jan Clasen, Reinher Karl, Arne Platzbecker, Hendrik Prahl,Steffen Sauter, Jan Simon, Heiko Wiese
Address: Palmaille 96, 22767 Hamburg
Phone: +49 (0)40 / 18 18 980 0
Fax: +49 (0)40 / 18 18 980 99
4. DATA PROTECTION OFFICER
We have appointed an external data protection officer for our office. You can reach him at:
Company: HABEWI GmbH & Co KG
Legal representative: General partner HABEWI Beteiligungs GmbH, represented by Arne Platzbecker (Managing Director)
Address: Palmaille 96, 22767 Hamburg
Phone: +49 (0)40/ 46008966
Fax: +49 (0)40/ 46008977
III. processing framework
5. PROCESSING FRAMEWORK: WEBSITE
Within the framework of the website, we process the personal data from you listed in detail below in section IV. We only process data from you that you actively provide on the website (e.g. by filling out forms) or that you automatically provide when using our offer.
Your data will be processed exclusively by us and will not be sold, lent or passed on to third parties. If we use the help of external service providers to process your personal data, this is done within the framework of so-called commissioned processing, in which we as the client are authorized to issue instructions to our contractors. To operate our website, we use an external service provider for hosting. If further external service providers are used for individual processing operations listed in Section IV, they will be named there.
We do not transfer data to third countries and do not plan to do so. We will inform about exceptions to this principle in the processing operations presented below. Any data transfer to third countries then takes place on the basis of the so-called EU standard contractual clauses.
IV. The processing in detail
6. CONTACT BY E-MAIL
6.1 Description of processing: You can also contact us via the e-mail addresses provided on the website. To contact us, you can write to us via the email address provided on the website. In this case, the personal data transmitted with the e-mail will be processed by us.
6.2 Legal basis: The processing is necessary to protect the overriding legitimate interests of the controller (Art. 6 para. 1 lit. f DSGVO). Our legitimate interest lies in the purpose named in section 6.2. If the e-mail contact is aimed at the conclusion or fulfillment of a contract, the data processing is carried out for the fulfillment of the contract (Art. 6 para. 1 lit. b DSGVO).
6.3 Storage period: The data will be deleted by us as soon as they are no longer required to achieve the purpose for which they were collected. This is usually the case when the respective communication with you has ended. The communication is terminated when it is clear from the circumstances that your concern has been conclusively clarified. If legal retention periods prevent deletion, the data will be deleted immediately after the legal retention period has expired.
7. FONT SUBSTITUTION
When displaying our website, the standard fonts of your terminal device are replaced by fonts. This is done in order to show you the text on our customer portal in a more readable and aesthetically pleasing way. For font substitution, we opted for a privacy-friendly solution. Namely, we do not integrate external services, such as Google Fonts or Adobe Fonts. Instead, we store the fonts to be replaced from the Google Fonts catalog locally on our server. This has the advantage that when you call up our site, no request is made by your browser to external font replacement services and thus no data, in particular your IP address in connection with the address of our website, is transmitted to third parties.
V. Security measures
8. SAFETY MEASURES
To protect your personal data from unauthorized access, we have provided our website with an SSL or TLS certificate. SSL stands for “Secure Sockets Layer” and TLS for “Transport Layer Security” and encrypts the communication of data between a website and the user’s end device. You can recognize active SSL or TLS encryption by a small lock logo that appears on the far left of the browser’s address bar.
VI. your rights
9. RIGHTS OF AFFECTED
With regard to the data processing by our law firm described above, you are entitled to the following data subject rights:
9.1 Information (Art. 15 GDPR): You have the right to request confirmation from us as to whether we are processing personal data relating to you. If this is the case, they have a right of access to this personal data and to the information listed in detail in Article 15 of the GDPR under the conditions set out in Article 15 of the GDPR.
9.2 Correction (Art. 16 GDPR): You have the right to demand that we correct any inaccurate personal data concerning you and, if necessary, complete any incomplete personal data without undue delay.
9.3 Deletion (Art. 17 GDPR): You have the right to demand that we delete personal data concerning you without undue delay, provided that one of the reasons listed in detail in Art. 17 DSGVO applies, e.g. if your data is no longer required for the purposes pursued by us.
9.4 Restriction of data processing (Art. 18 GDPR): You have the right to request us to restrict processing if one of the conditions listed in Art. 18 DSGVO is met, e.g. if you dispute the accuracy of your personal data, data processing will be restricted for the period of time that allows us to verify the accuracy of your data.
9.5 Data portability (Art. 20 GDPR): You have the right, under the conditions listed in Art. 20 DSGVO, to request the surrender of the data concerning you in a structured, common and machine-readable format.
9.6 Withdrawal of consent (Art. 7 (3) GDPR): You have the right to withdraw your consent at any time in the case of processing based on consent. The revocation is valid from the time of its assertion. In other words, it works for the future. The processing therefore does not become retroactively unlawful by the revocation of consent.
9.7 Complaint (Art. 77 GDPR): If you believe that the processing of personal data concerning you is in breach of the GDPR, you have the right to lodge a complaint with a supervisory authority. You may exercise this right by contacting a supervisory authority in the EU Member State where you are located, where you work or where the alleged infringement took place.
9.8 Prohibition of automated decisions/profiling (Art. 22 GDPR): Decisions which have legal effects concerning you or which significantly affect you must not be based solely on automated processing of personal data – including profiling. We inform you that we do not use automated decision making including profiling with regard to your personal data.
9.9 Right to object (Art. 21 GDPR): If we collect personal data from you on the basis of Art. 6 para. 1 lit. f GDPR (for the protection of overriding legitimate interests), you have the right to object to this under the conditions listed in Art. 21 GDPR. However, this only applies insofar as there are reasons arising from your particular situation. After an objection, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for processing that override your interests, rights and freedoms. We also do not have to stop processing if it serves the assertion, exercise or defense of legal claims. In any case – also independent of a specific situation – you have the right to object to the processing of your personal data for direct marketing at any time.
Status: February 2022