I. IDENTITY AND CONTACT DETAILS OF THE CONTROLLER AND CONTACT DETAILS OF THE DATA PROTECTION OFFICER
1. Controller within the meaning of the data protection laws (Art. 4(7) GDPR) is:
Blaum Dettmers Rabstein Rechtsanwaltspartnerschaft mbB
Am Wall 153-156
Tel.: +49 421 36 60 10
2. Our data protection officer is available at:
Blaum Dettmers Rabstein Rechtsanwaltspartnerschaft mbB
- The data protection officer -
Am Wall 153-156
Tel.: +49 421 36 60 10
For any questions and suggestions regarding data protection please do not hesitate to contact our data protection officer directly.
II. GENERAL PRINCIPLES
1. Scope and legal bases of the processing
We process personal data only in accordance with the legal regulations. Processing of personal data is in particular only carried out if you have consented or if the processing is legally permitted otherwise.
Where we seek consent to processing activities regarding personal data from the data subject, point (a) of Art. 6(1) EU-General Data Protection Regulation (GDPR) is the legal basis.
For processing of personal data that is necessary for the performance of a contract to which the data subject is party, point (b) of Art. 6(1) GDPR is the legal basis. This includes processing activities that are necessary in order to take steps prior to entering into a contract.
Where processing of personal data is necessary for compliance with a legal obligation to which our enterprise is subject, point (c) of Art. 6(1) GDPR is the legal basis.
In the case that vital interests of the data subject or of another natural person require processing of personal data, point (d) of Art. 6(1) GDPR is the legal basis.
Where processing is necessary for the purposes of a legitimate interest pursued by our enterprise or by a third party and the interests, fundamental rights and freedoms of the data subject do not override the first-mentioned interest, point (f) of Art. 6(1) GDPR is the legal basis.
We will indicate the respective legal basis for the processing in connection with the information on the different data processing operations in this data protection declaration or when providing your personal data.
2. Transfer of data
Within our enterprise only those bodies get access to your data that need them for the purposes of our legitimate interests or for the compliance with our contractual or statutory obligations or for responding to your requests.
For processing of your data we partially use external service providers that process data on our behalf as processors (for example for central IT services or for hosting our website). Service providers that act for us as processors may use the data exclusively in accordance with our instructions. In this case we are responsible by law for ensuring that the enterprises engaged by us have appropriate data protection policies. The enterprises were chosen carefully by us, were engaged in writing in accordance with the legal requirements, underlie our instructions and are regularly controlled by us.
A transfer of your personal data to third parties takes only place if it is legally authorised, in particular, if
- you have explicitly given your consent to it pursuant to point (a) of Art. 6(1) GDPR,
- the transfer is necessary for the execution of contractual relationships pursuant to point (b) of Art. 6(1) GDPR,
- a legal obligation for the transfer exists pursuant to point (c) of Art. 6(1) GDPR,
- the transfer is necessary for the purposes of our legitimate interests pursuant to point (f) of Art. 6(1) GDPR if your interests do not override them.
When we intend to transfer personal data to third parties, you will find further information hereto in the information on the different data processing operations in this data protection declaration or when providing your personal data.
3. Duration of the storage and erasure of data
We process and store personal data only for the period that is necessary to achieve the purposes of the processing. If the purpose of the processing ceases, the data will be erased, unless legal retention obligations prejudice an erasure. In the latter case the processing will be restricted in order to comply with the retention obligations.
You will find further details in connection with the information on the different data processing operations in this data protection declaration or when providing your personal data.
4. Data security
Within the website visit and for the protection of the transmission of contents we use a SSL- and/or TLS-encryption. You can recognise this in the closed representation of the key symbols and/or the locket symbols in the lower status bar of your browser, which your browser indicates in a case of a SSL-connection.
Apart from that we use appropriate technical and organizational security measures in order to protect your data against accidental or intentional manipulations, partial or complete loss, destruction or against unauthorised access of third parties. Our security measures are being continuously improved in accordance with the technological development.
5. Data subject's rights
You shall have the following rights with respect to the personal data concerning you:
- Right to withdrawal of a consent
- Right to access
- Right to rectification or erasure
- Right to restriction of processing
- Right to object to processing
- Right to data portability
- Right to lodge a complaint with a supervisory authority.
Further information on these rights you will find at IV. of this declaration.
III. INFORMATION ON THE DIFFERENT DATA PROCESSING OPERATIONS
In the following provisions you will receive further information on the different data processing operations, for example on which personal data are collected, for which purposes they are used, on which basis we are entitled to collection of data, for how long they are stored and, where applicable, to whom a transfer is made:
1. Data processing when visiting the website
When opening our website, information is automatically sent to the server of our website by the browser used on your terminal device. This information is temporarily stored in a so-called logfile. The following information is thereby collected, without any action on your part, and stored until the automatic erasure:
- IP-address of the requesting computer,
- date and time of the access,
- name and URL of the requested file,
- website from which the access is made (Referrer-URL),
- used browser and, where applicable, the operating system of your computer as well as the name of your access provider,
- names of downloaded files.
The mentioned data are processed by us for the following purposes:
- display of the website,
- ensuring a smooth calling of the website,
- ensuring a comfortable using of our website,
- evaluation of the system security and stability as well as
- for other administrative purposes.
The temporary storage of the IP-address by the system is necessary in order to enable a transfer of the website data to the user's computer and to thereby enable the presentation of the called contents of the website. Storage in logfiles is made in order to ensure the functionality of the website. Furthermore, the data serve us for optimising the website and for ensuring the safety of our systems in terms of information technology.
The legal basis for the data processing is point (f) of Art. 6(1) GDPR. Our legitimate interest stems from the abovementioned purposes for the data collection. In no case we use the collected data for the purpose of drawing conclusions as to your person.
The erasure of the logfiles is automatically carried out at seven days intervals. A further storage beyond this is possible. In that case the users' IP-addresses are erased or modified in a way that an allocation of the calling client is not possible anymore.
In the cookie information is filed that results in each case in connection with the specifically used terminal device. That does not mean, however, that we thereby directly receive knowledge about your identity.
The data processing is based on point (f) of Art. 6(1) GDPR because we have a legitimate interest in the storage of cookies for a technically error-free and optimised providing of our services.
Most browsers accept cookies automatically. However, you can configure your browser according to your wishes so that for example no cookies are stored on your computer or so that a note always appears before a new cookie is created. You can also erase the cookies at any time in the security settings of your browser.
The complete deactivation of cookies can, however, lead to not being able to use all functions of our website.
3. Data processing when contacting via e-mail
If you contact us via e-mail, the data provided by you are stored by us and are only used in order to work on your request and in order to contact you for the execution of your request. The legal basis of the data processing is point (f) of Art. 6(1) GDPR. Our legitimate interest results from working on your request which is not prejudiced by any overriding interests of you because you voluntarily contacted us for that purpose. We point out that you shall have a right to object. You will find further details on that in our information regarding rights of the data subject at clause IV.10 of this data protection declaration.
We point out that in a case of data processing based on point (f) of Art. 6(1) GDPR, you shall have the right to object to processing in accordance with Art. 21 GDPR. Further information on that you will find at clause IV.10 of this data protection declaration.
If the contact is aimed at the conclusion of a contract, then an additional legal basis for the processing is point (b) of Art. 6(1) GDPR.
The data will be automatically erased by us when storage is not necessary anymore, in particular, when the working on your request is completed. The further use of data that has been stored by us for other purposes and that we are entitled to process based on other legal bases (e.g. with respect to data necessary for contract execution) remains unaffected hereof. If there are statutory retention obligations, we restrict the processing to what is necessary in order to comply with them. Independently of that you shall have the rights you are entitled to as data subject. You will find further details in our information on the rights of the data subject at clause IV. of the data protection declaration.
IV. DATA SUBJECT'S RIGHTS
As data subject you shall have the following rights:
1. Right to withdrawal of a consent
If you have given your consent to processing your data, you shall have the right to withdraw your consent given previously towards us at any time pursuant to Art. 7(3) GDPR. The consequence is that we must not continue processing in the future so far as we were entitled to it based on your consent. The lawfulness of processing based on consent before its withdrawal remains unaffected, i.e. the past processing based on the consent remains lawful.
2. Right to confirmation and access
You shall have the right pursuant to Art. 15 GDPR to obtain from us confirmation as to whether or not personal data concerning you are being processed. Furthermore, you shall have the right to access to your personal data processed by us free of charge. In particular, you can demand access to
- the purposes of the processing,
- the category of the personal data,
- the categories of recipients to whom your data were or will be disclosed,
- the envisaged duration of storage,
- the existence of the right to request rectification, erasure, restriction of processing or to object,
- the right to lodge a complaint,
- any available information as to the source of your data if those were not collected from us,
- as well as to the existence of automated decision-making, including profiling and, where applicable, meaningful information on the details.
3. Right to rectification
You shall have the right pursuant to Art. 16 GDPR to demand the rectification of inaccurate or the completion of your personal data stored by us without undue delay.
4. Right to erasure
You shall have the right pursuant to Art. 17 GDPR to obtain the erasure of your personal data stored by us if one of the following grounds applies:
- The personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed.
- You withdraw your consent on which the processing was based and where there is no other legal basis for the processing.
- You object to the processing which is based on points (b) or (f) of Art. 6(1) GDPR and there are no overriding legitimate grounds for the processing or you object to the data processing for the purpose of direct marketing.
- The personal data have been unlawfully processed.
- The personal data have been erased for compliance with a legal obligation in Union or Member State to which we are subject.
- The personal data have been collected in relation to the offer of information society services referred to in Art. 8(1).
This shall not apply to the extent that processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defence of legal claims.
5. Right to restriction of processing
You shall have the right pursuant to Art. 18 GDPR to obtain restriction of processing of your personal data where
- you contest the accuracy of the data for a period enabling us to verify the accuracy of your data,
- the processing is unlawful, but you oppose their erasure and request the restriction instead,
- we no longer need the data but you require them for the establishment, exercise or defence of legal claims or
- you have objected to processing pursuant to Art. 21 GDPR pending the verification whether our legitimate grounds override yours.
In this case your data shall, with the exception of storage, only be processed with your consent or for specified statutory purposes, including but not limited to prosecution and for the protection of the rights of other persons. We will inform you before the restriction of processing is lifted.
6. Right to data portability
You shall have the right pursuant to Art. 20 GDPR to receive your data which you have provided to us in a structured, commonly used and machine-readable format or to obtain the transmission to another controller.
7. Right to object to processing
Under certain conditions you shall also have the right pursuant to Art. 21 GDPR to object to processing of your personal data. Please read for this purpose our separate instruction at clause 10: Separate information on your right to object pursuant to Art. 21 GDPR.
8. Information regarding the exercise of the rights pursuant to clauses 1 – 7
If you want to exercise your aforementioned rights, you can contact us at all times. Therefor, for example, an e-mail to the data protection officer at firstname.lastname@example.org or to the contact address provided in the imprint is sufficient.
9. Right to lodge a complaint with a supervisory authority
Moreover, you shall have the right pursuant to Art. 77 GDPR to lodge a complaint with a supervisory authority. For example, you can therefor contact the supervisory authority in your habitual residence or place of work or where we are established. You will find a list of the supervisory authorities here:
www.bfdi.bund.de – Infothek
10. Separate information on your right to object pursuant to Art. 21 GDPR
In the following we would like to inform you particularly about your right to object pursuant to Art. 21 GDPR:
Right to object
a) Right to object on a case-by-case basis pursuant to Art. 21 GDPR
Condition for this right to object is that the data processing is carried out based on the provisions of points (e) or (f) of Art. 6(1) GDPR.
Point (e) of Art. 6(1) GDPR regulates the case that processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller. In the first place this comes into question for organs of state authority such as the Federal and Laender Governments and their authorities or private individuals authorized to perform public functions.
Point (f) of Art. 6(1) GDPR permits processing if it is necessary for the purposes of the legitimate interests pursued by the controller or by a third party except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject. If the data processing rests on one of these bases, you shall have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you, including profiling based on those provisions.
Consequence of the objection: After an objection the data are no longer processed unless we demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or the processing serves the establishment, exercise or defence of legal claims.
b) Right to object to processing of data for direct marketing purposes
Condition for this right to object is that your data are processed for direct marketing purposes.
In this case you shall have the right to object at any time to data processing for such marketing. This includes profiling, if it is related to such direct marketing.
Consequence of the objection is that the data shall no longer be processed for such purposes.
c) Exercising the right to object
If you want to exercise your right to object pursuant to (a) or (b), you can contact us at all times. Therefor, for example, an e-mail to the data protection officer at email@example.com or to the contact address provided in the imprint is sufficient.
V. PERIOD OF VALIDITY
In order to ensure that our information on data protection always complies with current statutory requirements it is subject to changes. This also applies in the case that data protection information must be adjusted because of new or revised offers or performances. You can access and print the current data protection declaration at any time on the website at http://www.blaum.de/index.php/de/datenschutz.