DATA PROTECTION



The protection of your personal data is important to us. We collect and use your personal data exclusively in accordance with and within the framework of the applicable data protection law of the Federal Republic of Germany, in particular the General Data Protection Regulation (GDPR), the Federal Data Protection Act (BDSG) and all other applicable data protection regulations.

In the following we inform you about the type, scope and purpose of the collection and use of personal data when using our website. You can access this information at any time on our website.

With regard to the terms used, such as "personal data" or their "processing", we refer to the definitions in Article 4 of the General Data Protection Regulation (GDPR).

Responsible
PELTZER SUHREN Rechtsanwälte GbR
An der Börse 2
30159 Hanover
Authorized to represent: i.a. Dr. Horst Suhren
Telephone number: +49 511 80 71 82 0
Email address: ra@kanzlei-psm.de

Data Protection Officer
Dr: Horst Suhren,
An der Börse 2
30159 Hanover
Email address: hsuhren@kanzlei-psm.de

Types of data processed:
- Inventory data (e.g. names, addresses)
- Contact details (e.g. e-mail, telephone numbers)
- Content data (e.g. text input, photographs, videos)
- Contract data (e.g. subject of the contract, term, customer category)
- Payment data (e.g. bank details, payment history)
- Meta/communication data (e.g. device information, IP addresses)

Processing of special categories of data (Article 9 (1) GDPR)
In principle, no special categories of data are processed unless they are processed by the user, e.g. B. entered in online forms.

Categories of data subjects affected by the processing
- Customers / prospects / suppliers
- Visitors and users of the online offer

In the following, we also refer to the data subjects as "users".

purpose of processing
- Provision of the online offer, its content and functions
- Provision of contractual services, service and customer care
- Answering contact requests and communicating with users
- Marketing & Advertising
- Safety measures

Status: 02/10/2021

1. Relevant Legal Bases

In accordance with Art. 13 GDPR, we will inform you of the legal basis for our data processing. If the legal basis is not mentioned in the data protection declaration, the following applies: The legal basis for obtaining consent is Art. 6 (1) lit. a and Art Answering inquiries is Article 6(1)(b) GDPR, the legal basis for processing to fulfill our legal obligations is Article 6(1)(c) GDPR, and the legal basis for processing to safeguard our legitimate interests is Article 6(1)(c) GDPR 6 Paragraph 1 lit. f GDPR. In the event that vital interests of the data subject or another natural person require the processing of personal data, Article 6 Paragraph 1 Letter d GDPR serves as the legal basis.

2. Changes and Updates to the Privacy Policy

We ask you to inform yourself regularly about the content of our data protection declaration. We will adapt the data protection declaration as soon as the changes in the data processing we carry out make this necessary. We will inform you as soon as the changes require your participation (e.g. consent) or other individual notification.

3. Security Measures

3.1. In accordance with Art. 32 GDPR, we take appropriate technical measures, taking into account the state of the art, the implementation costs and the type, scope, circumstances and purposes of the processing as well as the different probability of occurrence and severity of the risk for the rights and freedoms of natural persons and organizational measures to ensure a level of protection appropriate to the risk; The measures include, in particular, securing the confidentiality, integrity and availability of data by controlling physical access to the data, as well as access, input, transfer, securing availability and their separation. Furthermore, we have set up procedures that ensure the exercise of data subject rights, deletion of data and reaction to data threats. Furthermore, we already take the protection of personal data into account during the development or selection of hardware, software and processes, according to the principle of data protection through technology design and through data protection-friendly default settings (Article 25 GDPR).

3.2. The security measures include in particular the encrypted transmission of data between your browser and our server (SSL encryption).

4. Cooperation with Processors and Third Parties

4.1. If, as part of our processing, we disclose data to other people and companies (contract processors or third parties), transmit it to them or otherwise grant them access to the data, this is only done on the basis of legal permission (e.g. if the data is transmitted to third parties, as to payment service providers, pursuant to Art. 6 Para. 1 lit. B GDPR is required for the fulfillment of the contract), you have consented, a legal obligation provides for this or on the basis of our legitimate interests (e.g. when using agents, web hosts, etc .).

4.2. If we commission third parties to process data on the basis of a so-called "order processing contract", this is done on the basis of Art. 28 DSGVO.

5. Transfers to third countries

If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or this happens as part of the use of third-party services or disclosure or transmission of data to third parties, this only takes place if it is to fulfill our (pre)contractual obligations, on the basis of your consent, on the basis of a legal obligation or on the basis of our legitimate interests. Subject to legal or contractual permissions, we only process or have the data processed in a third country if the special requirements of Art. 44 et seq. GDPR are met. This means that the processing takes place e.g. on the basis of special guarantees, such as the officially recognized determination of a data protection level corresponding to that of the EU (e.g. for the USA through the "Privacy Shield") or compliance with officially recognized special contractual obligations (so-called "standard contractual clauses").

6. Rights of data subjects

6.1. You have the right to request confirmation as to whether the data in question is being processed and to request information about this data as well as further information and a copy of the data in accordance with Art. 15 GDPR.

6.2. You have accordingly. Art. 16 DSGVO the right to request the completion of the data concerning you or the correction of incorrect data concerning you.

6.3. In accordance with Art. 17 GDPR, you have the right to demand that the data in question be deleted immediately, or alternatively, in accordance with Art. 18 GDPR, to demand a restriction of the processing of the data.

6.4. You have the right to request that you receive the data that you have provided to us in accordance with Art. 20 GDPR and to request that it be transmitted to other responsible parties.

6.5. You also have the right, in accordance with Article 77 GDPR, to lodge a complaint with the competent supervisory authority.

7. Right of Withdrawal & Right to Object

You have the right to revoke your consent in accordance with Article 7 (3) GDPR with effect for the future. You can object to the future processing of data relating to you at any time in accordance with Art. 21 GDPR. The objection can be made in particular against processing for direct advertising purposes. If you want to make use of your right of revocation or right of objection, it is sufficient to send an e-mail to hsuhren@kanzlei-psm.de

8. Cookies and the right to object to direct mail

We use temporary and permanent cookies, i.e. small files that are stored on the user's device (for an explanation of the term and function, see the last section of this data protection declaration). Some of the cookies are used for security or are required to operate our online offer (e.g. to display the website) or to save the user decision when confirming the cookie banner. In addition, we or our technology partners use cookies for range measurement and marketing purposes, about which users are informed in the course of the data protection declaration.

A general objection to the use of cookies for online marketing purposes can be raised for a large number of services, especially in the case of tracking, via the US website http://www.aboutads.info/choices/ or the EU website http://www.youronlinechoices.com/. Furthermore, the storage of cookies can be achieved by switching them off in the browser settings. Please note that in this case not all functions of this online offer can be used.

9. Deletion of Data

9.1. The data processed by us will be deleted or their processing restricted in accordance with Art. 17 and 18 GDPR. Unless expressly stated in this data protection declaration, the data stored by us will be deleted as soon as they are no longer required for their intended purpose and the deletion does not conflict with any statutory storage requirements. If the data is not deleted because it is required for other and legally permissible purposes, its processing will be restricted. This means that the data will be blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax reasons.

9.2. In accordance with legal requirements, storage is carried out in particular for 6 years in accordance with Section 257 (1) HGB (books, inventories, opening balance sheets, annual financial statements, commercial letters, accounting documents, etc.) and for 10 years in accordance with Section 147 (1) AO (books, records, management reports , accounting documents, commercial and business letters, documents relevant to taxation, etc.).

10. Provision of contractual services

10.1. We process inventory data (e.g. names and addresses as well as contact details of users), contract data (e.g. services used, names of contact persons, payment information) for the purpose of fulfilling our contractual obligations and services in accordance with Article 6 Paragraph 1 lit b. GDPR. The entries marked as mandatory in online forms are required for the conclusion of the contract.

10.2. Deletion takes place after statutory warranty and comparable obligations have expired, the necessity of storing the data is checked every three years; in the case of legal archiving obligations, the deletion takes place after their expiry (end of commercial law (6 years) and tax law (10 years) storage obligation); Information in the customer account remains until it is deleted.

11. Contact

11.1. When contacting us (via contact form or e-mail), the information provided by the user will be processed to process the contact request and its processing in accordance with Article 6 (1) (b) GDPR.

11.2. User information can be stored in our Customer Relationship Management System (“CRM System”) or comparable inquiry organization.

11.3. We delete the requests if they are no longer necessary. We review necessity every two years; We store inquiries from customers who have a customer account permanently and refer to the information on the customer account for deletion. In the case of legal archiving obligations, the deletion takes place after they have expired (end of commercial law (6 years) and tax law (10 years) storage obligation).

12. Collection of access data and log files

12.1. On the basis of our legitimate interests within the meaning of Article 6 (1) (f) GDPR, we collect data about every access to the server on which this service is located (so-called server log files). The access data includes the name of the accessed website, file, date and time of access, amount of data transferred, notification of successful access, browser type and version, the user's operating system, referrer URL (the previously visited page), IP address and the requesting provider .

12.2. Log file information is stored for a maximum of seven days for security reasons (e.g. to investigate misuse or fraud) and then deleted. Data whose further storage is required for evidence purposes are excluded from deletion until the respective incident has been finally clarified.

13. Online social media presence

13.1. On the basis of our legitimate interests within the meaning of Article 6 (1) (f) GDPR, we maintain online presences within social networks and platforms in order to be able to communicate with the customers, interested parties and users active there and to be able to inform them about our services there. When calling up the respective networks and platforms, the terms and conditions and data processing guidelines of their respective operators apply.

13.2. Unless otherwise stated in our data protection declaration, we process user data if they communicate with us within social networks and platforms, e.g. write posts on our online presence or send us messages.

14. Cookies & Audience Measurement

14.1. Cookies are pieces of information that are transmitted from our web server or web servers of third parties to the web browser of the user and stored there for later retrieval. Cookies can be small files or other types of information storage.

14.2. We use "session cookies", which are only stored for the duration of the current visit to our online presence (e.g. to be able to save your login status or the shopping cart function and thus enable the use of our online offer at all). A randomly generated unique identification number, a so-called session ID, is stored in a session cookie. A cookie also contains information about its origin and the storage period. These cookies cannot store any other data. Session cookies are deleted when you have finished using our online offer and e.g. log out or close your browser.

14.3. Users are informed about the use of cookies in the context of pseudonymous range measurement in the context of this data protection declaration.

14.4. If users do not want cookies to be stored on their computer, they are asked to deactivate the corresponding option in their browser's system settings. Saved cookies can be deleted in the system settings of the browser. The exclusion of cookies can lead to functional restrictions of this online offer.

14.5. You can opt out of the use of cookies, which are used to measure reach and for advertising purposes, via the deactivation page of the network advertising initiative (http://optout.networkadvertising.org/) and also the US website (http://www.aboutads.info/choices ) or the European website (http://www.youronlinechoices.com/uk/your-ad-choices/).

15. Integration of Third-Party Services and Content

15.1. We use content or service offers from third-party providers within our online offer on the basis of our legitimate interests (ie interest in the analysis, optimization and economic operation of our online offer within the meaning of Art. 6 Para. 1 lit Integrate services such as videos or fonts (hereinafter uniformly referred to as "content"). This always presupposes that the third-party providers of this content perceive the IP address of the user, since without the IP address they could not send the content to their browser. The IP address is therefore required for the display of this content. We endeavor to only use content whose respective providers only use the IP address to deliver the content. Third-party providers can also use so-called pixel tags (invisible graphics, also known as "web beacons") for statistical or marketing purposes. The "pixel tags" can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information can also be stored in cookies on the user's device and can contain, among other things, technical information about the browser and operating system, referring websites, visiting times and other information on the use of our online offer, and can also be linked to such information from other sources.

15.2. The following presentation offers an overview of third-party providers and their content, along with links to their data protection declarations, which contain further information on the processing of data and, in some cases already mentioned here, possibilities to object (so-called opt-out):

Maps provided by the "Google Maps" service provided by the third-party provider Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA. Data protection declaration: https://www.google.com/policies/privacy/, opt-out: https://www.google.com/settings/ads/.

16. Analysis Tools

16.1. tracking tools

The tracking measures listed below and used by us are carried out on the basis of Article 6 (1) sentence 1 lit. f GDPR. With the tracking measures used, we want to ensure a needs-based design and the continuous optimization of our website. On the other hand, we use the tracking measures to statistically record the use of our website and to evaluate it for the purpose of optimizing our offer for you. These interests are to be regarded as legitimate within the meaning of the aforementioned provision.

The respective data processing purposes and data categories can be found in the corresponding tracking tools.

16.1.1 Google Analytics

We use Google Analytics, a web analytics service provided by Google Inc. (https://www.google.de/intl/de/about/) (1600 Amphitheater Parkway, Mountain View, CA 94043, USA; hereinafter "Google"). In this context, pseudonymised user profiles are created and cookies (see Section 4) are used. The information generated by the cookie about your use of this website such as

browser type/version,
operating system used,
referrer URL (the previously visited page),
host name of the accessing computer (IP address),
time of server request,
are transferred to a Google server in the USA and stored there. The information is used to evaluate the use of the website, to compile reports on website activity and to provide other services related to website activity and internet usage for the purposes of market research and the needs-based design of these websites.

This information may also be transferred to third parties if this is required by law or if third parties process this data on our behalf. Under no circumstances will your IP address be merged with other Google data. The IP addresses are anonymized so that an assignment is not possible (IP masking). You can prevent the installation of cookies by setting the browser software accordingly; we would like to point out to you however that in this case not all functions of this website can be used in full.

You can also prevent the collection of the data generated by the cookie and related to your use of the website (including your IP address) and the processing of this data by Google by downloading and installing a browser add-on (https: //tools.google.com/dlpage/gaoptout?hl=en).

As an alternative to the browser add-on, especially for browsers on mobile devices, you can also prevent Google Analytics from collecting data by clicking on this link. An opt-out cookie will be set to prevent future collection of your data when you visit this website. The opt-out cookie is only valid in this browser and only for our website and is stored on your device. If you delete the cookies in this browser, you must set the opt-out cookie again.

Further information on data protection in connection with Google Analytics can be found in the Google Analytics help (https://support.google.com/analytics/answer/6004245?hl=de).

16.1.2 Google AdWords Conversion Tracking

We also use Google Conversion Tracking to statistically record the use of our website and to evaluate it for you in order to optimize our website.

Google Adwords places a cookie (see Section 4) on your computer if you click on a Google ad reached our website. These cookies lose their validity after 30 days and are not used for personal identification. If the user visits certain pages of the Adwords customer's website and the cookie has not yet expired, Google and the customer can recognize that the user clicked on the ad and was forwarded to this page.

Each Adwords customer receives a different cookie. This means that cookies cannot be tracked via the websites of Adwords customers. The information obtained using the conversion cookie is used to create conversion statistics for Adwords customers who have opted for conversion tracking. Adwords customers are informed of the total number of users who clicked on their ad and were redirected to a page with a conversion tracking tag. However, they do not receive any information with which users can be personally identified.

If you do not want to participate in the tracking process, you can also refuse the setting of a cookie required for this - for example via a browser setting that generally deactivates the automatic setting of cookies. You can also deactivate cookies for conversion tracking by setting your browser so that cookies from the "www.googleadservices.com" domain are blocked. You can find Google's privacy policy on conversion tracking here (https://services.google.com/sitestats/de.html).