As of 20 April 2023
General part
Introduction
The protection of your personal data is important to us. It is an important part of our development and sales activities. With the following data protection declaration, we would like to inform you about the types of personal data (hereinafter referred to as “data”) we process, for what purposes and to what extent.
Controller
Controller of the personal data is:
Aurelius Cotta – Konrad Pika Trippel Partnerschaft von Rechtsanwälten mbB
Eschersheimer Landstraße 14
60322 Frankfurt am Main
Phone: +49 69 756640300
Email: contact@aurelius.law
Our data protection officer is:
MFM-Datenschutz-Consulting GmbH (Datenschutzfrankfurt), vertreten durch Ihre Geschäftsführer Marc Schönberger und Florian Kaiser
Mail:
Aurelius Cotta – Konrad Pika Trippel Partnerschaft von Rechtsanwälten mbB
– z.H. Datenschutzbeauftragter-
Eschersheimer Landstraße 14
60322 Frankfurt am Main
Email contact: datenschutz@datenschutzfrankfurt.de
Processing overview
Below you will first find an overview of the types of data processed and the persons affected by the processing.
Types of processed data
We divide the processed data into the following types:
Categories of data subjects
We divide the persons concerned by the data processing into the following categories:
Purposes for the pursuit of which the processing is carried out
In general, the processing of personal data is carried out for the following purposes:
Overview and explanation of the legal basis
In the following, we inform you about the legal basis of the General Data Protection Regulation (GDPR), on the basis of which we process personal data. In addition to the regulations of the DSGVO, national regulations of the respective user’s country of residence or domicile may apply.
Security measures
We take appropriate technical and organizational measures in accordance with the legal requirements, taking into account the state of the art, the implementation costs and the nature, scope, circumstances and purposes of the processing, as well as the different probabilities of occurrence and the extent of the threat to the rights and freedoms of natural persons, in order to ensure a level of protection appropriate to the risk, Article 32 GDPR. The security measures we take include, in particular, the following.
Transfer and disclosure of personal data to third parties
In the course of our processing of personal data, it may happen that the data is transferred to or data is disclosed to other bodies, companies, legally independent organizational units or persons. The recipients of this data may include in particular:
In such a case, we ensure the protection of personal data by concluding contracts or agreements with the respective third parties that serve to adequately protect the data. We carefully and conscientiously select third parties to whom we disclose data. Insofar as we use third-party providers or platforms to provide our services, the terms and conditions and data protection notices of the respective third-party providers or platforms apply in the relationship between the users and the providers.
Data processing in third countries
Insofar as we process data in a third country, i.e. a country outside the European Union or the European Economic Area, or the processing is carried out by third parties outside this area, this processing is only carried out in accordance with the applicable legal provisions. Subject to the express consent of the data subjects or legally required transfers, we only process data or have data processed in third countries with an adequate level of protection. This includes, in particular, countries that process on the basis of special guarantees, such as contractual obligation through so-called standard protection clauses of the EU Commission, the existence of certifications or binding internal data protection regulations (Art. 44 to 49 DSGVO).
General note on the deletion of data
The data processed by us will be deleted in accordance with the legal requirements as soon as the consent to its processing has been revoked or other permissions (e.g. legitimate interests, legal obligations, etc.) cease to apply. If the data is not deleted because it is required for other and legally permissible purposes, its processing is limited to these purposes. I.e., the data is blocked and not processed for other purposes. This applies, for example, to data that must be retained for reasons of commercial or tax law or whose storage is necessary for the assertion, exercise or defense of legal claims or for the protection of the rights of another natural or legal person. Further information on the deletion of personal data is provided, where applicable, under the individual points of this data protection declaration.
Special part
Cookies use
A “cookie” is a small text file that is stored on the visitor’s computer at the request of our systems and if the browser setting of our visitor allows it. This has a key and a value and is used to identify the end device beyond a request-response cycle (perpetuation of the session). The key and value of the cookie are processed by the setting system for each request. Below you will find a list of the cookies we use and the associated information.
We do not use cookies by default.
Used memory areas of the end device
We use storage areas of the end user’s device that the browser makes available to us (sessionStorage, localStorage).
Data processing (internal)
Mandate relationship
Information and description
Special information on the mandate relationship
We collect the following information when a mandate is issued:
– Salutation, first name, last name,
– a valid e-mail address,
– address,
– telephone number (landline and/or mobile)
– Information necessary for the assertion and defense of your rights within the scope of the mandate.
This data is collected,
– to be able to identify you as our client;
– to be able to provide you with appropriate legal advice and representation;
– to correspond with you;
– for invoicing purposes;
– for the settlement of any existing liability claims and the assertion of any claims against you.
The data processing is carried out upon your request and is necessary according to Art. 6 para. 1 p. 1 lit. b DSGVO for the aforementioned purposes for the appropriate processing of the mandate and for the mutual fulfillment of obligations arising from the mandate agreement.
The personal data collected by us for the mandate will be stored until the expiry of the statutory retention obligation for lawyers (6 years after the end of the calendar year in which the mandate was terminated) and then deleted, unless we are required by Article 6 para. 1 S. 1 lit. c DSGVO, we are obliged to store the data for a longer period of time due to tax and commercial law retention and documentation obligations (from HGB, StGB or AO), or you have consented to storage beyond this period in accordance with Art. 6 Para. 1 S. 1 lit. a DSGVO.
Transfer of data from the client relationship:
Your personal data will not be transferred to third parties for purposes other than those listed below.
Insofar as this is necessary in accordance with Art. 6 Para. 1 Sentence 1 lit. b DSGVO for the processing of mandate relationships with you, your personal data will be passed on to third parties. This includes in particular the disclosure to opposing parties and their representatives (in particular their lawyers) as well as courts and other public authorities for the purpose of correspondence and the assertion and defense of your rights. The data passed on may be used by the third party exclusively for the purposes stated.
The attorney-client privilege remains unaffected. Insofar as data subject to attorney-client privilege is involved, it will only be disclosed to third parties in consultation with you.
Data processing by external service providers and processors
1&1 IONOS SE
IONOS SE
Information and description
We use server services provided by IONOS SE to host our services. This may include web hosting and hosting of mail services.
Function
E-mail services
We use external service providers in order to be able to send e-mails securely and with a high delivery rate. For this purpose, we pass on the e-mail address of the persons addressed to the service provider within the framework of the SMTP protocol (or comparable API) together with the content. The service provider will only use this address to carry out the process of checking and delivering the e-mail.
Processed data: Metadata, Content data, Contact details
Affected persons: Users
Legal basis of processing: Legitimate interests, Consent (if requested)
Legitimate Interests:
Server and network infrastructure
We use the services of a specialized and reputable company to operate and maintain our server and network infrastructure (data centers).
Processed data: Usage data, Metadata, Content data, Contact details, Contract data
Affected persons: Users
Legal basis of processing: Legitimate interests
Legitimate Interests:
Provider information
1&1 IONOS SE; 1&1 IONOS SE Elgendorfer Str. 57 56410 Montabaur, https://www.ionos.de/terms-gtc/terms-privacy
Rights of the data subjects
The data subjects are entitled to rights, which we inform you about below.
Glossary
Below you find a list with explanations of the most frequently used terms in this context.
Personal data
“Personal data” means any information relating to an identified or identifiable natural person (hereinafter “data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person (cf. Art. 4 No. 1 GDPR)
Processing
“Processing” means any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organization, filing, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction (cf. Art. 4 No. 2 GDPR).
Controller
Controller” means the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its designation may be provided for under Union or Member State law (cf. Art. 4 No. 7 GDPR).
Processor
“Processor” means a natural or legal person, public authority, agency or other body that processes personal data on behalf of the Controller (see Article 4 No. 8 GDPR).
Click tracking
“Click tracking” allows tracking whether and on which button a user has clicked, where this click has led the user and, if applicable, from which page of the online offer the click originated.