Privacy

As of 20 April 2023

General part

Introduction

The protection of your personal data is important to us. It is an important part of our development and sales activities. With the following data protection declaration, we would like to inform you about the types of personal data (hereinafter referred to as “data”) we process, for what purposes and to what extent.

Controller

Controller of the personal data is:
Aurelius Cotta – Konrad Pika Trippel Partnerschaft von Rechtsanwälten mbB
Eschersheimer Landstraße 14
60322 Frankfurt am Main
Phone: +49 69 756640300
Email: contact@aurelius.law

Our data protection officer is:

MFM-Datenschutz-Consulting GmbH (Datenschutzfrankfurt), vertreten durch Ihre Geschäftsführer Marc Schönberger und Florian Kaiser

Mail:
Aurelius Cotta – Konrad Pika Trippel Partnerschaft von Rechtsanwälten mbB
– z.H. Datenschutzbeauftragter-
Eschersheimer Landstraße 14
60322 Frankfurt am Main

Email contact: datenschutz@datenschutzfrankfurt.de

Processing overview

Below you will first find an overview of the types of data processed and the persons affected by the processing.

Types of processed data

We divide the processed data into the following types:

  1. Usage data: This includes, in particular, websites visited and interests in content.
  2. Metadata: This means the data generated during the communication process, such as IP addresses, browser identification and device details.
  3. Content data: These mean those data that are provided when using our services themselves (texts, images, forms).
  4. Contact details: This includes e-mail addresses, telephone numbers and the postal address.
  5. Contract data: The data necessary for the conclusion of the contract, such as the subject of the contract and the parties concluding it.
  6. Inventory data: This is the existing core data such as names and addresses.
  7. Geodata: This includes, for example, the own location or the location targeted within a route.
  8. Payment data: Data on payment methods.
  9. Special pesonal data: Special personal data are data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, as well as genetic data, biometric data uniquely identifying a natural person, health data, or data concerning sex life or sexual orientation.

Categories of data subjects

We divide the persons concerned by the data processing into the following categories:

  1. Users: Visitors to our websites and online services.
  2. Applicant: People who apply to us.
  3. Interested parties: People who are interested in our services and contact us through this.
  4. Communication partner: People who establish communication with us.
  5. Customers: People who use our services as clients.
  6. Contractors: Persons with whom we have contractual relationships without them being customers.

Purposes for the pursuit of which the processing is carried out

In general, the processing of personal data is carried out for the following purposes:

  1. Provision of our online offer: We process data in order to be able to provide our online offer at all.
  2. Contact requests and communication: Processing of contact requests, etc.
  3. Office organization: Measures to organize the office, e.g. scheduling, division of tasks, etc.
  4. Provision of contractual services: Processing of data during the execution and initiation of contracts.
  5. Implementation of the application process: In the case of an application procedure, the data the data processed within the procedure.
  6. Implementation of the employment relationship: Data processing for the purpose of implementation, management and termination of employment relationship.

Overview and explanation of the legal basis

In the following, we inform you about the legal basis of the General Data Protection Regulation (GDPR), on the basis of which we process personal data. In addition to the regulations of the DSGVO, national regulations of the respective user’s country of residence or domicile may apply.

  1. Legitimate interests (Art. 6 para. 1 p.1 lit. f DSGVO): The processing is necessary for the purposes of the legitimate interests of the controller or of a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require the protection of personal data.
  2. Contract fulfillment and pre-contractual inquiries (Art. 6 para. 1 p. 1 lit. b. DSGVO): The processing is necessary for the performance of a contract to which the data subject is party or for the implementation of pre-contractual measures taken at the request of the data subject.
  3. Legal obligation (Art. 6 para. 1 p. 1 lit. c. DSGVO): The processing is necessary for compliance with a legal obligation to which the controller is subject.
  4. Protection of vital interests (Art. 6 para. 1 p. 1 lit. d. DSGVO): The processing is necessary to protect the vital interests of the data subject or another natural person.
  5. Application procedure as a pre-contractual or contractual relationship (Art. 9 para. 1 p. 1 lit. b DSGVO): (Insofar as special categories of personal data within the meaning of Article 9 (1) of the GDPR (e.g. health data, such as severely disabled status or ethnic origin) are requested from applicants in the context of the application process so that the controller or the data subject can exercise the rights accruing to him or her under labor law and social security and social protection law and fulfill his or her obligations in this regard, their processing shall be carried out in accordance with Article 9 (2) b. DSGVO, in case of protection of vital interests of the applicants or other persons according to Art. 9 para. 2 lit. c. DSGVO or for the purposes of preventive health care or occupational medicine, for the assessment of the employee’s ability to work, for medical diagnostics, care or treatment in the health or social sector or for the management of systems and services in the health or social sector pursuant to Art. 9 para. 2 lit. h. DSGVO. In the case of communication of special categories of data based on voluntary consent, their processing is based on Art. 9 para. 2 lit. a. DSGVO.).
  6. Data processing for the purposes of the employment relationship (§ 26 BDSG): We process (special) types of personal data in the employment relationship on the basis of the statutory provision for the purpose of establishing, implementing and terminating the employment relationship.
  7. Consent (if requested) (Art. 6 para. 1 p. 1 lit. a DSGVO): The data subject has given his/her consent to the processing of personal data concerning him/her for a specific purpose or purposes.
  8. Storage of information in the end user’s terminal equipment with the end user’s consent (§ Section 25 (1) sentence 1 TTDSG): We use memory areas of the terminal equipment of our users for certain functions with the explicit and informed consent of the same.
  9. Storage of information in the end user’s terminal equipment due to necessity (§ 25 Ab. 2 No. 2 TTDSG): Unless we have asked for your permission when you visit our website or use individual functions, we use the memory of your terminal device for the technical presentation and delivery of our telemedia service if this is technically absolutely necessary.
  10. Processing for the exercise of a public interest (Art. 6 para. 1 lit. e DSGVO): To the extent that processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

Security measures

We take appropriate technical and organizational measures in accordance with the legal requirements, taking into account the state of the art, the implementation costs and the nature, scope, circumstances and purposes of the processing, as well as the different probabilities of occurrence and the extent of the threat to the rights and freedoms of natural persons, in order to ensure a level of protection appropriate to the risk, Article 32 GDPR. The security measures we take include, in particular, the following.

  • Secure Sockets Layer | Transport Layer Security (SSL): We use SSL / TLS for encrypted transmission of data between the end devices of our visitors and our server. In this way, the risk of unauthorized viewing of the transmitted data is significantly reduced.

Transfer and disclosure of personal data to third parties

In the course of our processing of personal data, it may happen that the data is transferred to or data is disclosed to other bodies, companies, legally independent organizational units or persons. The recipients of this data may include in particular:

  • IT service provider: This includes service providers for the provision of hosting, mail services and server technology
  • Authorities: Government agencies with which we exchange data for the purpose of fulfilling orders or for legal reasons.

In such a case, we ensure the protection of personal data by concluding contracts or agreements with the respective third parties that serve to adequately protect the data. We carefully and conscientiously select third parties to whom we disclose data. Insofar as we use third-party providers or platforms to provide our services, the terms and conditions and data protection notices of the respective third-party providers or platforms apply in the relationship between the users and the providers.

Data processing in third countries

Insofar as we process data in a third country, i.e. a country outside the European Union or the European Economic Area, or the processing is carried out by third parties outside this area, this processing is only carried out in accordance with the applicable legal provisions. Subject to the express consent of the data subjects or legally required transfers, we only process data or have data processed in third countries with an adequate level of protection. This includes, in particular, countries that process on the basis of special guarantees, such as contractual obligation through so-called standard protection clauses of the EU Commission, the existence of certifications or binding internal data protection regulations (Art. 44 to 49 DSGVO).

General note on the deletion of data

The data processed by us will be deleted in accordance with the legal requirements as soon as the consent to its processing has been revoked or other permissions (e.g. legitimate interests, legal obligations, etc.) cease to apply. If the data is not deleted because it is required for other and legally permissible purposes, its processing is limited to these purposes. I.e., the data is blocked and not processed for other purposes. This applies, for example, to data that must be retained for reasons of commercial or tax law or whose storage is necessary for the assertion, exercise or defense of legal claims or for the protection of the rights of another natural or legal person. Further information on the deletion of personal data is provided, where applicable, under the individual points of this data protection declaration.

Special part

Cookies use

A “cookie” is a small text file that is stored on the visitor’s computer at the request of our systems and if the browser setting of our visitor allows it. This has a key and a value and is used to identify the end device beyond a request-response cycle (perpetuation of the session). The key and value of the cookie are processed by the setting system for each request. Below you will find a list of the cookies we use and the associated information.

We do not use cookies by default.

Used memory areas of the end device

We use storage areas of the end user’s device that the browser makes available to us (sessionStorage, localStorage).

Data processing (internal)

Mandate relationship

Information and description

Special information on the mandate relationship

We collect the following information when a mandate is issued:
– Salutation, first name, last name,
– a valid e-mail address,
– address,
– telephone number (landline and/or mobile)
– Information necessary for the assertion and defense of your rights within the scope of the mandate.

This data is collected,
– to be able to identify you as our client;
– to be able to provide you with appropriate legal advice and representation;
– to correspond with you;
– for invoicing purposes;
– for the settlement of any existing liability claims and the assertion of any claims against you.

The data processing is carried out upon your request and is necessary according to Art. 6 para. 1 p. 1 lit. b DSGVO for the aforementioned purposes for the appropriate processing of the mandate and for the mutual fulfillment of obligations arising from the mandate agreement.
The personal data collected by us for the mandate will be stored until the expiry of the statutory retention obligation for lawyers (6 years after the end of the calendar year in which the mandate was terminated) and then deleted, unless we are required by Article 6 para. 1 S. 1 lit. c DSGVO, we are obliged to store the data for a longer period of time due to tax and commercial law retention and documentation obligations (from HGB, StGB or AO), or you have consented to storage beyond this period in accordance with Art. 6 Para. 1 S. 1 lit. a DSGVO.

Transfer of data from the client relationship:
Your personal data will not be transferred to third parties for purposes other than those listed below.
Insofar as this is necessary in accordance with Art. 6 Para. 1 Sentence 1 lit. b DSGVO for the processing of mandate relationships with you, your personal data will be passed on to third parties. This includes in particular the disclosure to opposing parties and their representatives (in particular their lawyers) as well as courts and other public authorities for the purpose of correspondence and the assertion and defense of your rights. The data passed on may be used by the third party exclusively for the purposes stated.

The attorney-client privilege remains unaffected. Insofar as data subject to attorney-client privilege is involved, it will only be disclosed to third parties in consultation with you.

Data processing by external service providers and processors

1&1 IONOS SE

IONOS SE

Information and description

We use server services provided by IONOS SE to host our services. This may include web hosting and hosting of mail services.

Function

E-mail services

We use external service providers in order to be able to send e-mails securely and with a high delivery rate. For this purpose, we pass on the e-mail address of the persons addressed to the service provider within the framework of the SMTP protocol (or comparable API) together with the content. The service provider will only use this address to carry out the process of checking and delivering the e-mail.

Processed data: Metadata, Content data, Contact details

Affected persons: Users

Legal basis of processing: Legitimate interests, Consent (if requested)

Legitimate Interests:

  • Maintenance-free: Our legitimate interest in using technology that is low-maintenance or maintenance-free for us. This ensures, as it were, a constantly high level of security for the services.;
  • Development Outsourcing: Our legitimate interest in not having to develop all services ourselves and instead relying on highly complex services operated by third parties.;
  • Security: Our legitimate interest in securing our offers against unauthorized and damaging access.;
  • High availability: Our legitimate interest in using a highly available service.

Server and network infrastructure

We use the services of a specialized and reputable company to operate and maintain our server and network infrastructure (data centers).

Processed data: Usage data, Metadata, Content data, Contact details, Contract data

Affected persons: Users

Legal basis of processing: Legitimate interests

Legitimate Interests:

  • Maintenance-free: Our legitimate interest in using technology that is low-maintenance or maintenance-free for us. This ensures, as it were, a constantly high level of security for the services.;
  • High availability: Our legitimate interest in using a highly available service.

Provider information

1&1 IONOS SE; 1&1 IONOS SE Elgendorfer Str. 57 56410 Montabaur, https://www.ionos.de/terms-gtc/terms-privacy

Rights of the data subjects

The data subjects are entitled to rights, which we inform you about below.

  • Right of objection (Art. 21 GDPR): You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Article 6(1)(e) or (f) DSGVO; this also applies to profiling based on these provisions. If the personal data concerning you is processed for the purposes of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purposes of such marketing; this also applies to profiling, insofar as it is related to such direct marketing.
  • Right to information (Art. 15 GDPR): You have the right to request confirmation as to whether data in question is being processed and to information about this data, as well as further information and a copy of the data in accordance with the legal requirements.
  • Right to rectification (Art. 16 GDPR): In accordance with the legal requirements, you have the right to request that the data concerning you be completed or that incorrect data concerning you be corrected.
  • Right to erasure and restriction of processing (Art. 17, 18 DSGVO): In accordance with the statutory provisions, you have the right to demand that data relating to you be deleted immediately or, alternatively, to demand restriction of the processing of the data in accordance with the statutory provisions.
  • Right to data portability (Art. 20 GDPR): You have the right to receive data concerning you, which you have provided to us, in a structured, common and machine-readable format in accordance with the legal requirements, or to request that it be transferred to another responsible party.
  • Complaint to supervisory authority (Art. 77 GDPR): You also have the right, in accordance with the law, to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, your place of work or the place of the alleged infringement, if you believe that the processing of personal data relating to you infringes the GDPR.
  • Right of withdrawal for consents (Art. 7 para.3 DSGVO): You have the right to revoke any consent you have given to the person responsible at any time.

Glossary

Below you find a list with explanations of the most frequently used terms in this context.

Personal data

“Personal data” means any information relating to an identified or identifiable natural person (hereinafter “data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person (cf. Art. 4 No. 1 GDPR)

Processing

“Processing” means any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organization, filing, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction (cf. Art. 4 No. 2 GDPR).

Controller

Controller” means the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its designation may be provided for under Union or Member State law (cf. Art. 4 No. 7 GDPR).

Processor

“Processor” means a natural or legal person, public authority, agency or other body that processes personal data on behalf of the Controller (see Article 4 No. 8 GDPR).

Click tracking

“Click tracking” allows tracking whether and on which button a user has clicked, where this click has led the user and, if applicable, from which page of the online offer the click originated.