Basic information on
data processing
As a website operator, we take the
protection of your personal data
very seriously. We process
personal data collected when you visit
our websites in
compliance with the applicable
data protection regulations.
We will not publish your data or
pass it on to third parties without authorization.
By simply quoting a
regulation, we want to express
the standard on which
data processing is justified,
should personal data be processed
during the respective process.
I. Subject matter of data protection
The subject of data protection is
personal data. This is
information that relates to an
identified or identifiable
natural person.
Unless otherwise stated in this document or
other circumstances indicate otherwise,
we are unable to identify you.
Insofar as we obtain the consent of the data subject for the processing of personal data, Art. 6 (1) (a) of the EU General Data Protection Regulation (GDPR) serves as the legal basis for the processing of personal data.
EU General Data Protection Regulation (GDPR)
serves as the legal basis for the processing
of personal data.
When processing
personal data that is necessary for the
fulfillment of a contract to which the
data subject is a party
, Art. 6 (1) (b) GDPR serves as the legal basis. This
also applies to processing operations that are
necessary for the implementation of pre-contractual
measures.
Insofar as the processing of personal data is necessary for the fulfillment of a legal obligation to which our company is subject, Art. 6 para. 1 sentence 1 lit. c GDPR serves as the legal basis.
In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 para. 1 sentence 1 lit. f GDPR serves as the legal basis.
In the event that vital
interests of the data subject or
another natural person require
the processing of personal data,
Art. 6 (1)
(1) (d) GDPR serves as the legal basis.
If processing is necessary to safeguard
a legitimate interest of our
company or a third party
and the interests, fundamental rights, and
fundamental freedoms of the data subject do not override the
former interest,
Art. 6 para. 1 sentence 1 lit. f GDPR as the
legal basis for the processing.
The personal data of the
data subject will be deleted or
blocked as soon as the purpose of
storage no longer applies. Storage
may also take place if
this is required by European or
national legislators in
EU regulations, laws, or other provisions to which the controller is subject.
The data will also be blocked or deleted if a
retention period prescribed by the aforementioned standards expires, unless
further storage of the data is necessary for the conclusion of a contract or for the
purpose of data processing.
The data will be blocked or deleted as soon as the purpose of storage ceases to apply.
Storage may also take place if
this is required by European or national legislators in EU regulations, laws, or other provisions to which the controller is subject.
The data will also be blocked or deleted if a retention period
storage period prescribed by the aforementioned standards, unless
there is a need for further
storage of the data for the
conclusion or fulfillment of a contract.
II. Data processing in the context of a mandate
II. Data processing in the mandate
Below, we outline the circumstances and provide you with an overview of the processing of personal data by our law firm when executing client mandates.
aa. Data collection and use
We process personal data that we receive from our clients or other customers in the course of our business relationship.
We also process personal data that we receive from other customers.
Furthermore, we process personal data that we receive from other customers.
We also process personal data that we receive from other customers.
Furthermore, we process personal data that we receive from other customers.
We also
Furthermore, we process—if and
to the extent necessary for the provision of our
legal services—personal data that we have received from
third parties in a permissible manner (e.g., for the
execution of orders, the fulfillment of
contracts, or on the basis of consent granted by
consent given by you.
This includes, for example, opponents,
insurance companies, including
legal expenses insurers, courts,
including their offices, and
other administrative bodies.
On the other hand, we process
personal data that we may lawfully obtain and
process from publicly accessible sources (e.g., debtor registers, land registers, commercial and association registers, press, media, Internet; registrars (e.g., DPMA)) or that is publicly available.
DPMA)) in a permissible manner and
are permitted to process, or which are provided to us
the course of performing our
legal services from third parties (e.g.
claimants, authorities,
insurers, hospitals,
Lawyers) in the course of
legal correspondence.
Personal data when
opening a master data file, in the course of
commissioning and processing, may
include:
Name, company, address/other
contact details (telephone, fax,
email address, SAFE ID),
date/place of birth, gender,
nationality, marital status,
legal capacity, residential status
(rent/ownership),
social security data,
health data (including
data relevant to social law),
account data, payment transaction data,
life and pension insurance data,
employment, disability, and
long-term care insurance data, private and
public health insurance data,
insurance numbers, information from
correspondence with third parties
When using digital processes to
carry out the lawyer's assignment,
e.g., through electronic correspondence
with legal protection insurers, other
insurers, hospitals, authorities,
this may involve
order data processing, for which
we
conclude order data processing agreements with
the order data processors.
bb. What we process your data for
bb. Why we process your data
(processing purpose / legal basis)
We process the aforementioned personal data in accordance with the provisions of the EU General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG).
To fulfill contractual obligations (Article 6(1)(b) GDPR)
To fulfill contractual obligations (Article 6(1)(b) GDPR)
To fulfill contractual obligations (Article 6(1)(b) GDPR)
The processing of personal data is carried out for the provision and
handling (including billing)
of legal services within the scope of
the execution of our contracts with
our clients or for the implementation of
pre-contractual measures that are carried out at your
request.
The processing of personal data of third parties may also be carried out for the provision and handling of legal services within the scope of the respective service contract, insofar as this is necessarily related to the service contract, e.g., personal data of other attorneys, experts, witnesses, contact persons of third-party companies or authorities, etc.
, e.g., personal data of other lawyers, experts,
witnesses, contact persons of third-party
companies or authorities, etc.
The processing of personal data of third parties is otherwise carried out for the purpose of implementing and executing contractual relationships with such third parties, usually service providers or contractual partners from whom we obtain operating resources or whose services we use to perform and maintain our legal practice.
obtain operating resources or whose
services we use to carry out and
maintain our legal
business activities;
exclusively for the purpose of initiating, establishing,
or processing the relevant
contractual relationship.
The purpose of data processing
depends on the respective
order. It may, for example, concern verbal or
written advice, the drafting
of contracts, representation before authorities or
courts, the handling
and conclusion of settlements.
It may also concern the execution and
It may also relate to the implementation and
processing of other
contractual relationships with third parties whose
services are used for the business operation
of the legal practice.
Within the scope of weighing up interests (Article 6(1)(f) GDPR)
If necessary, we process
your data beyond the actual
performance of the contract to
safeguard our legitimate interests or those of third parties. Examples:
Assertion of further legal claims and
- Assertion of further legal claims and defense in legal disputes
- Ensuring IT security and IT operations
- Prevention of criminal offenses
- Measures for building and
facility security (e.g.,
access controls)
- Measures to ensure
house rules
- Measures for business management and
further development of
services and products
- Measures to prevent conflicts of interest
Based on your consent (Article 6(1)(a) GDPR)
If you have given us your consent to
process personal data
for specific purposes (e.g., disclosure
of data to legal protection insurers,
other insurers, hospitals,
authorities), the
lawfulness of this processing is based
on your consent
. You can revoke your consent at any time.
You can also revoke any declarations of consent that
you gave us before the EU GDPR came into effect, i.e., before May 25, 2018.
However, such revocation only applies to the future. This means that the lawfulness of data processing
that took place before the revocation remains unaffected.
. However, such revocation only applies
to the future. This means that the
lawfulness of data processing
that took place before such revocation
remains unaffected by the revocation.
Due to legal requirements
(Article 6(1)(c) GDPR) or in the
public interest (Article 6(1)(e) GDPR)
In addition, as a consulting company, we may be subject to legal obligations (e.g., money laundering laws or tax laws). The purposes of processing therefore also include any control and reporting obligations to the extent required and necessary by law.
the extent required and necessary by law.
cc. Who receives data?
Within our law firm,
all departments that are necessarily entrusted with the
fulfillment of contractual and
legal obligations and come into contact with your data will have access to it.
This means that such data may also be processed by
service providers or our
vicarious agents if and to the extent that this is necessary to fulfill such
legal requirements.
service providers or our
vicarious agents if and to the extent that this
satisfies the legal requirements for such
processing and such processing is necessary.
When transferring data to recipients outside our
law firm, it should be noted that, as attorneys, we are bound by professional secrecy.
When passing on data to recipients outside our law firm, it should be noted that, as lawyers, we are bound to secrecy regarding all assignment-related information and assessments within the scope of the attorney-client agreement. Such confidential information is therefore subject to special legal protection. We are obliged to keep confidential any information that we become aware of. Such confidential information is therefore subject to special legal protection. We are obliged to keep confidential any information that we become aware of. Such confidential information is therefore subject to special legal protection. We are obliged to keep confidential any information that we become aware
, of which we become aware. Such confidential
information is therefore subject to
special legal protection. We
only pass it on to the extent necessary
if this is mandatory under legal
provisions, you have given your
have given your legally valid consent, or
processors commissioned by us
are equally bound to comply with
attorney confidentiality and the
requirements of the
EU General Data Protection Regulation / the
Federal Data Protection Act.
The recipients of personal data listed below
will therefore either not receive this data
in the case of a lawyer's mandate,
or only under the above-mentioned
restricted conditions.
Under these conditions,
recipients of personal data may include, for example:
- public authorities and
institutions,
legal protection insurers,
health insurance companies, hospitals, social security institutions,
tax advisors, auditors,
debt collection agencies, statutory and
private pension insurers,
tax advisors, auditors,
collection agencies, statutory and
private pension insurers
- support/maintenance of
EDP/IT applications, providers of
telephone services
(office services), data destruction,
debt collection,
postal service providers, operators of
special means of communication,
such as the electronic court and
administration mailbox or the
nationally standardized
lawyer mailbox.
Other data recipients may
be those entities for which you have given your legally binding consent to data transfer in individual cases
individual cases
have given your legally valid consent to the transfer of data
or for which you have released us from
the obligation of attorney-client confidentiality
in accordance with an agreement or
consent.
dd. Is data transferred to a third country
or to an international organization?
Data is only transferred to countries
outside the EU or the EEA
(so-called third countries) in exceptional cases,
if this is necessary in individual cases to carry out the
legal mandate due to a
foreign connection
and you have given us legally valid consent or if there is another legal justification.
foreign connection
and you have given us legally valid
consent or if there is
another legal justification,
such as an
adequacy decision for the
destination country.
ee. How long is data stored?
We process and store your personal data for as long as it is necessary for the fulfillment of our contractual and legal obligations.
We process and store your
personal data for as long as it is necessary for
the fulfillment of our contractual and
legal obligations.
Depending on the type of
contractual obligation, e.g., in the case of
continuing obligations, it may be necessary
for the entire duration of the
continuing obligation or,
in the case of potentially very lengthy
legal proceedings,
it may be necessary to store the data for the
entire duration of the
contractual relationship,
so that the retention period only begins with the
termination of such a long-term
contractual relationship.
If the data is no longer required for the fulfillment of
contractual or legal
obligations, it will be deleted regularly, unless
its further processing—which may be limited in time—is
necessary for the following purposes:
- Compliance with commercial and
tax law
retention periods from the
German Commercial Code (HGB),
the German Fiscal Code (AO), the
Money Laundering Act, if applicable, and
social security regulations. The
retention and documentation periods specified therein
range from two to ten years.
- Preservation of
evidence and documentation to
defend against liability and enforce
legal claims within the framework of the
statute of limitations.
- Retention of
the ability to check for
conflicts of interest.
- According to § 50 BRAO, the
retention period for lawyers'
(including electronic) files is 6
years.
According to §§196 ff. of the German Civil Code (BGB), these limitation periods can be up to 30 years, whereby the regular limitation period is three years and, in the law of unjust enrichment, 10 years.
III. Collection, use, and storage of data when visiting our websites
III. Collection, use, and storage of data when visiting our websites
1. General information about our website
We use 1&1 IONOS SE, Elgendorfer Straße 57, 56410 Montabaur, Germany, as our web hosting provider within the scope of commissioned data processing, i.e., this company acts on our behalf to deliver the website to you technically. We remain the responsible body towards you, so that we also refer to "us" in the following.
to deliver the website to you
technically. We remain the responsible body
towards you, so
we will continue to refer to ourselves as "we"
even though 1&1 handles this technically
for us.
When you visit our website,
we receive your full IP address from your computer.
Only with this IP address can we transfer the data from our website to you so that the website is displayed to you (Art. 6
para. 1 sentence 1 lit. b and lit. f GDPR). The
system temporarily stores the IP address.
The temporary storage of the IP address by the system is necessary to ensure that the website is displayed to you (Art. 6
para. 1 sentence 1 lit. b and lit. f GDPR). The
temporary storage of the
IP address by the system is
necessary to enable the delivery of the
website to your computer.
For this purpose, your IP address may
have to remain stored for the duration of the session. Since you have requested the website, this is in the mutual legitimate interest. Your IP address
will be deleted as soon as the session has ended.
for the duration of the session. Since you have requested the website, this is in the mutual legitimate interest. We must pass on your IP address to the Internet provider in order to have the website data transmitted to you.
Beyond the processing for the transmission of the retrieved data, the full IP address is not stored.
Beyond the processing required to transfer
the requested data, the
full IP address is not
stored.
There is no option to object,
as these processes are essential for the operation of the
website.
Please do not visit our site if
you wish to object.
Any use of your
personal data will only be for the
purposes stated and to the extent necessary to
achieve these purposes.
Transfers of personal data to government institutions and
Personal data will only be transferred to government institutions and authorities within the framework of mandatory national legislation or if the transfer is necessary for legal or criminal prosecution in the event of attacks on our network infrastructure.
. No disclosure to third parties for other purposes takes place.
2. Visiting our
status website
When you visit our
status website, the website is displayed on our behalf
by servers of
1601.communication gmbh, Am
Weichselgarten 5, 91058 Erlangen. The
successful login is recorded in a log file
(Art. 6 (1) (b) GDPR).
if someone attempts to log in with
your login but an incorrect password
or if a login
that is blocked is used.
This serves to ensure the security of the system
(Art. 6 (1) (f) GDPR) and is evaluated in the event of
problems in order to ensure our
legitimate interest in
maintaining the service.
The data is deleted 7 days after the
event. There is no
possibility of objection, as these processes are necessary for the operation of the service.
The data is deleted 7 days after the
event. There is no
option to object,
as these processes are essential for the operation of the
website.
Please do not visit our site if
you wish to object.
On our
status website, the cookie
"PHPSESSID" is also used. This is
technically necessary because it stores
your login information so that you
do not have to constantly
re-register after logging in. The cookie is deleted when
you close your browser. A
cookie is a piece of information, e.g. in the
form of a small file, which the
web server creates on the visitor's computer.
When you visit again
or continuing the visit, the web server can
retrieve the information again. If you block the cookie in your browser, which would be your option to object, you will no longer be able to successfully log in to the
status website.
The transfer of personal data to government institutions and authorities only takes place within the framework of mandatory national legislation.
The transfer of personal data to government institutions and authorities only takes place within the framework of mandatory national legislation.
The transfer of personal data to government institutions and authorities only takes place within the framework of mandatory national legislation.
The transfer of personal data to government institutions and authorities only takes place within the framework of mandatory national legislation.
The transfer of personal data to government institutions and authorities only takes place within the
Personal data is only transferred to government institutions and authorities within the framework of mandatory national legislation or if the transfer is necessary for legal or criminal prosecution in the event of attacks on our network infrastructure.
. Data will not be disclosed to third parties for any other purposes.
3. Visiting the Webakte website
When you visit our
Webakte website, the website is displayed on our behalf by
e.Consult ® Aktiengesellschaft, Neugrabenweg 1,
66123 Saarbrücken, on servers belonging to DATEV eG, Paumgartnerstr. 6 - 14, 90429 Nuremberg.
Furthermore, 66123 Saarbrücken, Germany, on servers belonging to DATEV eG, Paumgartnerstr. 6 - 14, 90429 Nuremberg, Germany.
In all other respects, Section III. 1. applies accordingly, as here too your IP address is only used for the duration of the session to deliver the website.
When you log in, your login data is used to identify you and display the data that applies to you,
as well as to enable you to communicate with us (Art. 6 (1) (b) GDPR).
III. Forms on our website
1. Contact forms
When you use one of the contact forms,
the information provided there
is transmitted to us and
stored.
We use the data exclusively
to respond to your inquiry and,
if the inquiry relates to a
contractual relationship or if a contractual relationship arises from it,
to initiate and process the
contractual relationship (Art. 6 (1) (b) GDPR). Our legitimate interest
is to respond to your inquiry and, if the inquiry relates to a contractual relationship or if a contractual relationship arises from it, to initiate and process the contractual relationship.
initiate and process the
contractual relationship (Art. 6 (1) (b), (f) GDPR). Our legitimate interest
lies in fulfilling your communication request.
If you are already our
customer or become one in the future,
we may collect, store, modify, and transmit the data for the establishment,
execution, or termination of the
contractual relationship without requiring your consent
(Art. 6 para. 1 sentence 1 lit. b GDPR) and as long as
this is permitted by law. In other
cases, we store your data
for as long as it is necessary to fulfill our contractual obligations.
(Art. 6 (1) (b) GDPR) and as long as
the law permits us to do so. In other
cases, we do not store your data
for longer than 3 months.
If you wish to contact us by email,
we would like to point out that the content of unencrypted emails
can be viewed by third parties.
We therefore recommend that you send confidential information
in encrypted form or by post.
2. Form
Granting of mandate
If you grant us mandates using these forms, please note our comments on data processing in the mandate above.
3. Registration for events
3. Registration for events
When you register for an event, we process the data you provide in the form
to enable you to participate in the event, to remove you from the event at your request,
verify your eligibility to participate, determine the requirements for a training certificate, and charge you any fees that may be incurred (Art. 6 (1) (b) GDPR). The only mandatory information is your name and email address.
The data will only be stored beyond the event if the event is subject to a fee or if you request a training certificate. In this case, the data will be stored for three years from the end of the year in which the event took place.
The data will only be stored beyond the event if the event is subject to a fee or if you request a training certificate. In this case, the data will be stored for three years from the end of the year in which the event took place,
as well as for the period required for tax retention purposes, i.e., currently 10 years.
IV. Applications
We process your application data for the purpose of determining your suitability in relation to the needs of the law firm. If you wish to enter into an employment contract with us by submitting your application, the legal basis is Art. 6 (1) (b) GDPR.
If special categories of personal data within the meaning of Art. 9 (1) GDPR are voluntarily provided during the application process, they will also be processed in accordance with Art. 9 (2) lit. b GDPR (e.g., health data, such as severe disability or ethnic origin). If special categories of personal data within the meaning of Art. 9 (1) GDPR are requested from applicants as part of the application process, their processing is additionally carried out in accordance with Art. 9 (2) (a) GDPR (e.g., health data if this is necessary for the performance of the job).
If an application is successful, the data provided by applicants may be further processed by us for the purposes of the employment relationship (Article 6(1)(b) GDPR in conjunction with Section 26 BDSG). Upon hiring, we will inform you again about data processing in the employment relationship. Otherwise, if the application is not successful, the applicant's data will be deleted. The applicant's data will also be deleted if an application is withdrawn, which applicants are entitled to do at any time.
Subject to a justified revocation by the applicant, the data will be deleted after a period of eight months so that we can answer any follow-up questions regarding the application and fulfill our obligations to provide evidence under the Equal Treatment Act. Invoices for any travel expense reimbursements will be archived for 10 years in accordance with tax law requirements.
V. Your data protection rights
Below, we explain
the rights that, in our view,
may be remotely relevant to the above-mentioned data processing.
Please note that
you may have further rights in the context of other
data processing operations and under
special laws, e.g.,
professional law. You have the
right:
- pursuant to Art. 7 (3) GDPR, to
revoke your consent
at any time
. As a result,
we will no longer be permitted to continue processing data based on
this consent in the future.
The lawfulness of data processing until revocation remains unaffected;
pursuant to Art. 15 GDPR, you have the right to obtain confirmation as to whether we are processing personal data relating to you.
- pursuant to Art. 15 GDPR, the right to obtain confirmation as to whether we are processing personal data about you,
- pursuant to Art. 15 GDPR, to request information
about your personal data processed by us.
In particular, you may request
information about the purposes of processing, the category of personal data, the categories of recipients, and the existence of automated decision-making.
information about the
purposes of processing, the category
of personal data, the
categories of recipients to whom
your data has been or will be disclosed, the planned
storage period, the existence of a
right to rectification, erasure,
restriction of processing, or
objection, the existence of a
right to lodge a complaint, the origin of your
data if it was not collected by us, and the
existence of automated
decision-making, including
profiling, and, if applicable, meaningful
information about its details;
pursuant to Art. 16 GDPR, you may
request the immediate correction of incorrect or
- pursuant to Art. 16 GDPR, to immediately
request the correction of incorrect or
incomplete personal data stored by us
about you;
- pursuant to Art. 17 GDPR, to request the deletion
of your personal data stored by us,
unless the processing is necessary
for exercising the right
to freedom of expression and information,
for compliance with a legal obligation,
for reasons of public interest,
or for the establishment, exercise,
or defense of legal claims;
information, to fulfill a
legal obligation, for reasons of public interest,
or to assert, exercise,
or defend legal claims;
- pursuant to Art. 18 GDPR, to
request the restriction of the processing of your
personal data,
insofar as the accuracy of the data is disputed by you,
the processing is unlawful,
but you refuse to have it deleted and
we no longer need the data,
but you need it to assert,
exercise, or defend
legal claims, or you
have objected to the processing
pursuant to Art. 21 GDPR;
- pursuant to Art. 20 GDPR, you
receive your personal data that you have provided to us
in a structured, commonly used, and
machine-readable format or request its transmission to
another controller;
another controller;
pursuant to Art. 77 GDPR, you may lodge a complaint with a supervisory authority. As a rule, you can contact the
- pursuant to Art. 77 GDPR, to lodge a complaint with
a supervisory authority. As a rule, you can
contact the supervisory authority
of your usual place of residence or
work for this purpose.
- If your personal data is processed on the basis of legitimate interests pursuant to Art. 6 (1) (1) (f) GDPR, you have the right to object to the processing of your personal data pursuant to Art. 21 GDPR, provided that there are reasons for this objection arising from your particular situation.
processing of your personal data,
if there are reasons for this
arising from your particular situation or
if the objection is directed against
direct marketing. In the latter case,
you have a general right to object,
which we will implement without
specifying a particular situation. If you wish to exercise
your right to object, please contact
the responsible person.
right to object, which we will implement without you having to
specify a particular situation. If you wish to exercise your right of revocation or
objection, simply send a message to the data
provided in our legal notice.
To assert your rights, please contact Dr.
Caspers, Mock & Partner mbB in writing,
attn:
To assert your rights, please contact Rechtsanwälte Dr. Caspers, Mock & Partner mbB, attn. Lawyer Dr. Lindloff, Johann-Peter-Frank-Straße 2, 56070 Koblenz, Germany. We explain your rights and restrictions on your rights in detail as follows:
We explain your rights and restrictions on your
rights in more detail as follows:
1. Right to information
You may request confirmation from the controller
as to whether
personal data concerning you
is being processed by us.
If such processing is taking place,
you may request the following information from the controller:
(1)
the purposes for which the
personal data is processed;
(2)
the categories of personal data that are processed;
(3) the recipients or categories of recipients to whom the personal data concerning you have been or will be disclosed;
(4) the planned duration of storage of the personal data concerning you or, if specific information on this is not possible, the criteria for determining this duration;
(5) the right to request from the controller the rectification or erasure of personal data concerning you or the restriction of processing of such data;
(6) the right to lodge a complaint with a supervisory authority;
(7) the right to obtain from the controller a copy of the personal data concerning you
(4) the planned duration of storage of the personal data concerning you or, if specific information on this is not possible, criteria for determining the storage period;
(5)
the existence of a right to request from the controller rectification or erasure of personal data concerning you or restriction of processing of such data;
(6)
the right to lodge a complaint with a supervisory authority;
(5)
the existence of a right to
rectification or erasure of the personal data concerning you,
a right to restriction of processing by the controller,
or a right to object to such processing;
(6)
(6)
the existence of a right to lodge a complaint with a supervisory authority;
(7)
all available information about the origin of the data, if the personal data is not collected from the data subject;
(8)
the existence of automated
decision-making, including
profiling, referred to in Article 22(1) and (4)
GDPR and, at least in these cases,
meaningful information about the
logic involved, as well as the significance
and intended effects of such processing
for the
data subject.
You have the right to request information
about whether the personal data concerning you
is transferred to
a third country or to an
international organization. In this context, you may
request to be informed about the appropriate
safeguards pursuant to Art. 46 GDPR in
connection with the transfer.
2. Right to rectification
2. Right to rectification
You have the right to rectification
and/or completion vis-à-vis the
controller if the
processed personal data
concerning you is inaccurate or
incomplete. The controller
must rectify the data without delay.
3. Right to restriction of
processing
Under the following conditions, you may request the restriction of the processing of personal data concerning you:
(1)
if you contest the accuracy of the personal data concerning you for a period enabling the controller to verify the accuracy of the personal data;
(1)
if you dispute the accuracy of the personal data concerning you
for a period enabling the controller to verify the accuracy of the personal data
;
(2)
the processing is unlawful and you
oppose the erasure of the personal
data and request the restriction of the use of the
personal data instead;
(3) the controller no longer needs the personal data for the purposes of the processing, but you need it to assert, exercise, or defend legal claims; or
(4) you have objected to the processing pursuant to Art. 21(1) GDPR and the controller has not yet verified whether the objection is justified.
(5) you have objected to the processing pursuant to Art. 21(1) GDPR and the controller has not yet verified whether the objection is justified.
(4)
if you have objected to the processing pursuant to Art. 21(1) GDPR
and it is not yet clear whether the legitimate grounds of the controller override your grounds.
If the processing of personal data concerning you has been restricted, such data may—except for storage—only be processed for the following purposes:
If the processing of personal data concerning you
has been restricted, such data may – apart from
its storage – only be processed with
your consent or for the
establishment, exercise, or
defense of legal claims or for the
protection of the rights of another
natural or legal person.
the assertion, exercise, or defense of legal claims or
to protect the rights of another
natural or legal person
or for reasons of important
public interest of the Union or
of a Member State.
If the restriction of
processing has been restricted in accordance with the above
conditions, you will be
informed by the controller
before the restriction is
lifted.
4. Right to erasure
a) Obligation to erase
You may request the controller
to erase personal data concerning you
without undue delay, and the controller
is obliged to erase such data
without undue delay if one of the
following reasons applies:
(1)
The personal data concerning you
is no longer necessary for the purposes for which it
was collected or otherwise processed
.
(2)
You withdraw your consent on which the processing is based pursuant to Art. 6 para. 1 lit. a or Art. 9 para. 2 lit. a
GDPR, and there is no
other legal basis for the
processing.
(3)
You object to the processing pursuant to Art. 21 para. 1 GDPR
and there are no overriding
legitimate grounds for the processing
or you object to the processing pursuant to Art. 21 para. 2
.
(4)
The personal data concerning you
has been processed unlawfully.
(5)
The erasure of personal data concerning you
is necessary for
compliance with a legal
obligation under Union law or
the law of the Member States
to which the controller
is subject.
(6)
The personal data concerning you
was collected in relation to the services offered
by information society services
in accordance with Art. 8(1) GDPR.
b) Information to third parties
If the controller has made the personal data concerning you
public and is obliged to delete it pursuant to
Article 17(1) GDPR,
he shall take appropriate measures, taking into account the available
technology and the implementation costs.
, it shall take appropriate measures, including technical measures, taking into account the available
technology and the
costs of implementation, to inform
the controllers who process the personal data
that they are processing the personal data
or copies thereof.
, that you, as the data subject, have requested them to
delete all links to this
personal data or copies
or replications of this
personal data.
c) Exceptions
The right to erasure does not apply
if processing is necessary
(1)
for exercising the right of freedom of
expression and information;
(2)
for compliance with a legal obligation
which requires processing pursuant to
Union or Member State law to which the controller
is subject or for the performance of a task carried out in the
public interest or in the exercise of
official authority vested in the controller;
exercise of official authority
vested in the controller;
(3) for reasons of public interest in the area of public health pursuant to Art. 9(2)(h) and (i) and Art. 9(3) GDPR;
(4) for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes;
(5) for the establishment, exercise or defense of legal claims;
(6) for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
(4) for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes pursuant to Article 89(1) of the GDPR, insofar as the right referred to in section (a) is likely to render impossible the achievement of the objectives of that processing or to render that processing significantly more difficult;
GDPR, insofar as the right referred to in section a)
is likely to render impossible or
seriously impair the achievement of the objectives of this
processing, or
(5) for the assertion, exercise, or defense of legal claims.
5. Right to information
If you have asserted your right to rectification,
erasure, or restriction of processing
against the controller, the controller is obligated to inform all recipients to whom your personal data has been disclosed
of this rectification or erasure of the data or restriction of processing, unless this is incompatible with the controller's legal obligations.
6. Right to data portability
personal data, unless this proves impossible or involves
disproportionate effort.
You have the right to be informed by the controller about these recipients.
You have the right to request that the controller
inform you about these recipients.
You have the right to request that the controller
inform you about these recipients.
You have the right to request that the controller
inform you about these recipients.
You have the right to request that the controller
inform you about these recipients.
You have the right to request that the controller
inform you about these recipients.
You have the right to request that the controller
inform you about these recipients.
You have
You have the right to obtain from the controller
information about these recipients.
6. Right to data portability
You have the right to receive the personal data concerning you
that you have provided to the controller
in a structured, commonly used and
machine-readable format.
You also have the right to transmit those data
to another controller without
interference from the controller to whom
the personal data was provided,
provided that
(1) the processing is based on consent pursuant to Art. 6(1)(a) GDPR or
Art. 9(2)(a) GDPR or on
a contract pursuant to Art. 6(1)(b)
GDPR and
(2)
the processing is carried out using
automated procedures.
In exercising this right, you
also have the right to obtain the
personal data concerning you
directly from one controller to
another controller, insofar as this is technically feasible
. The freedoms and rights of other
persons must not be
adversely affected by this.
The right to data portability
does not apply to the processing of
personal data that is necessary for the
performance of a task carried out in the
public interest or in the exercise of
official authority vested in the controller.
7. General information about your
right to object
7. General information about your
right to object
You have the right to object, on grounds
relating to your particular situation,
at any time to the processing of
personal data concerning you
on the basis of
Article 6(1)(e) or (f) of the GDPR; this
also applies to profiling based on these provisions.
We will no longer process the personal data concerning you
that is based on these provisions.
We will no longer process your
personal data, unless
unless we can demonstrate compelling
legitimate grounds for the
processing which override your
interests, rights, and freedoms, or the processing serves
the establishment, exercise, or
defense of legal claims.
If your personal data is processed for the purpose of
direct marketing, you have
the right to object at any time to
the processing of your personal data for the purpose of
such marketing; this also applies
to profiling insofar as it is related to
such direct marketing.
If you object to the processing
for direct marketing purposes,
your personal data will no longer be
processed for these purposes.
If you object to the processing
for direct marketing purposes,
the personal data concerning you
will no longer be processed for these purposes.
You have the option, in
connection with the use of
information society services—
notwithstanding Directive 2002/58/EC—
exercise your right to object by means of
automated procedures that use technical specifications.
8. Right to revoke the
data protection consent declaration
8. Right to revoke the
data protection
consent declaration
You have the right to
revoke your declaration of consent under data protection law
at any time. Revoking your consent does not affect the legality of the processing carried out on the basis of your consent until
the revocation.
V. Links to websites of other providers
Our websites may contain links to
websites of other providers.
We would like to point out that this
privacy policy applies exclusively to
our websites. We have no influence on this
and do not control whether other providers comply with the applicable
data protection regulations.
VII. Data protection officer,
complaints, responsible body
If you have any complaints regarding data protection,
you can contact our
data protection officer at
or any data protection supervisory authority in the EU. At our headquarters,
the supervisory authority is the
State Commissioner for Data Protection
and Freedom of Information
Rhineland-Palatinate, Hintere Bleiche 34,
55116 Mainz, Germany, telephone: +49 (0) 6131 208-2449, website:
https://www.datenschutz.rlp.de/,
Email:
poststelle(at)datenschutz.rlp.de,
is responsible.
Without prejudice to any other
administrative or
judicial remedy, you have
the right to lodge a complaint with a
supervisory authority, in particular in the
Member State of your place of residence,
place of work, or place of the
alleged infringement, if you
consider that the processing of
personal data concerning you
violates the GDPR.
alleged infringement, if you
consider that the processing of
personal data concerning you
infringes the GDPR. The
supervisory authority to which the complaint
has been lodged shall inform the
complainant of the progress and the
outcome of the complaint, including
the possibility of a judicial
remedy pursuant to Art. 78 GDPR.
We are the responsible body,
i.e. the operator of this website as stated inthe
imprint.
VII. Your questions and
update notice
We are happy to answer any
further questions you may have about our
information on data protection and the
processing of your personal data.
Please note that
data protection regulations and practices
may change from time to time. Please note that
data protection regulations and practices
may change from time to time.
It is therefore advisable to keep yourself informed about
changes in legal
requirements and our practices.
The privacy policy is currently
valid and dated February 17, 2025.
The privacy policy is currently valid and dated February 17, 2025.