Privacy

Last updated: March 27, 2019

 

1. Introduction

 

In this Privacy Policy you will find out:

  • how we handle personal data on our website,
  • which information about the visitors of our website we collect and evaluate,
  • whether and how we use, share or otherwise process this information.

This Privacy Policy applies to your visit to our website and your orders in our online shop; it does not apply to any other offers and services we may offer.

 

2. Data Controller

 

This Privacy Policy applies to data processing by us as data controller in accordance with Art. 4 Para. 7 General Data Protection Regulation (GDPR).

Our contact details:

comp/lex – Beratung im IT-Recht

Rechtsanwalt Dr. Jochen Notholt

Lindwurmstraße 10

D-80337 Munich

Germany

VAT ID:                DE279653629

Contact:

E-mail: inbox@comp-lex.de

Phone +49 (0)89 41614295-0

Fax +49 (0)89 41614295-9

If we act as your assigned External Data Protection Officers, our commercial unit is responsible for these data protection consulting services:

comp/lex – Datenschutzbeauftragte

Rechtsanwalt Dr. Jochen Notholt

E-mail: dsb@comp-lex.de

The contact details are identical to those mentioned above.

 

3. Data Protection Officer

 

We have appointed our associated attorney Mr. Johannes Habermalz as internal data protection officer of “comp/lex – Beratung im IT-Recht” and “comp/lex – Datenschutzbeauftragte”.

His contact details:

comp/lex – Beratung im IT-Recht

– Internal Data Protection Officer –

Lindwurmstr. 10

D-80337 Munich

Phone +49 (0)89 41614295-3

E-mail: dsb-intern@comp-lex.de

 

4. Definitions of Terms

 

Insofar as this Privacy Policy does not contain or imply a different definition, reference is made to the definitions in Art. 4 GDPR with regard to the terms used.

 

5. Processing of your Personal Data regarding our Website

 

5.1. When Visiting our Website

 

When you visit our website, i.e. if you do not register or otherwise provide us with information, we or the host provider Host Europe (Host Europe GmbH, Hansestrasse 111, 51149 Cologne, Germany), acting on our behalf, only collect the personal data that your browser transmits to our server. If visit our website, we collect the following data:

  • IP address
  • Date and time of the request
  • Time zone difference to Greenwich Mean Time (GMT)
  • Content of the request (specific page)
  • Access Status/HTTP Status Code
  • the amount of data transferred in each case
  • Website from which the request comes
  • browser
  • Operating system and its interface
  • Language and version of the browser software

This data is technically necessary for us to display and make available our website to you. The legal basis for this processing is Art. 6 para. 1 sentence 1 lit. f GDPR. We delete the data every seven days.

Right to object: In accordance with Art. 21 GDPR, you have the right to object to the processing of your personal data if there are reasons for this which arise from your particular situation or if the objection is directed against direct advertising. In the latter case, you have a general right to object, which we will implement without specifying a particular situation. If you would like to exercise your Right to object, you can inform us by e-mail to datenschutz@comp-lex.de. Alternatively, you can also use the contact data listed under 2. above.

 

5.2. When Contacting us by E-mail or Contact Form

 

If you contact us by e-mail or contact form, we need your personal data (e.g. title, name, e-mail address, etc.) in order to process your inquiry or request. Your personal data will be processed in accordance with Art. 6 para. 1 lit. b GDPR. We delete the requests if they are no longer necessary or – in the case of statutory retention obligations – we limit the processing. We review the necessity every six months.

The personal data that you transmit when contacting us is usually stored in a CRM system (“Customer Relationship Management System”). We use locally installed systems for this purpose.

We delete the data if they are no longer necessary or – in the case of statutory retention obligations – we limit the processing. We review the necessity every six months.

 

Right to object: In accordance with Art. 21 GDPR, you have the right to object to the processing of your personal data if there are reasons for this which arise from your particular situation or if the objection is directed against direct advertising. In the latter case, you have a general right to object, which we will implement without specifying a particular situation. If you would like to exercise your right to object, you can inform us by e-mail to datenschutz@comp-lex.de Alternatively, you can also use the contact data listed under 2. above.

 

5.3. Data Security re. E-mails or Contact Forms

 

If you contact us directly by e-mail or provide us with your e-mail address in our contact form, you agree that we will communicate with you by e-mail. You are aware of the associated security risks: e-mails are easy to forge and are considered “interceptable” because of their unencrypted transmission.

On request, we can encrypt the e-mail communication using PGP. You are aware that the encryption in this case only encrypts the content of the messages, but not the subject and the metadata (such as sender and addressee).

We are also able to communicate with you via the Telegram online messaging service. Communication via Telegram is fully encrypted, including all metadata. Telegram and its employees also have no access to this data. So you can contact us via telegram without anyone else knowing about it.

E-Mails that you send to us and we send to you are processed by us using a hosted Exchange server from QualityHosting (QualityHosting AG, Uferweg 40-42, D-63571 Gelnhausen). In the context of e-mail communication, QualityHosting processes personal data on our behalf in order to enable us to communicate with you by e-mail. Your personal data will be processed in accordance with art. 6 par. 1 lit. f GDPR.

We delete the data if they are no longer necessary or – in the case of statutory retention obligations – we limit the processing. We review the necessity every six months.

 

Right to object: In accordance with Art. 21 GDPR, you have the right to object to the processing of your personal data if there are reasons for this which arise from your particular situation or if the objection is directed against direct advertising. In the latter case, you have a general right to object, which we will implement without specifying a particular situation. If you would like to exercise your right to object, you can inform us by e-mail to datenschutz@comp-lex.de Alternatively, you can also use the contact data listed under 2. above.

 

5.4. When Registering for our Newsletter

 

With your consent you can subscribe to our newsletter, in which we inform you about our current interesting offers and give you useful tips.

For the registration to our newsletter we use the so-called double opt-in procedure. This means that we will send you an e-mail after your registration to the specified e-mail address in which we ask you to confirm that you would like the newsletter to be sent. If you do not confirm your registration within 24 hours, your information will be blocked and automatically deleted after one month. In addition, we store your IP addresses and the time of registration and confirmation. The purpose of the procedure is to be able to prove your registration and, if necessary, to clarify any possible misuse of your personal data.

Your e-mail address is mandatory for sending the newsletter. After your confirmation we will save your e-mail address for the purpose of sending you the newsletter. The legal basis is Art. 6 para. 1 sentence 1 lit. a GDPR.

 

Right to revoke: You can revoke your consent to the newsletter subscription at any time and cancel the newsletter. You can declare your revocation by clicking on the link provided in every newsletter e-mail or by sending a message to the contact details given in the imprint.

We use newsletter2go technology (newsletter2go.de GmbH, Köpenicker Str. 126, 10179 Berlin, Germany) to send newsletters and to evaluate your interaction with the newsletter. Therefore, we send your data (e-mail address, title and name if applicable) provided in the newsletter to newsletter2go.

The e-mails sent contain so-called web beacons, also known as tracking pixels, for evaluation purposes. These are single-pixel image files that link to and are accessed from our website. Within the scope of this retrieval, technical information, such as information about the browser and your system, as well as your IP address and time of retrieval are initially collected. This information is used to technically improve the services based on the technical data or the target groups and their reading behaviour based on their retrieval locations (which can be determined using the IP address) or access times. The statistical surveys also include determining whether the newsletters are opened, when they are opened and which links are clicked. For technical reasons, this information can be assigned to the individual newsletter recipients. However, it is not our intention, nor that of the shipping service provider, to observe individual users. The evaluations serve us much more to recognize the reading habits of our users and to adapt our contents to them or to send different contents according to the interests of our users. newsletter2go stores the information collected in this way on a server in Germany.

Right to object: You can object to this tracking at any time by clicking on the separate link provided in each e-mail or by informing us of the contact channels mentioned above under point 2. The information is stored for as long as you have subscribed to the newsletter. Such tracking is not possible even if you have deactivated the display of images in your e-mail program by default. In this case, however, the newsletter will not be displayed in full and you may not be able to use all functions. If you display the images manually, the above tracking takes place.

We are interested in using a user-friendly and secure newsletter system that serves both our business interests and the expectations of users. The use of the newsletter service provider, performance of statistical surveys and analyses as well as logging of the registration procedure are carried out on the basis of our legitimate interests pursuant to Art. 6 para. 1 lit. f GDPR.

 

5.5. Custom Cookies

 

We use our own cookies to make our website more user-friendly. Cookies are information that is transferred from our web server or third party web servers to your web browser and stored there for later retrieval. Cookies can be small files or other types of information storage. Some elements of our website require that the calling browser can be identified even after a page change.

We use these cookies to keep our website customer-friendly and functional. The legal basis for the processing of personal data is Art. 6 para. 1 lit. f GDPR.

 

Right to object: In order to avoid the storage of cookies, you can set your Internet browser so that cookies can no longer be stored on your computer in the future or cookies that have already been stored can be deleted. However, deactivating all cookies may result in some functions on our website no longer being performed.

 

5.6. Usage Analysis by Google Analytics

 

We use technology on our website from Google Analytics to analyse the use of our Website. Therefore we transmit the following data for analysis purposes to Google in the USA (Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA):

  • IP address
  • Date and time of the request
  • Time zone difference to Greenwich Mean Time (GMT)
  • Content of the request (specific page)
  • Access Status/HTTP Status Code
  • the amount of data transferred in each case
  • Website from which the request comes
  • browser
  • Information about your device
  • Operating system and its interface
  • Language and version of the browser software
  • Screen and window resolution
  • Your approximate location
  • Information about your stay
  • Information about any actions you perform on the Site

On our behalf, Google evaluates the data on the manner in which you use our website in order to compile reports on your activities within our website and to provide us with further services connected with the use of our website. For this purpose, cookies are used. They enable the recognition of your Internet browser. Pseudonymous user profiles can be created from the processed data. This data is necessary for us to ensure and further improve the stability and security of the website. The legal basis for processing is Art. 6 para. 1 sentence 1 lit. f GDPR.

Google stores this data for a period of 26 months specified by us.

Google has submitted to the EU-US Privacy Shield Agreement: https://www.privacyshield.gov/participant?id=a2zt00000000001L5AAI.

We use Google Analytics only with IP anonymization enabled. This means that your IP address will be reduced by Google within member states of the European Union or in other signatory states to the Agreement on the European Economic Area. Only in exceptional cases the full IP address will be transmitted to a Google server in the USA and shortened there.

The IP address transmitted by the user’s browser is not merged with other Google data.

 

Right to object: In order to avoid the storage of cookies, you can set your Internet browser so that cookies can no longer be stored on your computer in the future or cookies that have already been stored can be deleted. However, deactivating all cookies may result in some functions on our website no longer being able to be executed. You can also prevent Google from collecting the data generated by the cookie and relating to your use of the online offer and from processing this data by Google by downloading and installing the browser plug-in available under the following link: http://tools.google.com/dlpage/gaoptout?hl=en.

 

Right to object: You can object to data processing for the purpose of creating a pseudonymised user profile at any time with effect for the future. If you would like to exercise your Right to object, you can inform us by e-mail to datenschutz@comp-lex.de Alternatively, you can also use the contact data listed under 2. above.

Further information on how Google will use your data, possible settings and objections can be found on the Google websites: https://www.google.com/intl/de/policies/privacy/partners (“Data use by Google when using our partners’ websites or apps”), http://www.google.com/policies/technologies/ads (“Data use for advertising purposes”), http://www.google.de/settings/ads (“Manage information that Google uses to show you advertising”).

 

5.7. Tag Management using the Google Tag Manager

 

We use Google Tag Manager technology on our website. The Google Tag Manager is a service of Google (Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA), which allows companies to manage website tags from a single interface. The Google Tag Manager is a cookie-free domain that does not collect any personal data. The Google Tag Manager triggers other tags that may collect data. This may be pointed out separately. The Google Tag Manager does not access this data. If deactivation has been made at the domain or cookie level by the user, this remains valid for all tracking tags that are implemented with Google Tag Manager.

 

6. Deletion of Data

 

The data processed by us will be deleted in accordance with Art. 17 GDPR or its processing restricted in accordance with Art. 18 GDPR.

Unless otherwise provided for in this data protection declaration, the data processed by us will be deleted as soon as it is no longer required for its intended purpose and there are no legal storage obligations to prevent deletion. We review the necessity every six months. If the data are not deleted because they are necessary for other, legally permissible purposes, their processing is restricted. This means that the data is locked and not used. This applies, for example, to data that must be retained for commercial or tax reasons.

The personal data collected by us in the course of processing a mandate will be stored and subsequently deleted until the end of the legal obligation to keep records for lawyers (six years after the end of the calendar year in which the mandate was terminated, § 50 para. 1 Sentence 2 BRAO), unless we are in accordance with Art. 6 para. 1 lit. c GDPR obliged to a longer storage due to tax and commercial storage and documentation obligations (from HGB, StGB or AO) or you have given your consent according to Art. 6 para. 1 S. 1 lit. a GDPR. Trading books, inventories, opening balance sheets, annual financial statements, commercial letters, accounting documents, etc. are stored for six years in accordance with § 257 (1) HGB. Books, records, management reports, accounting documents, commercial and business letters and documents relevant to taxation, etc. are stored for ten years in accordance with § 147 (1) AO.

 

7. Your Rights

 

You have the right

  • to request information about your personal data processed by us in accordance with Art. 15 GDPR. In particular, you may request information about the purposes of processing, the category of personal data, the categories of recipients to whom your data have been or will be disclosed, the planned storage period, the existence of a right to rectification, deletion, restriction of processing or objection, the existence of a right of appeal, the origin of your data, if these have not been collected by us, and the existence of automated decision-making including profiling and, if applicable, meaningful information on their details;
  • in accordance with Art. 16 GDPR, to demand the correction of incorrect or complete personal data stored by us without delay;
  • to request the deletion of your personal data stored with us in accordance with Art. 17 DSGVO, unless the processing is necessary to exercise the right to freedom of expression and information, to fulfil a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims;
  • in accordance with Art. 18 GDPR, to restrict the processing of your personal data if you dispute the accuracy of the data, if the processing is unlawful but you refuse to delete the data and we no longer need the data, but if you need it to assert, exercise or defend legal claims or if you have filed an objection to the processing in accordance with Art. 21 GDPR;
  • in accordance with Art. 20 GDPR, to receive your personal data that you have provided to us in a structured, current and machine-readable format or to request its transfer to another controller;
  • to complain to a supervisory authority pursuant to Art. 77 GDPR. As a rule, you can contact the supervisory authority at your usual place of residence or workplace or at our company headquarters.

 

8. Rights to Revoke and to Object

 

8.1. Revocation of Consent

 

If we process your personal data on the basis of your consent pursuant to Art. 6 para. 1 lit. a GDPR, you have the right to revoke any consent granted to us pursuant to Art. 7 para. 3 GDPR with effect for the future.

If you would like to make use of your right of revocation, you can inform us by e-mail to datenschutz@comp-lex.de Alternatively, you can also use the contact data listed under 2. above.

 

8.2. Objection in case of Processing on the Basis of our Legitimate Interest

 

If we process your personal data on the basis of our legitimate interests pursuant to Art. 6 para. 1 sentence 1 f GDPR, you have the right to object to the processing of your personal data pursuant to Art. 21 GDPR, provided that there are reasons for this which arise from your particular situation or the objection to direct advertising is directed. In the latter case, you have a general Right to object, which we will implement without specifying a particular situation.

If you would like to exercise your Right to object, you can inform us by e-mail to datenschutz@comp-lex.de Alternatively, you can also use the contact data listed under 2. above.

 

9. Security Measures

 

We take organizational, contractual and technical security measures in accordance with the state of the art in order to ensure that the regulations of data protection laws are observed and thus to protect the data processed by us against accidental or intentional manipulation, loss, destruction or against access by unauthorized persons. The security measures include in particular the encrypted transmission of data between your browser and our server.

 

10. Concluding Provisions

 

We reserve the right to change our Privacy Policy if this should be necessary due to new technologies or changes in our data processing processes or to adapt it to changes in the legal situation relevant to us.

You can find the current version of our Privacy Policy at https://comp-lex.de/datenschutz/