Data protection

Responsible in the sense of the data protection laws is

Lawyer Marco Benedikt von Schirach

Theatinerstrasse 40-42
80333 Munich
Phone: +49 (0)89 / 433 69 56 - 0
E-mail contact: kanzlei@schirach.law

 

The subject of data protection is personal data. This is individual information about personal or factual circumstances of a certain or determinable natural person, i.e. all information that can be related to a person.

The data processing is carried out by the website operator 1&1 IONOS SE, Elgendorfer Str. 57, 56410 Montabaur, a company of United Internet AG, Montabaur. When you visit the website, information is automatically sent to the website server. This information is temporarily stored in the so-called log files of the system (Art. 6 para. 1 lit. f DSGVO).

 

The following data can be recorded and stored:

- Information about the browser type and version used
- The user's operating system
- the website from which an accessible system can access the website of schirach.law (so-called referrer)
- the sub-websites, which are accessed via an access system to the website of the law firm schirach.law
- The IP address of the user
- Date and time of access
- the Internet service provider of the accessing system
- and other similar data and information which serve to avert danger in the event of attacks on the information technology systems of schirach.law.

When using this general data and information, schirach.law does not draw any conclusions about the person concerned. Rather, this information is required to deliver the contents of the website correctly, to optimize the contents of the website as well as the advertising for it, to ensure the permanent functionality of the information technology systems and the technology of the website as well as to provide law enforcement agencies with the information necessary for prosecution in case of a cyber attack. These anonymously collected data and information are therefore statistically evaluated by schirach.law with the aim of increasing data protection and data security within the law firm, in order to ensure an optimal level of protection for the processed personal data. The anonymous data of the server log files are stored separately from all personal data provided by a person concerned.

You can contact the law firm schirach.law via the e-mail addresses provided on the websites or use the contact form provided. In this case, your personal data, which you transmit to the law firm schirach.law by e-mail, will be stored. These are at least your name, your e-mail address and your request. The purpose of the data storage is to contact you at your request (Art. 6 para. 1 lit b DSGVO).

The internet pages of the law firm schirach.law partly use cookies. Cookies are text files which are stored on a computer system via an internet browser. Numerous internet pages and servers use cookies. Many cookies contain a so-called cookie ID. A cookie ID is a unique identifier of the cookie. It consists of a string of characters which can be used to assign Internet pages and servers to the specific Internet browser in which the cookie was stored. This enables the Internet pages and servers visited to distinguish the individual browser of the person concerned from other Internet browsers that contain other cookies. A specific Internet browser can be recognized and identified by means of the unique cookie ID. By using cookies, schirach.law can provide the users of this website with more user-friendly services, which would not be possible without the setting of cookies. By means of a cookie, the information and offers on the website can be optimized in the interest of the user. As already mentioned, cookies make it possible to recognize the users of the website. The purpose of this recognition is to make it easier for users to use the website. For example, the user of a website that uses cookies does not have to enter his or her access data each time he or she visits the website, as this is done by the website and the cookie stored on the user's computer system.
The person concerned can prevent cookies from being set by the website at any time by means of an appropriate setting in the Internet browser used, thereby permanently opposing the setting of cookies. Furthermore, cookies that have already been set can be deleted at any time via an Internet browser or other software programs. This is possible in all common Internet browsers. If the person concerned deactivates the setting of cookies in the Internet browser used, it is possible that not all functions of our website can be used to their full extent.

The controller shall process and store personal data relating to the data subject only for the time necessary to achieve the purpose of storage or where provided for by the European Directive and Regulation or by any other law or regulation to which the controller is subject.
If the purpose of storage ceases to apply or if a storage period prescribed by the European Directive and Regulation Giver or any other competent legislator expires, the personal data will be blocked or deleted as a matter of routine and in accordance with the statutory provisions.

You are entitled to the following rights with regard to the processing of data by schirach.law in accordance with the articles of the basic data protection regulation listed in each case:

- to request information about your personal data processed by schirach.law in accordance with art. 15 DSGVO In particular, you may request information on the purposes of processing, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right of rectification, cancellation, limitation of processing or opposition, the existence of a right of appeal, the origin of your data, if not collected by us, as well as the existence of automated decision making including profiling and, if applicable, meaningful information on the details of the same;

- in accordance with Art. 16 DSGVO, to demand without delay the correction of incorrect or incomplete personal data stored about you;

- to request, in accordance with art. 17 DSGVO, the deletion of your personal data stored by schirach.law, unless the processing is necessary to exercise the right to freedom of expression and information, to fulfil a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims

- pursuant to Art. 18 DSGVO, to demand the restriction of the processing of your personal data, if the accuracy of the data is disputed by you, if the processing is unlawful but you refuse to delete it and schirach.law no longer requires the data, but you need the data for the assertion, exercise or defence of legal claims or you have lodged an objection to the processing pursuant to Art. 21 DSGVO

- in accordance with art. 20 DSGVO, to receive your personal data that you have provided to schirach.law in a structured, common and machine-readable format or to request that it be transferred to another responsible party;

- in accordance with Art. 7 Para. 3 DSGVO to revoke your once given consent at any time to the law firm schirach.law. As a result, schirach.law may no longer continue to process the data based on this consent in the future;

- complain to a supervisory authority pursuant to Art. 77 DSGVO. As a rule, you can turn to the supervisory authority of your usual place of residence or workplace or of the office where your law firm is located;

- to object to the processing of your personal data in accordance with Art. 21 DSGVO, if there are reasons for doing so arising from your particular situation. You have the possibility to inform the data protection officer of the law firm schirach.law about your objection informally by telephone, e-mail, fax or to the postal address of the law firm schirach.law. Data can only be deleted if there is no legal obligation to retain them; in this case, however, the data will be blocked for any other use. In case of objection the conversation cannot be continued.

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State in which you are resident, your place of work or the place of the alleged infringement, if you consider that the processing of personal data concerning you is in breach of the DPA. The competent supervisory authority in matters of data protection law is the State Commissioner for Data Protection of the Federal State in which the law firm schirach.law has its registered office. A list of the data protection officers and their contact details can be found on the following link:
https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html

The controller collects and processes the personal data of applicants for the purpose of processing the application procedure. The processing may also be carried out by electronic means. This is particularly the case if an applicant submits the relevant application documents to the controller electronically, for example by e-mail or via a web form on the website. If the data controller concludes an employment contract with an applicant, the transmitted data is stored for the purpose of processing the employment relationship in compliance with the statutory provisions. If the controller does not conclude an employment contract with the applicant, the application documents shall be automatically deleted two months after notification of the rejection decision, unless deletion is contrary to any other legitimate interests of the controller. Other legitimate interests in this sense include, for example, a duty of proof in proceedings under the General Equal Treatment Act (AGG).

The data controller has integrated Jetpack on this website. Jetpack is a WordPress plug-in that offers additional functions to the operator of an Internet site based on WordPress. Among other things, Jetpack allows the operator of the Internet site to obtain an overview of the visitors to the site. By displaying related articles and publications or the possibility to share content on the site, it is also possible to increase the number of visitors. In addition, security functions are integrated into Jetpack so that a website using Jetpack is better protected against brute force attacks. Jetpack also optimizes and speeds up the loading of images integrated into the website.

The operating company of the Jetpack plug-in for WordPress is Automattic Inc. 132 Hawthorne Street, San Francisco, CA 94107, USA. The operating company uses the tracking technology of Quantcast Inc. 201 Third Street, San Francisco, CA 94103, USA.
Jetpack places a cookie on the information technology system of the person concerned. What cookies are has already been explained above. Each time a user accesses any of the individual pages of this website operated by the data controller and on which a Jetpack component has been integrated, the Internet browser on the data subject's IT system is automatically prompted by the relevant Jetpack component to transmit data to Automattic for analysis. In the course of this technical process, Automattic obtains knowledge of data which is subsequently used to create an overview of the visits to the website. The data thus obtained is used to analyse the behaviour of the data subject who has accessed the controller's website and is evaluated with the aim of optimising the website. The data collected via the Jetpack component will not be used to identify the data subject without the prior explicit consent of the data subject. The data is also brought to Quantcast's attention. Quantcast uses the data for the same purposes as Automattic.

The person concerned can prevent the setting of cookies by the website of the law firm schirach.law, as described above, at any time by means of a corresponding setting of the Internet browser used and thus permanently object to the setting of cookies. Such a setting of the Internet browser used would also prevent Automattic/Quantcast from setting a cookie on the information technology system of the person concerned. In addition, cookies already set by Automattic can be deleted at any time via the internet browser or other software programs.

Furthermore, the person concerned has the possibility to object to and prevent the collection of data generated by the Jetpack cookie and relating to the use of this website, as well as the processing of such data by Automattic/Quantcast. To do so, the person concerned must press the opt-out button under the link https://www.quantcast.com/opt-out/, which sets an opt-out cookie. The opt-out cookie set with the objection is stored on the information technology system used by the data subject. If the cookies are deleted on the data subject's system after an objection, the data subject must call up the link again and set a new opt-out cookie.

However, with the opt-out cookie, there is a possibility that the data subject may no longer be able to fully access the Internet pages of the controller.

Automattic's applicable privacy policy is available at https://automattic.com/privacy/. Quantcast's current privacy policy is available at https://www.quantcast.com/privacy/.

The data controller has integrated components of LinkedIn Corporation on this website. LinkedIn is an Internet-based social network that allows users to connect with existing business contacts and to make new business contacts. Over 400 million registered users use LinkedIn in more than 200 countries. This makes LinkedIn currently the largest platform for business contacts and one of the most visited websites in the world.

The operating company of LinkedIn is LinkedIn Corporation, 2029 Stierlin Court Mountain View, CA 94043, USA. For data protection matters outside the USA, LinkedIn Ireland, Privacy Policy Issues, Wilton Plaza, Wilton Place, Dublin 2, Ireland, is responsible.
Each time a LinkedIn component (LinkedIn plug-in) is installed on our website, the LinkedIn plug-in causes the browser used by the individual to download a representation of the LinkedIn component. Further information about LinkedIn plug-ins can be found at https://developer.linkedin.com/plugins. This technical process allows LinkedIn to know which specific page of our website is visited by the data subject.

If the person concerned is also logged on to LinkedIn, LinkedIn will recognise which specific subpage of our website the person concerned is visiting each time the person concerned calls up our website and for the entire duration of their stay on our website. This information is collected by the LinkedIn component and assigned by LinkedIn to the LinkedIn account of the person concerned. If the person concerned clicks on a LinkedIn button integrated on our website, LinkedIn assigns this information to the personal LinkedIn user account of the person concerned and stores this personal data.
LinkedIn receives information via the LinkedIn component that the person concerned has visited our website if the person concerned is logged in to LinkedIn at the same time when he or she accesses our website; this occurs regardless of whether the person concerned clicks on the LinkedIn component or not. If the data subject does not want this information to be sent to LinkedIn, he or she can prevent it from being sent by logging out of his or her LinkedIn account before accessing our website.

LinkedIn at https://www.linkedin.com/psettings/guest-controls provides the ability to unsubscribe from email messages, SMS messages, and targeted ads, as well as manage ad settings. LinkedIn also uses partners such as Quantcast, Google Analytics, BlueKai, DoubleClick, Nielsen, Comscore, Eloqua and Lotame who may set cookies. Such cookies can be rejected at https://www.linkedin.com/legal/cookie-policy. LinkedIn's current privacy policy is available at https://www.linkedin.com/legal/privacy-policy. LinkedIn's cookie policy is available at https://www.linkedin.com/legal/cookie-policy.

The data controller has integrated components of Xing on this website. Xing is an Internet-based social network that enables users to connect with existing business contacts and to make new business contacts. Individual users can create a personal profile of themselves on Xing. Companies can, for example, create company profiles or publish job offers on Xing.

The operating company of Xing is XING SE, Dammtorstraße 30, 20354 Hamburg, Germany.

Each time the data controller calls up one of the individual pages of this website, which is operated by the data controller and on which a Xing component (Xing plug-in) has been integrated, the Internet browser on the IT system of the data subject is automatically prompted by the respective Xing component to download a representation of the corresponding Xing component from Xing. Further information on the Xing plug-ins can be found at https://dev.xing.com/plugins. In the course of this technical procedure, Xing is informed which specific subpage of the schirach.law website is visited by the data subject.

If the person concerned is logged in to Xing at the same time, Xing recognizes which specific subpage of our website the person concerned is visiting each time the person concerned calls up our website and for the entire duration of their stay on our website. This information is collected by the Xing component and assigned by Xing to the respective Xing account of the person concerned. If the person concerned presses one of the Xing buttons integrated on our website, Xing assigns this information to the personal Xing user account of the person concerned and stores this personal data.
Xing will always receive information via the Xing component that the data subject has visited our website if the data subject is logged on to Xing at the same time as accessing our website; this takes place regardless of whether the data subject clicks on the Xing component or not. If the data subject does not wish this information to be transmitted to Xing, he or she can prevent the transmission by logging out of his or her Xing account before accessing our website.

The data protection regulations published by Xing, which can be accessed at https://www.xing.com/privacy, provide information about the collection, processing and use of personal data by Xing. Xing has also published data protection information for the XING Share button at https://www.xing.com/app/share?op=data_protection.

As far as legal bases are mentioned in this privacy policy, these are those according to the basic data protection regulation. We collect and process personal data on the basis of the following legal bases:

- Consent pursuant to Article 6(1)(a) of the Basic Data Protection Regulation (DSGVO). Consent is any voluntary, informed and unambiguous expression of will in the specific case, in the form of a declaration or other unambiguous affirmative act by which the data subject indicates his or her consent to the processing of personal data relating to him or her.

- Necessity for the fulfilment of the contract or the implementation of preparatory measures in accordance with Article 6 paragraph 1 letter b DSGVO, i.e. the data is required so that we can fulfil our contractual obligations towards you or we need the data to prepare the conclusion of a contract with you.

- processing for the fulfilment of legal obligations under Article 6 paragraph 1 lit. c DSGVO, i.e. that e.g. a law or other regulations require processing of the data

- Processing to safeguard legitimate interests in accordance with Article 6 paragraph 1 letter f DSGVO, i.e. that the processing is necessary to safeguard legitimate interests on our part or on the part of third parties, unless the interests or fundamental rights and freedoms on your part, which require the protection of personal data, outweigh these.

To ensure data security, the transmission of the contents of our website is encrypted using the SSL procedure in accordance with the state of the art. To secure the data, we and the commissioned service providers, with whom corresponding contractual agreements have been made, use suitable measures according to the state of the art, in particular to restrict access to the data, to protect against changes and loss, and to ensure confidentiality according to the state of the art.