(Last updated July 10, 2020)
Part 1
INFORMATION ON DATA PROTECTION RELATED TO OUR PROCESSING UNDER ARTICLES 13, 14 AND 21 GENERAL DATA PROTECTION REGULATION (GDPR)
We take data protection very seriously and inform you herein how we process your data and what claims and rights you are entitled to under data protection regulations.
1. Data Controller and contact details
Data Controller:
Heuking Kühn Lüer Wojtek PartGmbB
Georg-Glock-Strasse 4
D-40474 Düsseldorf, Germany
Contact details of our Data Protection Officer (also Data Protection Officer of all notaries working in the law firm):
Heuking Kühn Lüer Wojtek PartGmbB
Data Protection Officer Mr. Harald Eul
(HEC Harald Eul Consulting GmbH)
Georg-Glock-Strasse 4
D-40474 Düsseldorf, Germany
Email: dsb@heuking.de
2. Purposes and legal basis upon which we process your data
We process personal data in accordance with the stipulations of the General Data Protection Regula-tion (GDPR), the German Federal Data Protection Act (Bundesdatenschutzgesetz - BDSG), and other applicable data protection provisions (details are provided below). The details on which data are processed and how they are used largely depend on the services requested or agreed in each case. If you retain our law firm, we will collect the following information in particular:
- contact person (title, first name, last name),
- email address(es),
- street address,
- phone number (landline and/or mobile),
- user data (websites accessed, interest in contents, access times)
- meta/communication data (e.g., device information, IP addresses)
- information necessary for asserting and defending your rights as part of retaining our law firm.
Further details or additions to the purposes of data processing can be found in the respective contract documents, in forms, in a declaration of consent and/or other information provided to you (e.g., in the context of the use of our website or in our terms and conditions).
This Data Protection Information may be updated from time to time and is available on our website https://www.heuking.de/en/data-protection-provisions.html.
2.1 Purposes necessary for performance of a contract or precontractual measures (Art. 6(1)(b) GDPR)
The processing of personal data is performed at your request for the performance of our contracts with you and for the performance of your orders, as well as for the performance of measures and activities within the scope of precontractual relationships, e.g., with interested parties. The collection of these data is performed mainly
- in order to be able to identify you as a client,
- in order to be able to provide you with legal advice and represent you in an appropriate manner,
- for correspondence with you,
- for accounting purposes,
- for processing of any liability claims that exist, as well as the assertion of any claims against you,
- for measures for the control and optimization of business processes,
- for the traceability of transactions, orders, and other agreements,
- to guarantee IT security (including system or plausibility tests),
- for emergency management,
- to fulfill the general duties of care,
- to safeguard and enforce domestic authority (e.g., by means of access controls),
- for cost recording and controlling, as well as for reporting.
2.2 Purposes within the framework of your consent (Art. 6(1)(a) GDPR)
Your personal data may also be processed for certain purposes (e.g., use of company communication systems for private purposes; photographs/videos of you for publication in the Intranet/Internet) includ-ing as a result of your consent. As a rule, you may revoke this consent at any time. This also applies to the revoking of declarations of consent that were issued to us before the GDPR went into effect, i.e., prior to May 25, 2018. You will be informed sepa-rately about the consequences of revocation or refusal to provide consent in the respective text of the consent.
Generally, revocation of consent only applies to the future. Processing carried out prior to consent be-ing issued is not affected and remains lawful.
2.3 Purposes within the framework of a legitimate interest on our part or of third parties (Art. 6(1)(f) GDPR)
Beyond the actual fulfilment of the (pre-)agreement, we process your data whenever this is necessary to protect legitimate interests of our own or of third parties, in particular for the following purposes:
- advertising or market and opinion research, unless you have objected to the use of your data;
- sending newsletters with information on current legal topics and events organized by the law firm;
- obtaining information and exchanging data with credit agencies where this goes beyond our economic risk;
- the checking and optimization of processes for requirements analysis;
- the further development of services and products as well as existing systems and processes;
- the disclosure of personal data within the framework of due diligence in the course of company sale negotiations;
- for comparison with European and international anti-terror lists, insofar as this goes beyond the legal obligations;
- the enrichment of our data, e.g., by using or researching publicly accessible data;
- statistical evaluations or market analysis;
- benchmarking;
- the assertion of legal claims and defense in legal disputes which are not directly attributable to the contractual relationship;
- the restricted processing of data, if erasure is not possible or only possible with disproportionately high effort due to the particular type of storage;
- the development of scoring systems or automated decision-making processes;
- the prevention and investigation of criminal offences, if not exclusively for the fulfilment of legal requirements;
- building and plant security (e.g., by means of access control and video surveillance), insofar as this goes beyond the general duties of care;
- internal and external investigations, safety reviews;
- any monitoring or recording of telephone conversations for quality control and training purposes;
- obtaining and maintenance of certifications of a private-law or official government nature;
- the safeguarding and exercise of domestic authority by means of appropriate measures as well as video surveillance for the protection of our customers and employees as well as for securing evidence in the event of criminal offences and their prevention.
2.4 Purposes necessary for compliance with a legal obligation (Art. 6(1)(c) GDPR) or for the performance of a task carried out in the public interest (Art. 6(1)(e) GDPR)
Like all players in business life, we are also subject to a large number of legal obligations. These are primarily statutory requirements (e.g., commercial and tax laws), but also if applicable supervisory law or other requirements set out by government authorities. The purposes of processing may also include identity and age checks, prevention of fraud and money laundering (e.g., comparisons with European and international anti-terror lists), compliance with control and notification obligations under tax law as well as the archiving of data for the purposes of data protection and data security as well as for purposes of audits by tax advisors/auditors, fiscal and other government authorities. In addition, it may be necessary to disclose personal data within the framework of official government/court measures for the purposes of collecting evidence, law enforcement and criminal prosecution or the satisfaction of civil law claims.
3. The categories of data that we process if we do not receive data directly from you, and their origin
If necessary for the contractual relationship with you and the activities performed by you, we may process data which we lawfully receive from other offices or other third parties (e.g., credit agencies, publishers of address databases, journalist databases). In addition, we process personal data that we have lawfully collected, received or acquired from publicly accessible sources (such as commercial registers and association registers, civil registers, the press, Internet and other media) if such is necessary and we are allowed to process these data in accordance with statutory provisions.
Relevant personal data categories may be, in particular:
- personal data (name, date of birth, place of birth, nationality, marital status, occupation/trade and comparable data),
- contact data (address, e-mail address, telephone number and similar data)
- address data (population register data and comparable data)
- payment confirmation/confirmation of cover for bank and credit cards
- information about your financial situation (creditworthiness data including scoring, i.e., data for assessing the economic risk)
- customer history
- data on your use of the telemedia offered by us (e.g., time of access to our websites, apps or newsletters, clicked pages/links of us or entries and comparable data)
- metadata/communication data (e.g., device information, IP addresses),
- video data
4. Recipients or categories of recipients of your data
Your personal data will only be transferred to third parties if
- you have given us consent to transmit data to third parties,
- this is necessary in accordance with Art. 6(1)(b) GDPR for the processing of client relationships with you (this includes in particular passing it on to the opposing party in proceedings and their representatives, in particular their attorneys, as well as courts and other public authorities for the purposes of correspondence, marketing measures, as well as for the asserting and defending of their rights),
- for purposes where we are obligated or entitled to give information, notification or to forward data,
- to the extent that external service providers commissioned by us process data as order processors or parties that assume certain functions (e.g., external data centers, support and maintenance of IT applications, archiving, document processing, call center services, compliance services, controlling, data screening for anti-money laundering purposes, data validation and data protection. plausibility check, data destruction, purchasing/procurement, customer administration, letter shops, marketing, media technology, research, risk controlling, billing, telephony, website management, auditing services, banks, printing plants or companies for data disposal, courier services, logistics, press relations work).
We will moreover refrain from transmitting your data to third parties if we have not informed you of such separately. If we commission service providers within the framework of processing an order, your data will be subject there to the security standards stipulated by us in order to adequately protect your data. In all other cases, recipients may only use the data for purposes for which the data have been sent to them.
Attorney-client privilege will remain unaffected. With regard to data that are subject to attorney-client privilege, the information will only be passed on with your agreement.
Within our firm, the internal departments and organizational units who need your data in order to fulfill our contractual and legal obligations, or within the framework of processing and implementation of our justified interest, will receive your data.
5. Duration of data storage
We process and store your data for the duration of our business relationship. This also includes the initiation of a contract (precontractual legal relationship) and the execution of a contract.
The personal data that we record for the clients will be stored until the end of the legal storage period for lawyers (6 years after the end of the calendar year in which you ceased being a client) and erased, unless we are obligated to store the data for longer in accordance with Art. 6(1)(c) GDPR as a result of storage and documentation obligations under tax and commercial law (under the German Commercial Code, Penal Code, or Tax Code), or if you have given your consent to longer storage in accordance with Art. 6(1)(a) GDPR.
Furthermore, special statutory provisions may require longer retention such as the preservation of evidence in connection with statutory time-barring provisions (statute of limitations). Under Sections 195 et seq. German Civil Code (BGB), the regular time-barring period is three years, but time-barring periods of up to 30 years may also be applicable.
If the data are no longer required to meet contractual or statutory obligations and rights, data will be routinely erased unless its further processing - for a limited period - is necessary to fulfil the purposes listed under item no. 2.2 due to an overriding legitimate interest. Such an overriding legitimate interest is deemed to be the case, for example, if it is not possible to erase the data as a result of the particular type of storage, if such is only possible at a disproportionately great expense, and processing for other purposes is excluded by appropriate technical and organizational measures.
6. Processing of your data in a third country or through an international organization
Data are transmitted to offices in countries outside the European Economic Area EU/EEA (third countries) whenever such is necessary to meet a contractual obligation towards you (e.g., if you are posted to another country), if such is required by law (e.g., notification obligations under tax law), if such is in the legitimate interest of us or a third party, or you have issued us with your consent to such.
At the same time, your data may be processed in a third country, including in connection with the involvement of service providers within the framework of the processing of the order. If no decision has been issued by the EU Commission regarding the presence of an appropriate level of data protection for the respective country, we warrant that your rights and freedoms will be reasonably protected and guarantied in accordance with EU data protection requirements through contractual agreements to this effect. We will provide you with detailed information on request.
You can request information on the suitable or appropriate guarantees and on the possibility of receiving a copy of these from the company data protection officer or the human resources department responsible for you.
7. Your data protection rights / rights of data subjects
If certain conditions are met, you can assert the following data protection rights against us:
7.1 Under Art. 7(3) GDPR, you may revoke the consent that you have issued to us at any time. The result of this is that we may no longer perform the data processing covered by this consent in future.
7.2 Under Art. 15 GDPR, you have the right to obtain information on your personal data processed by us (where applicable, with limitations in accordance with Section 34 Federal Data Protection Act).
7.3 Upon request, we will rectify or complete data stored on you in accordance with Art. 16 GDPR if such data are inaccurate or incorrect.
7.4 Upon your request, we will erase your data in accordance with the principles of Art. 17 GDPR, unless we are prohibited from doing so by other statutory provisions (e.g., statutory retention obligations or the restrictions laid down in Section 35 Federal Data Protection Act) or an overriding interest on our part (for example, to defend our rights and claims).
7.5 Taking into account the preconditions laid down in Art. 18 GDPR, you may request us to restrict the processing of your data.
7.6 In accordance with the provisions of Art. 20 GDPR, you also have the right to receive the personal data concerning you in a structured, commonly used and machine-readable format or to transmit such data to a third party.
7.7 Furthermore, you may file an objection to the processing of your data in accordance with Art. 21 GDPR, as a result of which we are obliged to stop processing your data. This right of objection only applies, however, if very special circumstances characterize your personal situation, whereby the rights of our firm may stand in the way of your right of objection.
7.8 You also have the right to revoke consent, issued to us to process personal data, at any time with effect for the future.
7.9 In addition, you have the right to complain to a data protection supervisory authority (Art. 77 GDPR). We recommend, however, that complaints should always initially be sent to our Data Protection Officer.
Your applications regarding the exercising of your rights should, if possible, be addressed in writing to the abovementioned address or directly to our Data Protection Officer.
8. Scope of your obligation to provide us with your data
You only need to provide data that are necessary for the commencement and performance of the business relationship, for a precontractual relationship with us, or if we are obliged to collect the data by law. Without these data, we are generally not able to conclude the agreement or continue to perform it. This may also relate to data that are required later within the framework of the contractual relationship. If we request data from you above and beyond this, you will be informed about the voluntary nature of the information separately.
Information on your right of objection under Art. 21 GDPR
1. You have the right to file an objection at any time against processing of your data carried out on the basis of Art. 6(1)(f) GDPR (data processing on the basis of a weighing-up of interests) or Art. 6(1)(e) GDPR (data processing in the public interest). The precondition for this is, however, that there are grounds for your objection emanating from your special personal situation. This also applies to profiling based on this provision within the meaning of Art. 4(4) GDPR.
If you file an objection, we will no longer process your personal data unless we can demonstrate compelling reasons warranting protection for the processing that outweigh your interests, rights and freedoms, or the processing serves the purpose of asserting, exercising or defending legal claims.
2. We also process your personal data in order to perform direct advertising. If you do not want to receive any advertising, you have the right to file an objection against this at any time. This also applies to the profiling to the extent that it is connected with such direct advertising. We will respect this objection with effect for the future.
We will no longer process your data for the purpose of direct advertising if you object to processing for this purpose.
The objection may be filed without adhering to any formal requirements and should be sent to
Heuking Kühn Lüer Wojtek PartGmbB
Data Protection Officer Herr Harald Eul
(HEC Harald Eul Consulting GmbH)
Georg-Glock-Strasse 4
D-40474 Düsseldorf, Germany
Email: dsb@heuking.de
Our Privacy Policy and the information on data protection related to our data processing in accordance with Articles 13, 14 and 21 GDPR may change from time to time. All changes will be published on this site. Older versions can be viewed in an archive.
Data Protection Information last updated: April 26, 2019
Part 2
SUPPLEMENTARY DATA PROTECTION STATEMENT FOR OUR WEBSITE
Thank you very much for your interest in our online presence. The protection of your personal data is very important to us. We would like to inform you of the use of cookies, analysis tools, and the possible effects on personal data on our website.
1. Cookies and opt-out right in direct advertising
We use temporary and permanent cookies, i.e., small files that are saved on the devices of users (for clarification of the term and the function, see the last section of this data protection information). The cookies serve the purpose of security and are necessary for the operation of our website (e.g., for the presentation of the website) or to save the user’s decision when confirming the cookie banner. In addition, either we or our technology partner use cookies for reach measurement and marketing purposes, of which our users are informed in the Privacy Policy.
You may generally opt out of the use of the cookies used for the purposes of online marketing in the case of many services, above all with respect to tracking, via the US-based website http://www.aboutads.info/choices/ or via the EU-based website http://www.youronlinechoices.com/. In addition, the retention of cookies may be achieved by deactivating them in the browser settings. Please note that it may not be possible to use all of the functions of this website in that case.
2. Recording of access data and log files
We record data on each access of our server on which the service is located (server log files) on the basis of our justified interest in accordance with Art. 6(1)(f) GDPR. The access data include the name of the website accessed, file, date, and time of the access, quantity of data transferred, reporting of successful access, browser type and version, the user’s operating system, referrer URL (the page visited previously), IP address, and the enquiring provider.
Log file information will be stored for security reasons (e.g., to clarify misuse or fraud actions) for a maximum period of seven days and then deleted. Data that has to be stored for the purposes of evidence are excluded from deletion until the final clarification of the occurrence in question.
3. Online presence in social media
We maintain an online presence within social networks and platforms in order to communicate with the clients, interested parties, and users who are active there and to be able to inform them there about our services. When accessing the relevant networks and platforms, the terms and conditions of business and the data processing guidelines of their operators apply.
Unless otherwise stated in our Privacy Policy, we process user data if they communicate with us within the social networks and platforms, e.g., contributions to our online presence or sending messages.
4. Cookies & Reach Measurement
Cookies are information that are transferred from our web server or third-party web servers to the web browser of the users and are stored there to be accessed later. Cookies may be small files or other kinds of information storage.
You can at any time change or withdraw your consent from the Cookie Declaration on our website.
We use session cookies that are only stored for the duration of the current visit to our website (e.g., in order to enable the storage of your login status or the shopping cart function and therefore actually make it possible for you to use our website at all). A randomly generated clear identification number will be stored in a session cookie. This is known as a session ID. In addition, a cookie contains information on its origin and the duration of storage. These cookies cannot store any other data. Session cookies are deleted when you end the use of our website and log out or close the browser.
If users do not wish cookies to be stored on their computer, they are requested to deactivate the appropriate option in the system settings for their browsers. Stored cookies can be deleted in the system settings of the browser. Excluding cookies from your computer can result in restricted functioning of this online content.
Users will be informed of the use of cookies as part of pseudonymous reach measurement in this data protection information. As far as legally required, we ask you for your consent in advance.
You may also opt out from the use of cookies that serve the purpose of range measurement and advertising via the deactivation pages of the network advertising initiative (http://optout.networkadvertising.org/) and additionally the US-based website (http://www.aboutads.info/choices) or the European-based website (http://www.youronlinechoices.com/uk/your-ad-choices/).
Your consent applies to the following domains: www.heuking.de
5. Google Analytics
If you have given us your prior consent in this respect, we use Google Analytics, a web analytics service of Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google"), for the purposes of analysis, optimization and economic operation of our online offering, on the basis of Art. 6 para. 1 sentence 1 lit. a GDPR. Google uses cookies. The information created by the cookie about the use of the website by the user is generally transferred to one of Google’s servers in the USA and is stored there.
Google is certified under the Privacy Shield framework and therefore guarantees compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
Google will use this information on our behalf to analyze the use of our online content by the users and to compile reports on activities within the online content in order to perform further services associated with the use of this online content for us. As part of this process, pseudonymous user profiles for the users can be created from the processed data.
We use Google Analytics to ensure that we only display the advertisements provided as part of the advertising services provided by Google and its partners to users who have shown an interest in our website or who display certain features (e.g., interest in certain topics or products, which is determined on the basis of the websites that are visited), which we send to Google (this is known as remarketing, or Google Analytics audiences). We use remarketing audiences to ensure that our advertisements are in line with the potential interest of the user, rather than being an irritation.
We only use Google Analytics with IP anonymization activated. This means that Google abbreviates the IP address of the user in the member states of the European Union, or in other signatory countries of the Agreement on the European Economic Area. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and then abbreviated there.
The IP address transmitted from the user’s browser is not combined with other data by Google. Users can prevent the storage of cookies by configuring their browser settings appropriately; users can also prevent the recording of the data generated by the cookie and the data collected as a result of their use of the online content to Google, as well as its processing by Google. This can be done by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de.
As an alternative to the browser plugin or in browsers on mobile devices, please click on the following link in order to set up an opt-out cookie, which prevents recording by Google Analytics on this website in future (this opt-out cookie only functions in this browser and only for this domain, delete your cookies in this browser, then click on this link again):
You can find further information on the use of data by Google, as well as options of settings and opt-out on Google’s website: https://www.google.com/
intl/de/policies/privacy/partners (“How Google uses information from sites or apps that use our services”), https://policies.google.com/technologies/ads (“How Google uses cookies in advertising”), https://adssettings.google.com/authenticated (“Make the ads you see more useful to you”).
Google-Re/Marketing-Services
We use the marketing and remarketing services (abbreviated to “Google Marketing Services”) of Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland, (“Google”) on the basis of our justified interests (i.e., interest in the analysis, optimization, and economic operation of our online content as defined under Art. 6(1)(f) GDPR).
Google is certified under the Privacy Shield framework and therefore guarantees compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
Google Marketing Services allow us to show advertisements for and on websites in a more targeted way in order only to present users with advertisements that may be of interest to. If users, for example, are shown advertisements for products that they have shown an interest in on other websites, this is known as “remarketing.” For these purposes, when our website and other websites on which Google Marketing Services are active are accessed, a code is executed by Google and (re)marketing tags (invisible graphics or codes, which are also known as "web beacons") are incorporated into the website. These are used to save an individual cookie on the user’s device, i.e., a small file (comparable technologies can also be used instead of cookies). The cookies can be created by various different domains, including google.com, doubleclick.net, invitemedia.com, admeld.com, googlesyndication.com, or googleadservices.com. This file records which websites users look at, what content they show an interest in, and which offerings they click on. The file also contains technical information about the browser and operating system, referring websites, duration of the visit, as well as other information about the use of the online content. The IP addresses of users are also recorded, although we state within Google Analytics that the IP addresses within the member states of the European Union or in other signatory states of the Agreement on the European Economic Area and only sent in full to Google server in the USA and abbreviated there. The IP address is not combined with the users’ data within other offers from Google. Google an also combine the aforementioned information with information from other sources. If users then visit other websites, they can be shown advertisements tailored to their interests.
The users’ data is processed in a pseudonymous manner within Google Marketing Services. This means that Google does not process the name or email addresses of the users, but rather processes the relevant data based on cookies within pseudonymized user profiles. This means that from the point of view of Google, the information is not managed and viewed for a concrete, identified person, but rather for the cookie owner, irrespective of who this cookie owner is. This does not apply if a user has expressly given Google permission to process the data without this pseudonymization. The information collected by Google Marketing Services about the users is transmitted to Google and stored on Google’s servers in the USA.
In addition, we may use the "Google Tag Manager" in order to incorporate the Google analysis and marketing services into our website and to manage them.
Additional information on data use for marketing purposes by Google is available at https://policies.google.com/technologies/ads, the Google Privacy Policy is available at https://policies.google.com/privacy.
If you want to opt-out of interest-based advertising by Google Marketing Services, you can make use of the settings and opt-out options provided by Google: https://adssettings.google.com/authenticated.
6. Cloudflare - Content Delivery Network
On the basis of our legitimate interests (i.e. interests in the optimization of the performance, to secure this website and to optimize loading times and security of our online offer and recognition of the language settings of the user within the meaning of Article 6 Para. 1 letter F GDPR), we use the Cloudflare CDN service from Cloudflare, Inc. ("Cloudflare"). In this connection, personal data may be transmitted to Cloudflare by the browser you are using, but this data will be deleted once the purpose has been achieved.
Cloudflare uses cookies. The information generated by the cookie about the use of the online offer by users is usually transmitted to a Cloudflare server in the USA and stored there.
Cloudflare is certified under the Privacy Shield Convention and offers a guarantee through this that it will comply with the European Data Protection Law (https://www.privacyshield.gov/participant?id=a2zt0000000GnZKAA0&status=Active).
You can find further information about data use by Cloudflare, setting and objection options on Cloudflare's website: https://www.cloudflare.com/privacypolicy/
7. Newsletters
In the following, we inform you about content of our newsletters, as well as the processes for registration, distribution, and statistical evaluation, as well as your right to opt out. By subscribing to our newsletter, you state that you agree to receive it and to the processes described.
Content of the newsletters: we send newsletters, emails, and other electronic notifications with promotional information (hereinafter: “Newsletter”) only with the consent of the recipient or legal permission. If the content of a registration to receive a newsletter is outlined in concrete terms within the registration, that content will be decisive with regard to the consent of the user. In addition, our newsletters contain information about our events, offers, campaigns, and our company.
Double opt-in and logging: registering to receive our newsletter takes place in a “double opt-in procedure,” i.e., after registration you will receive an email in which you will be asked to confirm your registration. This confirmation is necessary so that no one can register with someone else’s email address. A log is kept of registrations for the Newsletter in order to be able to prove that the registration process took place in accordance with the legal requirements. This includes the saving of the time of registration and confirmation, as well as the IP address. A record will be kept of changes in your data that is stored by the distribution provider.
Distribution provider: The newsletters are generally distributed by a distribution provider, CleverReach GmbH & Co. KG, Mühlenstr. 43, 26180 Rastede, Germany, hereinafter referred to as the “Distribution Provider.” The distribution provider’s Privacy Policy is available at https://www.cleverreach.com/en/privacy-policy/.
In addition, the distribution provider may use these data in a pseudonymized form based on its own information, i.e., without allocation to a user, in order to optimize or improve its own services, e.g., for technical optimization of the distribution and the presentation of the newsletter or for statistical purposes in order to determine which country the recipients come from. The distribution provider will not, however, use the data of our newsletter recipients to write to them itself, nor will it pass on the data to third parties.
Registration data: to register for the Newsletter, it is sufficient to enter your email address. As an option, please enter a name so that we can address you personally in the Newsletter.
Performance measurement: the newsletters contain a “web beacon,” i.e., a pixel-sized file that is accessed by the server of the distribution provider when the Newsletter is opened. During this access, initially technical information, such as information about the browser and your system, as well as your IP address and the time of access. This information will be used for the technical improvement of the services based on the technical data or the target groups and their reading behavior based on the locations of access (which can be determined with the aid of the IP address) or the access times. The statistical records will also include the determination of whether the Newsletters are opened, when they are opened, and what links are clicked on. For technical reasons, it is possible to allocate this information to the individual Newsletter recipients. It is, however, not our aim, or that of the Distribution Provider, to observe individual users. Rather, the analysis serves the purpose of recognizing the reading habits of our users and adjusting our content to suit them or to send different information in line with the interests of our users.
Germany: The distribution of the Newsletter and performance measurement take place on the basis of consent from the recipient in accordance with Art. 6 6(1)(a), Art. 7 in conjunction with Section 7(2)(3) German Act Against Unfair Competition or on the basis of legal permission in accordance with Section 7(3) Act Against Unfair Competition.
The recording of the registration procedure is performed on the basis of our justified interests in accordance with Art. 6(1)(f) GDPR and serves as proof of consent for receipt of the newsletter.
Termination/cancellation: you can terminate your agreement to receipt of our newsletter at any time, i.e., revoke your consent. You will find a link for cancellation option of the newsletter at the end of each newsletter. If the user has only registered for the newsletter, his/her personal information will be erased.
8. Incorporation of third-party services and content
On the basis of our justified interest (i.e., an interest in the analysis, optimization, and economic operation of our website in accordance with Art. 6(1)(f) GDPR), within our website we offer content and services from third party providers in order to incorporate their content and services, such as videos and fonts (hereinafter referred to collectively as “Content”). The prerequisite for this is that the third-party providers of this Content have to use the IP address of the user because without the IP address, they cannot send the Content to the browser. The IP address is therefore necessary for the provision of this Content. We make every effort only to use Content if the providers only use the IP address for the provision of the Content. Third party suppliers can also use “pixel tags” (invisible graphics also known as "web beacons") for statistical or marketing purposes. The "pixel tags" can be used to evaluate information on the user traffic to the pages of this website. The pseudonymous information can also be stored in cookies on the user’s device and among other things includes technical information about the browser and operating system, referring websites, visit times, and also other information on the use of our online content. This information can also be connected with information of this kind from other sources.
The following description offers an overview of third-party providers, as well as their content, and also links to their Privacy Policies, which contain further details on the processing of data and opt-out options, some of which have already been mentioned:
- External fonts by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland, www.google.com/fonts (“Google Fonts”). The incorporation of the Google fonts is performed by means of a server access at Google (generally in the USA). Privacy Policy: https://policies.google.com/privacy , Opt-out: https://adssettings.google.com/authenticated.
- Maps of the “Google Maps” service by third-party provider Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland. Privacy Policy: https://www.google.com/
policies/privacy/, Opt-out: https://www.google.com/settings/ads/. - We incorporate the function for recognizing bots, e.g., when completing online forms ("ReCaptcha") of the Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland. Privacy Policy: https://www.google.com/
policies/privacy/, Opt-out: https://adssettings.google.com/authenticated. - Videos of the “YouTube” service by third-party provider Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland. Privacy Policy: https://policies.google.com/privacy, Opt-out: https://adssettings.google.com/
authenticated.
For this purpose, we use the "extended data protection mode" for the integration of the YouTube videos, through which a cookie is only stored on the user's computer when the respective YouTube video is played. YouTube states that no personal cookie information is stored when embedded videos are played in extended privacy mode. Further information on data processing and notes on data protection by YouTube (Google) can be found at www.google.de/intl/de/policies/privacy/. If you want to ensure that YouTube does not receive any data from you, please do not click on the embedded YouTube videos.
- As part of our online offering, we are using the marketing functions (“LinkedIn Insight Tag”) of the LinkedIn network. The provider is LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA. Each time one of our pages that contains LinkedIn functions is accessed, a connection is made with LinkedIn’s servers. LinkedIn is informed that you have visited our website with your IP address. We can use the LinkedIn Insight tag in particular to analyze the success of our campaigns in LinkedIn or determine target groups for these on the basis of the interaction of the users with our website. If you are registered with LinkedIn, LinkedIn is able to allocate your interactions with our website to your user account. Also, if you click on the LinkedIn “recommend button” and are logged in to your LinkedIn account, it is possible for LinkedIn to allocate your visit to our website to you and to your user account. LinkedIn is certified under the Privacy Shield framework and therefore guarantees compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000L0UZAA0&status=Active). Privacy Policy: https://www.linkedin.com/legal/privacy-policy, Opt-out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
- The functions of the Twitter service or platform may be incorporated into our website (hereinafter referred to as “Twitter”). Twitter is offered by Twitter, Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. The functions include the presentation of our contributions in Twitter within our website, links to our profile at Twitter, and the option of interacting with contributions and functions of Twitter, as well as measuring whether users access our online content via our advertisements on Twitter (“conversion measurement”). Twitter is certified under the Privacy Shield agreement and therefore guarantees compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000TORzAAO&status=Active) Privacy Policy: https://twitter.com/de/privacy, Opt-out: twitter.com/personalization.
- We use functions of the XING network. The provider is XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany. Each time our web pages containing the Xing functions are accessed, a connection is made to the Xing servers. As far as we are aware, personal data is not saved in this process. In particular, no IP addresses are saved and the usage behavior is not analyzed. Privacy Policy: https://www.xing.com/app/share?op=data_protection.
- External code of the JavaScript frameworks “jQuery,” provided by third-party provider jQuery Foundation, https://jquery.org.
- We use functions of the URL shortener service bitly. The provider is bitly, Inc. 139 5th Avenue, 5th Floor, New York, NY 10010, USA. Privacy Policy: https://bitly.com/pages/privacy.
- We use the event organization tools provided by Altares. The provider is altares GmbH & Co. KG, Wiesenstraße 21a, 40549 Düsseldorf, Germany. The invitation and participant management for our events is performed partially online using Altares’s software and servers. There is no explicit commission for the processing of data but the possibility of personal data being accessed during testing and maintenance cannot be ruled out. Privacy Policy: https://www.altares.de/index.php/datenschutzhinweis.
Data Protection Information last updated: July 10, 2020
(Last updated April 26, 2019)
Part 1
INFORMATION ON DATA PROTECTION RELATED TO OUR PROCESSING UNDER ARTICLES 13, 14 AND 21 GENERAL DATA PROTECTION REGULA-TION (GDPR)
We take data protection very seriously and inform you herein how we process your data and what claims and rights you are entitled to under data protection regulations.
1. Data Controller and contact details
Data Controller:
Heuking Kühn Lüer Wojtek PartGmbB
Georg-Glock-Strasse 4
D-40474 Düsseldorf, Germany
Contact details of our Data Protection Officer (also Data Protection Officer of all notaries working in the law firm):
Heuking Kühn Lüer Wojtek PartGmbB
Data Protection Officer Mr. Harald Eul
(HEC Harald Eul Consulting GmbH)
Georg-Glock-Strasse 4
D-40474 Düsseldorf, Germany
Email: dsb@heuking.de
2. Purposes and legal basis upon which we process your data
We process personal data in accordance with the stipulations of the General Data Protection Regula-tion (GDPR), the German Federal Data Protection Act (Bundesdatenschutzgesetz - BDSG), and other applicable data protection provisions (details are provided below). The details on which data are processed and how they are used largely depend on the services requested or agreed in each case. If you retain our law firm, we will collect the following information in particular:
- contact person (title, first name, last name),
- email address(es),
- street address,
- phone number (landline and/or mobile),
- user data (websites accessed, interest in contents, access times)
- meta/communication data (e.g., device information, IP addresses)
- information necessary for asserting and defending your rights as part of retaining our law firm.
Further details or additions to the purposes of data processing can be found in the respective contract documents, in forms, in a declaration of consent and/or other information provided to you (e.g., in the context of the use of our website or in our terms and conditions).
This Data Protection Information may be updated from time to time and is available on our website https://www.heuking.de/en/data-protection-provisions.html.
2.1 Purposes necessary for performance of a contract or precontractual measures (Art. 6(1)(b) GDPR)
The processing of personal data is performed at your request for the performance of our contracts with you and for the performance of your orders, as well as for the performance of measures and activities within the scope of precontractual relationships, e.g., with interested parties. The collection of these data is performed mainly
- in order to be able to identify you as a client,
- in order to be able to provide you with legal advice and represent you in an appropriate manner,
- for correspondence with you,
- for accounting purposes,
- for processing of any liability claims that exist, as well as the assertion of any claims against you,
- for measures for the control and optimization of business processes,
- for the traceability of transactions, orders, and other agreements,
- to guarantee IT security (including system or plausibility tests),
- for emergency management,
- to fulfill the general duties of care,
- to safeguard and enforce domestic authority (e.g., by means of access controls),
- for cost recording and controlling, as well as for reporting.
2.2 Purposes within the framework of your consent (Art. 6(1)(a) GDPR)
Your personal data may also be processed for certain purposes (e.g., use of company communication systems for private purposes; photographs/videos of you for publication in the Intranet/Internet) includ-ing as a result of your consent. As a rule, you may revoke this consent at any time. This also applies to the revoking of declarations of consent that were issued to us before the GDPR went into effect, i.e., prior to May 25, 2018. You will be informed sepa-rately about the consequences of revocation or refusal to provide consent in the respective text of the consent.
Generally, revocation of consent only applies to the future. Processing carried out prior to consent be-ing issued is not affected and remains lawful.
2.3 Purposes within the framework of a legitimate interest on our part or of third parties (Art. 6(1)(f) GDPR)
Beyond the actual fulfilment of the (pre-)agreement, we process your data whenever this is necessary to protect legitimate interests of our own or of third parties, in particular for the following purposes:
- advertising or market and opinion research, unless you have objected to the use of your data;
- sending newsletters with information on current legal topics and events organized by the law firm;
- obtaining information and exchanging data with credit agencies where this goes beyond our economic risk;
- the checking and optimization of processes for requirements analysis;
- the further development of services and products as well as existing systems and processes;
- the disclosure of personal data within the framework of due diligence in the course of company sale negotiations;
- for comparison with European and international anti-terror lists, insofar as this goes beyond the legal obligations;
- the enrichment of our data, e.g., by using or researching publicly accessible data;
- statistical evaluations or market analysis;
- benchmarking;
- the assertion of legal claims and defense in legal disputes which are not directly attributable to the contractual relationship;
- the restricted processing of data, if erasure is not possible or only possible with disproportionately high effort due to the particular type of storage;
- the development of scoring systems or automated decision-making processes;
- the prevention and investigation of criminal offences, if not exclusively for the fulfilment of legal requirements;
- building and plant security (e.g., by means of access control and video surveillance), insofar as this goes beyond the general duties of care;
- internal and external investigations, safety reviews;
- any monitoring or recording of telephone conversations for quality control and training purposes;
- obtaining and maintenance of certifications of a private-law or official government nature;
- the safeguarding and exercise of domestic authority by means of appropriate measures as well as video surveillance for the protection of our customers and employees as well as for securing evidence in the event of criminal offences and their prevention.
2.4 Purposes necessary for compliance with a legal obligation (Art. 6(1)(c) GDPR) or for the performance of a task carried out in the public interest (Art. 6(1)(e) GDPR)
Like all players in business life, we are also subject to a large number of legal obligations. These are primarily statutory requirements (e.g., commercial and tax laws), but also if applicable supervisory law or other requirements set out by government authorities. The purposes of processing may also include identity and age checks, prevention of fraud and money laundering (e.g., comparisons with European and international anti-terror lists), compliance with control and notification obligations under tax law as well as the archiving of data for the purposes of data protection and data security as well as for purposes of audits by tax advisors/auditors, fiscal and other government authorities. In addition, it may be necessary to disclose personal data within the framework of official government/court measures for the purposes of collecting evidence, law enforcement and criminal prosecution or the satisfaction of civil law claims.
3. The categories of data that we process if we do not receive data directly from you, and their origin
If necessary for the contractual relationship with you and the activities performed by you, we may process data which we lawfully receive from other offices or other third parties (e.g., credit agencies, publishers of address databases, journalist databases). In addition, we process personal data that we have lawfully collected, received or acquired from publicly accessible sources (such as commercial registers and association registers, civil registers, the press, Internet and other media) if such is necessary and we are allowed to process these data in accordance with statutory provisions.
Relevant personal data categories may be, in particular:
- personal data (name, date of birth, place of birth, nationality, marital status, occupation/trade and comparable data),
- contact data (address, e-mail address, telephone number and similar data)
- address data (population register data and comparable data)
- payment confirmation/confirmation of cover for bank and credit cards
- information about your financial situation (creditworthiness data including scoring, i.e., data for assessing the economic risk)
- customer history
- data on your use of the telemedia offered by us (e.g., time of access to our websites, apps or newsletters, clicked pages/links of us or entries and comparable data)
- metadata/communication data (e.g., device information, IP addresses),
- video data
4. Recipients or categories of recipients of your data
Your personal data will only be transferred to third parties if
- you have given us consent to transmit data to third parties,
- this is necessary in accordance with Art. 6(1)(b) GDPR for the processing of client relationships with you (this includes in particular passing it on to the opposing party in proceedings and their representatives, in particular their attorneys, as well as courts and other public authorities for the purposes of correspondence, marketing measures, as well as for the asserting and defending of their rights),
- for purposes where we are obligated or entitled to give information, notification or to forward data,
- to the extent that external service providers commissioned by us process data as order processors or parties that assume certain functions (e.g., external data centers, support and maintenance of IT applications, archiving, document processing, call center services, compliance services, controlling, data screening for anti-money laundering purposes, data validation and data protection. plausibility check, data destruction, purchasing/procurement, customer administration, letter shops, marketing, media technology, research, risk controlling, billing, telephony, website management, auditing services, banks, printing plants or companies for data disposal, courier services, logistics, press relations work).
We will moreover refrain from transmitting your data to third parties if we have not informed you of such separately. If we commission service providers within the framework of processing an order, your data will be subject there to the security standards stipulated by us in order to adequately protect your data. In all other cases, recipients may only use the data for purposes for which the data have been sent to them.
Attorney-client privilege will remain unaffected. With regard to data that are subject to attorney-client privilege, the information will only be passed on with your agreement.
Within our firm, the internal departments and organizational units who need your data in order to fulfill our contractual and legal obligations, or within the framework of processing and implementation of our justified interest, will receive your data.
5. Duration of data storage
We process and store your data for the duration of our business relationship. This also includes the initiation of a contract (precontractual legal relationship) and the execution of a contract.
The personal data that we record for the clients will be stored until the end of the legal storage period for lawyers (6 years after the end of the calendar year in which you ceased being a client) and erased, unless we are obligated to store the data for longer in accordance with Art. 6(1)(c) GDPR as a result of storage and documentation obligations under tax and commercial law (under the German Commercial Code, Penal Code, or Tax Code), or if you have given your consent to longer storage in accordance with Art. 6(1)(a) GDPR.
Furthermore, special statutory provisions may require longer retention such as the preservation of evidence in connection with statutory time-barring provisions (statute of limitations). Under Sections 195 et seq. German Civil Code (BGB), the regular time-barring period is three years, but time-barring periods of up to 30 years may also be applicable.
If the data are no longer required to meet contractual or statutory obligations and rights, data will be routinely erased unless its further processing - for a limited period - is necessary to fulfil the purposes listed under item no. 2.2 due to an overriding legitimate interest. Such an overriding legitimate interest is deemed to be the case, for example, if it is not possible to erase the data as a result of the particular type of storage, if such is only possible at a disproportionately great expense, and processing for other purposes is excluded by appropriate technical and organizational measures.
6. Processing of your data in a third country or through an international organization
Data are transmitted to offices in countries outside the European Economic Area EU/EEA (third countries) whenever such is necessary to meet a contractual obligation towards you (e.g., if you are posted to another country), if such is required by law (e.g., notification obligations under tax law), if such is in the legitimate interest of us or a third party, or you have issued us with your consent to such.
At the same time, your data may be processed in a third country, including in connection with the involvement of service providers within the framework of the processing of the order. If no decision has been issued by the EU Commission regarding the presence of an appropriate level of data protection for the respective country, we warrant that your rights and freedoms will be reasonably protected and guarantied in accordance with EU data protection requirements through contractual agreements to this effect. We will provide you with detailed information on request.
You can request information on the suitable or appropriate guarantees and on the possibility of receiving a copy of these from the company data protection officer or the human resources department responsible for you.
7. Your data protection rights / rights of data subjects
If certain conditions are met, you can assert the following data protection rights against us:
7.1 Under Art. 7(3) GDPR, you may revoke the consent that you have issued to us at any time. The result of this is that we may no longer perform the data processing covered by this consent in future.
7.2 Under Art. 15 GDPR, you have the right to obtain information on your personal data processed by us (where applicable, with limitations in accordance with Section 34 Federal Data Protection Act).
7.3 Upon request, we will rectify or complete data stored on you in accordance with Art. 16 GDPR if such data are inaccurate or incorrect.
7.4 Upon your request, we will erase your data in accordance with the principles of Art. 17 GDPR, unless we are prohibited from doing so by other statutory provisions (e.g., statutory retention obligations or the restrictions laid down in Section 35 Federal Data Protection Act) or an overriding interest on our part (for example, to defend our rights and claims).
7.5 Taking into account the preconditions laid down in Art. 18 GDPR, you may request us to restrict the processing of your data.
7.6 In accordance with the provisions of Art. 20 GDPR, you also have the right to receive the personal data concerning you in a structured, commonly used and machine-readable format or to transmit such data to a third party.
7.7 Furthermore, you may file an objection to the processing of your data in accordance with Art. 21 GDPR, as a result of which we are obliged to stop processing your data. This right of objection only applies, however, if very special circumstances characterize your personal situation, whereby the rights of our firm may stand in the way of your right of objection.
7.8 You also have the right to revoke consent, issued to us to process personal data, at any time with effect for the future.
7.9 In addition, you have the right to complain to a data protection supervisory authority (Art. 77 GDPR). We recommend, however, that complaints should always initially be sent to our Data Protection Officer.
Your applications regarding the exercising of your rights should, if possible, be addressed in writing to the abovementioned address or directly to our Data Protection Officer.
8. Scope of your obligation to provide us with your data
You only need to provide data that are necessary for the commencement and performance of the business relationship, for a precontractual relationship with us, or if we are obliged to collect the data by law. Without these data, we are generally not able to conclude the agreement or continue to perform it. This may also relate to data that are required later within the framework of the contractual relationship. If we request data from you above and beyond this, you will be informed about the voluntary nature of the information separately.
Information on your right of objection under Art. 21 GDPR
1. You have the right to file an objection at any time against processing of your data carried out on the basis of Art. 6(1)(f) GDPR (data processing on the basis of a weighing-up of interests) or Art. 6(1)(e) GDPR (data processing in the public interest). The precondition for this is, however, that there are grounds for your objection emanating from your special personal situation. This also applies to profiling based on this provision within the meaning of Art. 4(4) GDPR.
If you file an objection, we will no longer process your personal data unless we can demonstrate compelling reasons warranting protection for the processing that outweigh your interests, rights and freedoms, or the processing serves the purpose of asserting, exercising or defending legal claims.
2. We also process your personal data in order to perform direct advertising. If you do not want to receive any advertising, you have the right to file an objection against this at any time. This also applies to the profiling to the extent that it is connected with such direct advertising. We will respect this objection with effect for the future.
We will no longer process your data for the purpose of direct advertising if you object to processing for this purpose.
The objection may be filed without adhering to any formal requirements and should be sent to
Heuking Kühn Lüer Wojtek PartGmbB
Data Protection Officer Herr Harald Eul
(HEC Harald Eul Consulting GmbH)
Georg-Glock-Strasse 4
D-40474 Düsseldorf, Germany
Email: dsb@heuking.de
Our Privacy Policy and the information on data protection related to our data processing in accordance with Articles 13, 14 and 21 GDPR may change from time to time. All changes will be published on this site. Older versions can be viewed in an archive.
Data Protection Information last updated: April 26, 2019
Part 2
SUPPLEMENTARY DATA PROTECTION STATEMENT FOR OUR WEBSITE
Thank you very much for your interest in our online presence. The protection of your personal data is very important to us. We would like to inform you of the use of cookies, analysis tools, and the possible effects on personal data on our website.
1. Cookies and opt-out right in direct advertising
We use temporary and permanent cookies, i.e., small files that are stored on the devices of users (for clarification of the term and the function, see the last section of this data protection information). The cookies serve the purpose of security and are necessary for the operation of our website (e.g., for the presentation of the website) or to save the user’s decision when confirming the cookie banner. In addition, either we or our technology partner use cookies for reach measurement and marketing purposes, of which our users are informed in the Data Protection Statement.
You may generally opt out of the use of the cookies, used for the purposes of online marketing, for many services, above all with respect to tracking, via the US-based website http://www.aboutads.info/choices/ or via the EU-based website www.youronlinechoices.com. In addition, the storage of cookies may be achieved by deactivating them in the browser settings. Please note that it may not be possible to use all of the functions of this website in this case.
2. Recording of access data and log files
We record data on each access to our server on which the service is located (server log files) on the basis of our justified interest in accordance with Art. 6(1)(f) GDPR. The access data include the name of the website accessed, file, date, and time of the access, quantity of data transferred, reporting of successful access, browser type and version, the user’s operating system, referrer URL (the page visited previously), IP address, and the enquiring provider.
Log file information will be stored for security reasons (e.g., to clarify misuse or fraud actions) for a maximum period of seven days and then erased. Data that have to be stored for the purposes of evidence are excluded from erasure until the final clarification of the matter in question.
3. Online presence in social media
We maintain an online presence within social networks and platforms in order to communicate with the clients, interested parties, and users who are active there and to be able to inform them there about our services. When accessing the relevant networks and platforms, the terms and conditions of business and the data processing guidelines of their operators apply.
Unless otherwise stated in our Data Protection Statement, we process user data if they communicate with us within the social networks and platforms, e.g., contributions to our online presence or sending messages.
4. Cookies & reach measurement
Cookies are information transferred from our web server or third-party web servers to the web browser of the users and are stored there to be accessed later. Cookies may be small files or other kinds of information storage.
We use session cookies that are only stored for the duration of the current visit to our website (e.g., in order to enable the storage of your login status or the shopping cart function and therefore actually make it possible for you to use our website at all). A randomly generated clear identification number will be stored in a session cookie. This is known as a session ID. In addition, a cookie contains information on its origin and the duration of storage. These cookies cannot store any other data. Session cookies are deleted when you end the use of our website and log out or close the browser.
Users will be informed of the use of cookies as part of pseudonymous reach measurement in this data protection information.
If users do not wish cookies to be stored on their computer, they are requested to deactivate the appropriate option in the system settings for their browsers. Stored cookies can be deleted in the system settings of the browser. Excluding cookies from your computer can result in restricted functioning of this online content.
You may opt out from the use of cookies that serve the purpose of reach measurement and advertising via the deactivation site of the network advertising initiative (http://optout.networkadvertising.org/) and additionally the US-based website (http://www.aboutads.info/choices) or the European-based website (http://www.youronlinechoices.com/uk/your-ad-choices/).
5. Google Analytics
On the basis of our justified interests (i.e., an interest in the analysis, optimization, and economic operation of our website as defined under Art. 6(1)(f) GDPR), we use Google Analytics, a web analysis service provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland, (Google). Google uses cookies. The information created by the cookie about the use of the website by the user is generally transferred to one of Google’s servers in the USA and is stored there.
Google is certified under the Privacy Shield framework and therefore guarantees compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
Google will use this information on our behalf to analyze the use of our online content by the users and to compile reports on activities within the online content in order to perform further services associated with the use of this online content for us. As part of this process, pseudonymous user profiles for the users can be created from the processed data.
We use Google Analytics to ensure that we only display the advertisements provided as part of the advertising services provided by Google and its partners to users who have shown an interest in our website or who display certain features (e.g., interest in certain topics or products, which is determined on the basis of the websites that are visited), which we send to Google (this is known as remarketing, or Google Analytics audiences). We use remarketing audiences to ensure that our advertisements are in line with the potential interest of the user, rather than being an irritation.
We only use Google Analytics with IP anonymization activated. This means that Google abbreviates the IP address of the user in the member states of the European Union, or in other signatory countries of the Agreement on the European Economic Area. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and then abbreviated there.
The IP address transmitted from the user’s browser is not combined with other data by Google. Users can prevent the storage of cookies by configuring their browser settings appropriately; users can also prevent the recording of the data generated by the cookie and the data collected as a result of their use of the online content to Google, as well as its processing by Google. This can be done by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de.
As an alternative to the browser plugin or in browsers on mobile devices, please click on the following link in order to set up an opt-out cookie, which prevents recording by Google Analytics on this website in future (this opt-out cookie only functions in this browser and only for this domain, delete your cookies in this browser, then click on this link again):
You can find further information on the use of data by Google, as well as options for settings and opt-out on Google’s website: https://www.google.com/intl/de/policies/privacy/partners (“How Google uses information from sites or apps that use our services”), https://policies.google.com/technologies/ads (“How Google uses cookies in advertising”), https://adssettings.google.com/authenticated (“Make the ads you see more useful to you”).
Google-Re/Marketing Services
We use the marketing and remarketing services (abbreviated to “Google Marketing Services”) of Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland, (“Google”) on the basis of our justified interests (i.e., interest in the analysis, optimization, and economic operation of our online content as defined under Art. 6(1)(f) GDPR).
Google is certified under the Privacy Shield framework and therefore guarantees compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
Google Marketing Services allow us to show advertisements for and on websites in a more targeted way, in order only to present users with advertisements that may be of interest to them. If, for example, users are shown advertisements for products that they have shown an interest in on other websites, this is known as “remarketing.” For these purposes, when our website and other websites on which Google Marketing Services are active are accessed, a code is executed by Google and (re)marketing tags (invisible graphics or codes, which are also known as "web beacons") are incorporated into the website. These are used to save an individual cookie on the user’s device, i.e., a small file (comparable technologies can also be used instead of cookies). The cookies can be created by various different domains, including google.com, doubleclick.net, invitemedia.com, admeld.com, googlesyndication.com, or googleadservices.com. This file records which websites users look at, what content they show an interest in, and which offerings they click on. The file also contains technical information about the browser and operating system, referring websites, duration of the visit, as well as other information about the use of the online content. The IP addresses of users are also recorded, although we state within Google Analytics that the IP addresses are abbreviated within the member states of the European Union or in other signatory states of the Agreement on the European Economic Area, and only in exceptional cases sent in full to a Google server in the USA and abbreviated there. The IP address is not combined with the users’ data within other offers from Google. Google can also combine the aforementioned information with information from other sources. If users then visit other websites, they can be shown advertisements tailored to their interests.
The users’ data is processed in a pseudonymous manner within Google Marketing Services. This means that Google does not process the name or email addresses of the users, but rather processes the relevant data based on cookies within pseudonymized user profiles. This means that from the point of view of Google, the information is not managed and viewed for a concrete, identified person, but rather for the cookie owner, irrespective of who this cookie owner is. This does not apply if a user has expressly given Google permission to process the data without this pseudonymization. The information collected by Google Marketing Services about the users is transmitted to Google and stored on Google’s servers in the USA.
In addition, we may use the "Google Tag Manager" in order to incorporate the Google analysis and marketing services into our website and to manage them.
Additional information on data use for marketing purposes by Google is available at https://policies.google.com/technologies/ads, the Google Data Protection Statement is available at https://policies.google.com/privacy.
If you want to opt-out of interest-based advertising by Google Marketing Services, you can make use of the settings and opt-out options provided by Google: https://adssettings.google.com/authenticated.
6. Facebook Social Plugins
We use social plugins ("plugins") provided by the social network facebook.com, operated by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland on the basis of our justified interests (i.e., interest in the analysis, optimization, and economic operation of our website as defined in Art. 6(1)(f) GDPR). The plugins can be interaction elements or contents (e.g., videos, graphics, or text contributions) and can be identified by the Facebook logo (white “f” on a blue square, the term "like,” or the thumbs up sign) or are marked with the addition of "Facebook Social Plugin.” The list and design of the Facebook Social Plugins are available at https://developers.facebook.com/docs/plugins/.
Facebook is certified under the Privacy Shield framework and therefore guarantees compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active).
If a user accesses a function of this online content that contains a plugin of this kind, its device creates a direct connection with Facebook’s servers. The content of the plugins is sent directly from Facebook to the user’s device and incorporated into the website by Facebook. In this process, user profiles may be created for users based on the processed data. We therefore have no influence on the scope of the data that Facebook records using these plugins and we therefore inform users based on the knowledge we have.
Facebook receives information that a user has accessed the corresponding page of the website by means of the incorporation of the plugins. If the user is logged in to Facebook, Facebook can allocate the visit to its Facebook account. If users interact with the plugins, for example by clicking the like button or submitting a comment, the corresponding information will be sent directly from your device to Facebook and saved there. If a user is not a member of Facebook, it is still possible for Facebook to determine and save the user’s IP address. According to Facebook, in Germany only an anonymized IP address is stored.
The purpose and scope of the recording of data and the further processing and use of the data by Facebook, as well as the rights and setting options for the protection of users’ privacy can be found in Facebook’s data protection information at: https://www.facebook.com/about/privacy/.
If users are Facebook members and do not want Facebook to collect information about them and link it to their data stored with Facebook, they need to log out of Facebook and delete the cookies. Other settings and opt-outs regarding the use of data for advertising purposes are possible within Facebook’s profile settings: https://www.facebook.com/settings?tab=ads or via the US-based website http://www.aboutads.info/choices/ or via the EU-based website http://www.youronlinechoices.com/. The settings are implemented irrespective of the platform, i.e., they are applied to all devices, from desktop computer to mobile devices.
7. Cloudflare - Content Delivery Network
On the basis of our legitimate interests (i.e. interests in the optimization of the performance, to secure this website and to optimize loading times and security of our online offer and recognition of the language settings of the user within the meaning of Article 6 Para. 1 letter F GDPR), we use the Cloudflare CDN service from Cloudflare, Inc. ("Cloudflare"). In this connection, personal data may be transmitted to Cloudflare by the browser you are using, but this data will be deleted once the purpose has been achieved.
Cloudflare uses cookies. The information generated by the cookie about the use of the online offer by users is usually transmitted to a Cloudflare server in the USA and stored there.
Cloudflare is certified under the Privacy Shield Convention and offers a guarantee through this that it will comply with the European Data Protection Law (https://www.privacyshield.gov/participant?id=a2zt0000000GnZKAA0&status=Active).
You can find further information about data use by Cloudflare, setting and objection options on Cloudflare's website: https://www.cloudflare.com/privacypolicy/
8. Newsletters
Below, we inform you about content of our newsletters, as well as the processes for registration, distribution, and statistical evaluation, as well as your right to opt out. By subscribing to our newsletter, you state that you agree to receive it and to the processes described.
Content of the newsletters: we send newsletters, emails, and other electronic notifications with promotional information (hereinafter: “Newsletter”) only with the consent of the recipient or with legal permission. If the content of a registration to receive a newsletter is outlined in concrete terms within the registration, that content will be decisive with regard to the consent of the user. In addition, our newsletters contain information about our events, offers, campaigns, and our company.
Double opt-in and logging: registering to receive our newsletter takes place in a “double opt-in procedure,” i.e., after registration you will receive an email in which you will be asked to confirm your registration. This confirmation is necessary so that no one can register with someone else’s email address. A log is kept of registrations for the Newsletter in order to be able to prove that the registration process took place in accordance with the legal requirements. This includes the saving of the time of registration and confirmation, as well as the IP address. A record will be kept of changes in your data and stored by the distribution provider.
Distribution provider: the newsletters are generally distributed by a distribution provider, CleverReach GmbH & Co. KG, Mühlenstr. 43, 26180 Rastede, Germany, hereinafter referred to as the “Distribution Provider.” The distribution provider’s Privacy Policy is available at https://www.cleverreach.com/en/privacy-policy/.
In addition, the distribution provider may use these data in a pseudonymized form based on its own information, i.e., without allocation to a user, in order to optimize or improve its own services, e.g., for technical optimization of the distribution and the presentation of the newsletter or for statistical purposes in order to determine which country the recipients come from. The distribution provider will not, however, use the data of our newsletter recipients to write to them itself, nor will it pass on the data to third parties.
Registration data: to register for the Newsletter, it is sufficient to enter your email address. As an option, please enter a name so that we can address you personally in the Newsletter.
Performance measurement: the newsletters contain a “web beacon,” i.e., a pixel-sized file that is accessed by the server of the distribution provider when the Newsletter is opened. During this access, initially technical information, such as information about the browser and your system, as well as your IP address and the time of access, will be collected. This information will be used for the technical improvement of the services based on the technical data or the target groups and their reading behavior based on the locations of access (which can be determined with the aid of the IP address) or the access times. The statistical records will also include the determination of whether the Newsletters are opened, when they are opened, and what links are clicked on. For technical reasons, it is possible to allocate this information to the individual Newsletter recipients. It is, however, not our aim, or that of the Distribution Provider, to monitor individual users. Rather, the analysis serves the purpose of recognizing the reading habits of our users and adjusting our content to suit them or to send different information in line with the interests of our users.
Germany: the distribution of the Newsletter and performance measurement take place on the basis of consent from the recipient in accordance with Art. 6 6(1)(a), Art. 7 in conjunction with Section 7(2)(3) German Act Against Unfair Competition or on the basis of legal permission in accordance with Section 7(3) Act Against Unfair Competition.
The recording of the registration procedure is performed on the basis of our justified interests in accordance with Art. 6(1)(f) GDPR and serves as proof of consent to receipt of the newsletter.
Termination/cancellation: you can terminate your agreement to receipt of our newsletter at any time, i.e., revoke your consent. You will find a link to the termination option for the newsletter at the end of each newsletter. If the user has only registered for the newsletter, his/her personal data will be erased.
9. Incorporation of third-party services and content
On the basis of our justified interest (i.e., an interest in the analysis, optimization, and economic operation of our website in accordance with Art. 6(1)(f) GDPR), our website offers content and services from third party providers in order to incorporate their content and services, such as videos and fonts (hereinafter referred to collectively as “Content”). The prerequisite for this is that the third-party providers of this Content have to use the IP address of the user because, without the IP address, they cannot send the Content to the browser. The IP address is therefore necessary for the provision of this Content. We make every effort only to use Content if the providers only use the IP address for the provision of the Content. Third-party suppliers can also use “pixel tags” (invisible graphics also known as "web beacons") for statistical or marketing purposes. The "pixel tags" can be used to evaluate information on the user traffic to the pages of this website. The pseudonymous information can also be stored in cookies on the user’s device and, among other things, includes technical information about the browser and operating system, referring websites, visit times, and also other information on the use of our online content. This information can also be connected with information of this kind from other sources.
The following description offers an overview of third-party providers, as well as their content, and also links to their data protection statements, which contain further details on the processing of data and opt-out options, some of which have already been mentioned:
- External fonts by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland, https://www.google.com/fonts (“Google Fonts”). The incorporation of the Google fonts is performed by means of server access at Google (generally in the USA). Data protection statement: https://policies.google.co/privacy, Opt-out: https://adssettings.google.com/authenticated.
- Maps of the “Google Maps” service by third-party provider Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland,. Data protection statement: https://www.google.com/policies/privacy/, Opt-out: https://www.google.com/settings/ads/.
- We incorporate the function for recognizing bots, e.g., when completing online forms ("ReCaptcha") of the provider Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland. Data protection statement: https://www.google.com/policies/privacy/, Opt-out: https://adssettings.google.com/authenticated.
- Videos of the “YouTube” service by third-party provider Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland. Data protection statement: https://policies.google.com/privacy, Opt-out: https://adssettings.google.com/authenticated .
- Our website includes Google+ services. These functions are provided by third-party provider Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland. If you are logged into your Google+ account, you can link your Google+ profile to the content of our pages by clicking the Google+ button. This means that Google can allocate the visit to our pages to your user account. Please note that, as the provider of the pages, we have no knowledge of the content of the data transmitted or how the data are used by Google+. Data protection statement: https://policies.google.com/privacy , Opt-out: https://adssettings.google.com/authenticated.
- As part of our online offering, we use the marketing functions (“LinkedIn Insight Tag”) of the LinkedIn network. The provider is LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA. Each time one of our pages containing LinkedIn functions is accessed, a connection is made with LinkedIn’s servers. LinkedIn is informed that you have visited our website with your IP address. We can use the LinkedIn Insight Tag in particular to analyze the success of our campaigns in LinkedIn or determine target groups for these on the basis of the interaction of the users with our website. If you are registered with LinkedIn, LinkedIn is able to allocate your interactions with our website to your user account. Also, if you click on the LinkedIn “recommend button” and are logged in to your LinkedIn account, it is possible for LinkedIn to allocate your visit to our website to you and to your user account. LinkedIn is certified under the Privacy Shield framework and therefore guarantees compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000L0UZAA0&status=Active). Data protection statement: https://www.linkedin.com/legal/privacy-policy, Opt-out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
- The functions of the Twitter service or platform may be incorporated into our website (hereinafter referred to as “Twitter”). Twitter is offered by Twitter, Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. The functions include the presentation of our contributions in Twitter within our website, links to our profile at Twitter, and the option of interacting with contributions and functions of Twitter, as well as measuring whether users access our online content via our advertisements on Twitter (“conversion measurement”). Twitter is certified under the Privacy Shield agreement and therefore guarantees compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000TORzAAO&status=Active) Data protection statement: https://twitter.com/de/privacy, Opt-out: https://twitter.com/personalization.
- We use functions of the XING network. The provider is XING AG, Dammtorstrasse 29-32, 20354 Hamburg, Germany. Each time our web pages containing the Xing functions are accessed, a connection is made to the Xing servers. As far as we are aware, personal data are not saved in this process. In particular, no IP addresses are saved and the usage behavior is not analyzed. Privacy Policy: https://www.xing.com/app/share?op=data_protection.
- External code of the JavaScript framework “jQuery,” provided by third-party provider jQuery Foundation, https://jquery.org.
- We use functions of the URL service bitly. The provider is bitly, Inc. 139 5th Avenue, 5th Floor, New York, NY 10010, USA. Data protection statement: https://bitly.com/pages/privacy.
- We use the event organization tools provided by Altares. The provider is altares GmbH & Co. KG, Wiesenstrasse 21a, 40549 Düsseldorf, Germany. The invitation and participant management for our events is performed partially online using Altares’s software and servers. There is no explicit commissioning for the processing of data but the possibility of personal data being accessed during testing and maintenance cannot be ruled out. Data protection statement: https://www.altares.de/index.php/datenschutzhinweis.
Data Protection Information last updated: April 26, 2019
(Last updated February 12, 2019)
Part 1
INFORMATION ON DATA PROTECTION RELATED TO OUR PROCESSING UNDER ARTICLES 13, 14 AND 21 GENERAL DATA PROTECTION REGULA-TION (GDPR)
We take data protection very seriously and inform you herein how we process your data and what claims and rights you are entitled to under data protection regulations.
1. Data Controller and contact details
Data Controller:
Heuking Kühn Lüer Wojtek PartGmbB
Georg-Glock-Strasse 4
D-40474 Düsseldorf, Germany
Contact details of our Data Protection Officer (also Data Protection Officer of all notaries working in the law firm):
Heuking Kühn Lüer Wojtek PartGmbB
Data Protection Officer Mr. Harald Eul
(HEC Harald Eul Consulting GmbH)
Georg-Glock-Strasse 4
D-40474 Düsseldorf, Germany
Email: dsb@heuking.de
2. Purposes and legal basis upon which we process your data
We process personal data in accordance with the stipulations of the General Data Protection Regula-tion (GDPR), the German Federal Data Protection Act (Bundesdatenschutzgesetz - BDSG), and other applicable data protection provisions (details are provided below). The details on which data are processed and how they are used largely depend on the services requested or agreed in each case. If you retain our law firm, we will collect the following information in particular:
- contact person (title, first name, last name),
- email address(es),
- street address,
- phone number (landline and/or mobile),
- user data (websites accessed, interest in contents, access times)
- meta/communication data (e.g., device information, IP addresses)
- information necessary for asserting and defending your rights as part of retaining our law firm.
Further details or additions to the purposes of data processing can be found in the respective contract documents, in forms, in a declaration of consent and/or other information provided to you (e.g., in the context of the use of our website or in our terms and conditions).
This Data Protection Information may be updated from time to time and is available on our website https://www.heuking.de/en/data-protection-provisions.html.
2.1 Purposes necessary for performance of a contract or precontractual measures (Art. 6(1)(b) GDPR)
The processing of personal data is performed at your request for the performance of our contracts with you and for the performance of your orders, as well as for the performance of measures and activities within the scope of precontractual relationships, e.g., with interested parties. The collection of these data is performed mainly
- in order to be able to identify you as a client,
- in order to be able to provide you with legal advice and represent you in an appropriate manner,
- for correspondence with you,
- for accounting purposes,
- for processing of any liability claims that exist, as well as the assertion of any claims against you,
- for measures for the control and optimization of business processes,
- for the traceability of transactions, orders, and other agreements,
- to guarantee IT security (including system or plausibility tests),
- for emergency management,
- to fulfill the general duties of care,
- to safeguard and enforce domestic authority (e.g., by means of access controls),
- for cost recording and controlling, as well as for reporting.
2.2 Purposes within the framework of your consent (Art. 6(1)(a) GDPR)
Your personal data may also be processed for certain purposes (e.g., use of company communication systems for private purposes; photographs/videos of you for publication in the Intranet/Internet) includ-ing as a result of your consent. As a rule, you may revoke this consent at any time. This also applies to the revoking of declarations of consent that were issued to us before the GDPR went into effect, i.e., prior to May 25, 2018. You will be informed sepa-rately about the consequences of revocation or refusal to provide consent in the respective text of the consent.
Generally, revocation of consent only applies to the future. Processing carried out prior to consent be-ing issued is not affected and remains lawful.
2.3 Purposes within the framework of a legitimate interest on our part or of third parties (Art. 6(1)(f) GDPR)
Beyond the actual fulfilment of the (pre-)agreement, we process your data whenever this is necessary to protect legitimate interests of our own or of third parties, in particular for the following purposes:
- advertising or market and opinion research, unless you have objected to the use of your data;
- sending newsletters with information on current legal topics and events organized by the law firm;
- obtaining information and exchanging data with credit agencies where this goes beyond our economic risk;
- the checking and optimization of processes for requirements analysis;
- the further development of services and products as well as existing systems and processes;
- the disclosure of personal data within the framework of due diligence in the course of company sale negotiations;
- for comparison with European and international anti-terror lists, insofar as this goes beyond the legal obligations;
- the enrichment of our data, e.g., by using or researching publicly accessible data;
- statistical evaluations or market analysis;
- benchmarking;
- the assertion of legal claims and defense in legal disputes which are not directly attributable to the contractual relationship;
- the restricted processing of data, if erasure is not possible or only possible with disproportionately high effort due to the particular type of storage;
- the development of scoring systems or automated decision-making processes;
- the prevention and investigation of criminal offences, if not exclusively for the fulfilment of legal requirements;
- building and plant security (e.g., by means of access control and video surveillance), insofar as this goes beyond the general duties of care;
- internal and external investigations, safety reviews;
- any monitoring or recording of telephone conversations for quality control and training purposes;
- obtaining and maintenance of certifications of a private-law or official government nature;
- the safeguarding and exercise of domestic authority by means of appropriate measures as well as video surveillance for the protection of our customers and employees as well as for securing evidence in the event of criminal offences and their prevention.
2.4 Purposes necessary for compliance with a legal obligation (Art. 6(1)(c) GDPR) or for the performance of a task carried out in the public interest (Art. 6(1)(e) GDPR)
Like all players in business life, we are also subject to a large number of legal obligations. These are primarily statutory requirements (e.g., commercial and tax laws), but also if applicable supervisory law or other requirements set out by government authorities. The purposes of processing may also include identity and age checks, prevention of fraud and money laundering (e.g., comparisons with European and international anti-terror lists), compliance with control and notification obligations under tax law as well as the archiving of data for the purposes of data protection and data security as well as for purposes of audits by tax advisors/auditors, fiscal and other government authorities. In addition, it may be necessary to disclose personal data within the framework of official government/court measures for the purposes of collecting evidence, law enforcement and criminal prosecution or the satisfaction of civil law claims.
3. The categories of data that we process if we do not receive data directly from you, and their origin
If necessary for the contractual relationship with you and the activities performed by you, we may process data which we lawfully receive from other offices or other third parties (e.g., credit agencies, publishers of address databases, journalist databases). In addition, we process personal data that we have lawfully collected, received or acquired from publicly accessible sources (such as commercial registers and association registers, civil registers, the press, Internet and other media) if such is necessary and we are allowed to process these data in accordance with statutory provisions.
Relevant personal data categories may be, in particular:
- personal data (name, date of birth, place of birth, nationality, marital status, occupation/trade and comparable data),
- contact data (address, e-mail address, telephone number and similar data)
- address data (population register data and comparable data)
- payment confirmation/confirmation of cover for bank and credit cards
- information about your financial situation (creditworthiness data including scoring, i.e., data for assessing the economic risk)
- customer history
- data on your use of the telemedia offered by us (e.g., time of access to our websites, apps or newsletters, clicked pages/links of us or entries and comparable data)
- metadata/communication data (e.g., device information, IP addresses),
- video data
4. Recipients or categories of recipients of your data
Your personal data will only be transferred to third parties if
- you have given us consent to transmit data to third parties,
- this is necessary in accordance with Art. 6(1)(b) GDPR for the processing of client relationships with you (this includes in particular passing it on to the opposing party in proceedings and their representatives, in particular their attorneys, as well as courts and other public authorities for the purposes of correspondence, marketing measures, as well as for the asserting and defending of their rights),
- for purposes where we are obligated or entitled to give information, notification or to forward data,
- to the extent that external service providers commissioned by us process data as order processors or parties that assume certain functions (e.g., external data centers, support and maintenance of IT applications, archiving, document processing, call center services, compliance services, controlling, data screening for anti-money laundering purposes, data validation and data protection. plausibility check, data destruction, purchasing/procurement, customer administration, letter shops, marketing, media technology, research, risk controlling, billing, telephony, website management, auditing services, banks, printing plants or companies for data disposal, courier services, logistics, press relations work).
We will moreover refrain from transmitting your data to third parties if we have not informed you of such separately. If we commission service providers within the framework of processing an order, your data will be subject there to the security standards stipulated by us in order to adequately protect your data. In all other cases, recipients may only use the data for purposes for which the data have been sent to them.
Attorney-client privilege will remain unaffected. With regard to data that are subject to attorney-client privilege, the information will only be passed on with your agreement.
Within our firm, the internal departments and organizational units who need your data in order to fulfill our contractual and legal obligations, or within the framework of processing and implementation of our justified interest, will receive your data.
5. Duration of data storage
We process and store your data for the duration of our business relationship. This also includes the initiation of a contract (precontractual legal relationship) and the execution of a contract.
The personal data that we record for the clients will be stored until the end of the legal storage period for lawyers (6 years after the end of the calendar year in which you ceased being a client) and erased, unless we are obligated to store the data for longer in accordance with Art. 6(1)(c) GDPR as a result of storage and documentation obligations under tax and commercial law (under the German Commercial Code, Penal Code, or Tax Code), or if you have given your consent to longer storage in accordance with Art. 6(1)(a) GDPR.
Furthermore, special statutory provisions may require longer retention such as the preservation of evidence in connection with statutory time-barring provisions (statute of limitations). Under Sections 195 et seq. German Civil Code (BGB), the regular time-barring period is three years, but time-barring periods of up to 30 years may also be applicable.
If the data are no longer required to meet contractual or statutory obligations and rights, data will be routinely erased unless its further processing - for a limited period - is necessary to fulfil the purposes listed under item no. 2.2 due to an overriding legitimate interest. Such an overriding legitimate interest is deemed to be the case, for example, if it is not possible to erase the data as a result of the particular type of storage, if such is only possible at a disproportionately great expense, and processing for other purposes is excluded by appropriate technical and organizational measures.
6. Processing of your data in a third country or through an international organization
Data are transmitted to offices in countries outside the European Economic Area EU/EEA (third countries) whenever such is necessary to meet a contractual obligation towards you (e.g., if you are posted to another country), if such is required by law (e.g., notification obligations under tax law), if such is in the legitimate interest of us or a third party, or you have issued us with your consent to such.
At the same time, your data may be processed in a third country, including in connection with the involvement of service providers within the framework of the processing of the order. If no decision has been issued by the EU Commission regarding the presence of an appropriate level of data protection for the respective country, we warrant that your rights and freedoms will be reasonably protected and guarantied in accordance with EU data protection requirements through contractual agreements to this effect. We will provide you with detailed information on request.
You can request information on the suitable or appropriate guarantees and on the possibility of receiving a copy of these from the company data protection officer or the human resources department responsible for you.
7. Your data protection rights / rights of data subjects
If certain conditions are met, you can assert the following data protection rights against us:
7.1 Under Art. 7(3) GDPR, you may revoke the consent that you have issued to us at any time. The result of this is that we may no longer perform the data processing covered by this consent in future.
7.2 Under Art. 15 GDPR, you have the right to obtain information on your personal data processed by us (where applicable, with limitations in accordance with Section 34 Federal Data Protection Act).
7.3 Upon request, we will rectify or complete data stored on you in accordance with Art. 16 GDPR if such data are inaccurate or incorrect.
7.4 Upon your request, we will erase your data in accordance with the principles of Art. 17 GDPR, unless we are prohibited from doing so by other statutory provisions (e.g., statutory retention obligations or the restrictions laid down in Section 35 Federal Data Protection Act) or an overriding interest on our part (for example, to defend our rights and claims).
7.5 Taking into account the preconditions laid down in Art. 18 GDPR, you may request us to restrict the processing of your data.
7.6 In accordance with the provisions of Art. 20 GDPR, you also have the right to receive the personal data concerning you in a structured, commonly used and machine-readable format or to transmit such data to a third party.
7.7 Furthermore, you may file an objection to the processing of your data in accordance with Art. 21 GDPR, as a result of which we are obliged to stop processing your data. This right of objection only applies, however, if very special circumstances characterize your personal situation, whereby the rights of our firm may stand in the way of your right of objection.
7.8 You also have the right to revoke consent, issued to us to process personal data, at any time with effect for the future.
7.9 In addition, you have the right to complain to a data protection supervisory authority (Art. 77 GDPR). We recommend, however, that complaints should always initially be sent to our Data Protection Officer.
Your applications regarding the exercising of your rights should, if possible, be addressed in writing to the abovementioned address or directly to our Data Protection Officer.
8. Scope of your obligation to provide us with your data
You only need to provide data that are necessary for the commencement and performance of the business relationship, for a precontractual relationship with us, or if we are obliged to collect the data by law. Without these data, we are generally not able to conclude the agreement or continue to perform it. This may also relate to data that are required later within the framework of the contractual relationship. If we request data from you above and beyond this, you will be informed about the voluntary nature of the information separately.
Information on your right of objection under Art. 21 GDPR
1. You have the right to file an objection at any time against processing of your data carried out on the basis of Art. 6(1)(f) GDPR (data processing on the basis of a weighing-up of interests) or Art. 6(1)(e) GDPR (data processing in the public interest). The precondition for this is, however, that there are grounds for your objection emanating from your special personal situation. This also applies to profiling based on this provision within the meaning of Art. 4(4) GDPR.
If you file an objection, we will no longer process your personal data unless we can demonstrate compelling reasons warranting protection for the processing that outweigh your interests, rights and freedoms, or the processing serves the purpose of asserting, exercising or defending legal claims.
2. We also process your personal data in order to perform direct advertising. If you do not want to receive any advertising, you have the right to file an objection against this at any time. This also applies to the profiling to the extent that it is connected with such direct advertising. We will respect this objection with effect for the future.
We will no longer process your data for the purpose of direct advertising if you object to processing for this purpose.
The objection may be filed without adhering to any formal requirements and should be sent to
Heuking Kühn Lüer Wojtek PartGmbB
Data Protection Officer Herr Harald Eul
(HEC Harald Eul Consulting GmbH)
Georg-Glock-Strasse 4
D-40474 Düsseldorf, Germany
Email: dsb@heuking.de
Our Privacy Policy and the information on data protection related to our data processing in accordance with Articles 13, 14 and 21 GDPR may change from time to time. All changes will be published on this site. Older versions can be viewed in an archive.
Data Protection Information last updated: February 12, 2019
Part 2
SUPPLEMENTARY DATA PROTECTION STATEMENT FOR OUR WEBSITE
Thank you very much for your interest in our online presence. The protection of your personal data is very important to us. We would like to inform you of the use of cookies, analysis tools, and the possible effects on personal data on our website.
1. Cookies and opt-out right in direct advertising
We use temporary and permanent cookies, i.e., small files that are stored on the devices of users (for clarification of the term and the function, see the last section of this data protection information). The cookies serve the purpose of security and are necessary for the operation of our website (e.g., for the presentation of the website) or to save the user’s decision when confirming the cookie banner. In addition, either we or our technology partner use cookies for reach measurement and marketing purposes, of which our users are informed in the Data Protection Statement.
You may generally opt out of the use of the cookies, used for the purposes of online marketing, for many services, above all with respect to tracking, via the US-based website http://www.aboutads.info/choices/ or via the EU-based website www.youronlinechoices.com. In addition, the storage of cookies may be achieved by deactivating them in the browser settings. Please note that it may not be possible to use all of the functions of this website in this case.
2. Recording of access data and log files
We record data on each access to our server on which the service is located (server log files) on the basis of our justified interest in accordance with Art. 6(1)(f) GDPR. The access data include the name of the website accessed, file, date, and time of the access, quantity of data transferred, reporting of successful access, browser type and version, the user’s operating system, referrer URL (the page visited previously), IP address, and the enquiring provider.
Log file information will be stored for security reasons (e.g., to clarify misuse or fraud actions) for a maximum period of seven days and then erased. Data that have to be stored for the purposes of evidence are excluded from erasure until the final clarification of the matter in question.
3. Online presence in social media
We maintain an online presence within social networks and platforms in order to communicate with the clients, interested parties, and users who are active there and to be able to inform them there about our services. When accessing the relevant networks and platforms, the terms and conditions of business and the data processing guidelines of their operators apply.
Unless otherwise stated in our Data Protection Statement, we process user data if they communicate with us within the social networks and platforms, e.g., contributions to our online presence or sending messages.
4. Cookies & reach measurement
Cookies are information transferred from our web server or third-party web servers to the web browser of the users and are stored there to be accessed later. Cookies may be small files or other kinds of information storage.
We use session cookies that are only stored for the duration of the current visit to our website (e.g., in order to enable the storage of your login status or the shopping cart function and therefore actually make it possible for you to use our website at all). A randomly generated clear identification number will be stored in a session cookie. This is known as a session ID. In addition, a cookie contains information on its origin and the duration of storage. These cookies cannot store any other data. Session cookies are deleted when you end the use of our website and log out or close the browser.
Users will be informed of the use of cookies as part of pseudonymous reach measurement in this data protection information.
If users do not wish cookies to be stored on their computer, they are requested to deactivate the appropriate option in the system settings for their browsers. Stored cookies can be deleted in the system settings of the browser. Excluding cookies from your computer can result in restricted functioning of this online content.
You may opt out from the use of cookies that serve the purpose of reach measurement and advertising via the deactivation site of the network advertising initiative (http://optout.networkadvertising.org/) and additionally the US-based website (http://www.aboutads.info/choices) or the European-based website (http://www.youronlinechoices.com/uk/your-ad-choices/).
5. Google Analytics
On the basis of our justified interests (i.e., an interest in the analysis, optimization, and economic operation of our website as defined under Art. 6(1)(f) GDPR), we use Google Analytics, a web analysis service provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland, (Google). Google uses cookies. The information created by the cookie about the use of the website by the user is generally transferred to one of Google’s servers in the USA and is stored there.
Google is certified under the Privacy Shield framework and therefore guarantees compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
Google will use this information on our behalf to analyze the use of our online content by the users and to compile reports on activities within the online content in order to perform further services associated with the use of this online content for us. As part of this process, pseudonymous user profiles for the users can be created from the processed data.
We use Google Analytics to ensure that we only display the advertisements provided as part of the advertising services provided by Google and its partners to users who have shown an interest in our website or who display certain features (e.g., interest in certain topics or products, which is determined on the basis of the websites that are visited), which we send to Google (this is known as remarketing, or Google Analytics audiences). We use remarketing audiences to ensure that our advertisements are in line with the potential interest of the user, rather than being an irritation.
We only use Google Analytics with IP anonymization activated. This means that Google abbreviates the IP address of the user in the member states of the European Union, or in other signatory countries of the Agreement on the European Economic Area. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and then abbreviated there.
The IP address transmitted from the user’s browser is not combined with other data by Google. Users can prevent the storage of cookies by configuring their browser settings appropriately; users can also prevent the recording of the data generated by the cookie and the data collected as a result of their use of the online content to Google, as well as its processing by Google. This can be done by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de.
As an alternative to the browser plugin or in browsers on mobile devices, please click on the following link in order to set up an opt-out cookie, which prevents recording by Google Analytics on this website in future (this opt-out cookie only functions in this browser and only for this domain, delete your cookies in this browser, then click on this link again):
You can find further information on the use of data by Google, as well as options for settings and opt-out on Google’s website: https://www.google.com/intl/de/policies/privacy/partners (“How Google uses information from sites or apps that use our services”), https://policies.google.com/technologies/ads (“How Google uses cookies in advertising”), https://adssettings.google.com/authenticated (“Make the ads you see more useful to you”).
Google-Re/Marketing Services
We use the marketing and remarketing services (abbreviated to “Google Marketing Services”) of Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland, (“Google”) on the basis of our justified interests (i.e., interest in the analysis, optimization, and economic operation of our online content as defined under Art. 6(1)(f) GDPR).
Google is certified under the Privacy Shield framework and therefore guarantees compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
Google Marketing Services allow us to show advertisements for and on websites in a more targeted way, in order only to present users with advertisements that may be of interest to them. If, for example, users are shown advertisements for products that they have shown an interest in on other websites, this is known as “remarketing.” For these purposes, when our website and other websites on which Google Marketing Services are active are accessed, a code is executed by Google and (re)marketing tags (invisible graphics or codes, which are also known as "web beacons") are incorporated into the website. These are used to save an individual cookie on the user’s device, i.e., a small file (comparable technologies can also be used instead of cookies). The cookies can be created by various different domains, including google.com, doubleclick.net, invitemedia.com, admeld.com, googlesyndication.com, or googleadservices.com. This file records which websites users look at, what content they show an interest in, and which offerings they click on. The file also contains technical information about the browser and operating system, referring websites, duration of the visit, as well as other information about the use of the online content. The IP addresses of users are also recorded, although we state within Google Analytics that the IP addresses are abbreviated within the member states of the European Union or in other signatory states of the Agreement on the European Economic Area, and only in exceptional cases sent in full to a Google server in the USA and abbreviated there. The IP address is not combined with the users’ data within other offers from Google. Google can also combine the aforementioned information with information from other sources. If users then visit other websites, they can be shown advertisements tailored to their interests.
The users’ data is processed in a pseudonymous manner within Google Marketing Services. This means that Google does not process the name or email addresses of the users, but rather processes the relevant data based on cookies within pseudonymized user profiles. This means that from the point of view of Google, the information is not managed and viewed for a concrete, identified person, but rather for the cookie owner, irrespective of who this cookie owner is. This does not apply if a user has expressly given Google permission to process the data without this pseudonymization. The information collected by Google Marketing Services about the users is transmitted to Google and stored on Google’s servers in the USA.
In addition, we may use the "Google Tag Manager" in order to incorporate the Google analysis and marketing services into our website and to manage them.
Additional information on data use for marketing purposes by Google is available at https://policies.google.com/technologies/ads, the Google Data Protection Statement is available at https://policies.google.com/privacy.
If you want to opt-out of interest-based advertising by Google Marketing Services, you can make use of the settings and opt-out options provided by Google: https://adssettings.google.com/authenticated.
6. Facebook Social Plugins
We use social plugins ("plugins") provided by the social network facebook.com, operated by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland on the basis of our justified interests (i.e., interest in the analysis, optimization, and economic operation of our website as defined in Art. 6(1)(f) GDPR). The plugins can be interaction elements or contents (e.g., videos, graphics, or text contributions) and can be identified by the Facebook logo (white “f” on a blue square, the term "like,” or the thumbs up sign) or are marked with the addition of "Facebook Social Plugin.” The list and design of the Facebook Social Plugins are available at https://developers.facebook.com/docs/plugins/.
Facebook is certified under the Privacy Shield framework and therefore guarantees compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active).
If a user accesses a function of this online content that contains a plugin of this kind, its device creates a direct connection with Facebook’s servers. The content of the plugins is sent directly from Facebook to the user’s device and incorporated into the website by Facebook. In this process, user profiles may be created for users based on the processed data. We therefore have no influence on the scope of the data that Facebook records using these plugins and we therefore inform users based on the knowledge we have.
Facebook receives information that a user has accessed the corresponding page of the website by means of the incorporation of the plugins. If the user is logged in to Facebook, Facebook can allocate the visit to its Facebook account. If users interact with the plugins, for example by clicking the like button or submitting a comment, the corresponding information will be sent directly from your device to Facebook and saved there. If a user is not a member of Facebook, it is still possible for Facebook to determine and save the user’s IP address. According to Facebook, in Germany only an anonymized IP address is stored.
The purpose and scope of the recording of data and the further processing and use of the data by Facebook, as well as the rights and setting options for the protection of users’ privacy can be found in Facebook’s data protection information at: https://www.facebook.com/about/privacy/.
If users are Facebook members and do not want Facebook to collect information about them and link it to their data stored with Facebook, they need to log out of Facebook and delete the cookies. Other settings and opt-outs regarding the use of data for advertising purposes are possible within Facebook’s profile settings: https://www.facebook.com/settings?tab=ads or via the US-based website http://www.aboutads.info/choices/ or via the EU-based website http://www.youronlinechoices.com/. The settings are implemented irrespective of the platform, i.e., they are applied to all devices, from desktop computer to mobile devices.
7. Newsletters
Below, we inform you about content of our newsletters, as well as the processes for registration, distribution, and statistical evaluation, as well as your right to opt out. By subscribing to our newsletter, you state that you agree to receive it and to the processes described.
Content of the newsletters: we send newsletters, emails, and other electronic notifications with promotional information (hereinafter: “Newsletter”) only with the consent of the recipient or with legal permission. If the content of a registration to receive a newsletter is outlined in concrete terms within the registration, that content will be decisive with regard to the consent of the user. In addition, our newsletters contain information about our events, offers, campaigns, and our company.
Double opt-in and logging: registering to receive our newsletter takes place in a “double opt-in procedure,” i.e., after registration you will receive an email in which you will be asked to confirm your registration. This confirmation is necessary so that no one can register with someone else’s email address. A log is kept of registrations for the Newsletter in order to be able to prove that the registration process took place in accordance with the legal requirements. This includes the saving of the time of registration and confirmation, as well as the IP address. A record will be kept of changes in your data and stored by the distribution provider.
Distribution provider: the newsletters are generally distributed by a distribution provider, CleverReach GmbH & Co. KG, Mühlenstr. 43, 26180 Rastede, Germany, hereinafter referred to as the “Distribution Provider.” The distribution provider’s Privacy Policy is available at https://www.cleverreach.com/en/privacy-policy/.
In addition, the distribution provider may use these data in a pseudonymized form based on its own information, i.e., without allocation to a user, in order to optimize or improve its own services, e.g., for technical optimization of the distribution and the presentation of the newsletter or for statistical purposes in order to determine which country the recipients come from. The distribution provider will not, however, use the data of our newsletter recipients to write to them itself, nor will it pass on the data to third parties.
Registration data: to register for the Newsletter, it is sufficient to enter your email address. As an option, please enter a name so that we can address you personally in the Newsletter.
Performance measurement: the newsletters contain a “web beacon,” i.e., a pixel-sized file that is accessed by the server of the distribution provider when the Newsletter is opened. During this access, initially technical information, such as information about the browser and your system, as well as your IP address and the time of access, will be collected. This information will be used for the technical improvement of the services based on the technical data or the target groups and their reading behavior based on the locations of access (which can be determined with the aid of the IP address) or the access times. The statistical records will also include the determination of whether the Newsletters are opened, when they are opened, and what links are clicked on. For technical reasons, it is possible to allocate this information to the individual Newsletter recipients. It is, however, not our aim, or that of the Distribution Provider, to monitor individual users. Rather, the analysis serves the purpose of recognizing the reading habits of our users and adjusting our content to suit them or to send different information in line with the interests of our users.
Germany: the distribution of the Newsletter and performance measurement take place on the basis of consent from the recipient in accordance with Art. 6 6(1)(a), Art. 7 in conjunction with Section 7(2)(3) German Act Against Unfair Competition or on the basis of legal permission in accordance with Section 7(3) Act Against Unfair Competition.
The recording of the registration procedure is performed on the basis of our justified interests in accordance with Art. 6(1)(f) GDPR and serves as proof of consent to receipt of the newsletter.
Termination/cancellation: you can terminate your agreement to receipt of our newsletter at any time, i.e., revoke your consent. You will find a link to the termination option for the newsletter at the end of each newsletter. If the user has only registered for the newsletter, his/her personal data will be erased.
8. Incorporation of third-party services and content
On the basis of our justified interest (i.e., an interest in the analysis, optimization, and economic operation of our website in accordance with Art. 6(1)(f) GDPR), our website offers content and services from third party providers in order to incorporate their content and services, such as videos and fonts (hereinafter referred to collectively as “Content”). The prerequisite for this is that the third-party providers of this Content have to use the IP address of the user because, without the IP address, they cannot send the Content to the browser. The IP address is therefore necessary for the provision of this Content. We make every effort only to use Content if the providers only use the IP address for the provision of the Content. Third-party suppliers can also use “pixel tags” (invisible graphics also known as "web beacons") for statistical or marketing purposes. The "pixel tags" can be used to evaluate information on the user traffic to the pages of this website. The pseudonymous information can also be stored in cookies on the user’s device and, among other things, includes technical information about the browser and operating system, referring websites, visit times, and also other information on the use of our online content. This information can also be connected with information of this kind from other sources.
The following description offers an overview of third-party providers, as well as their content, and also links to their data protection statements, which contain further details on the processing of data and opt-out options, some of which have already been mentioned:
- External fonts by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland, https://www.google.com/fonts (“Google Fonts”). The incorporation of the Google fonts is performed by means of server access at Google (generally in the USA). Data protection statement: https://policies.google.co/privacy, Opt-out: https://adssettings.google.com/authenticated.
- Maps of the “Google Maps” service by third-party provider Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland,. Data protection statement: https://www.google.com/policies/privacy/, Opt-out: https://www.google.com/settings/ads/.
- We incorporate the function for recognizing bots, e.g., when completing online forms ("ReCaptcha") of the provider Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland. Data protection statement: https://www.google.com/policies/privacy/, Opt-out: https://adssettings.google.com/authenticated.
- Videos of the “YouTube” service by third-party provider Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland. Data protection statement: https://policies.google.com/privacy, Opt-out: https://adssettings.google.com/authenticated .
- Our website includes Google+ services. These functions are provided by third-party provider Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland. If you are logged into your Google+ account, you can link your Google+ profile to the content of our pages by clicking the Google+ button. This means that Google can allocate the visit to our pages to your user account. Please note that, as the provider of the pages, we have no knowledge of the content of the data transmitted or how the data are used by Google+. Data protection statement: https://policies.google.com/privacy , Opt-out: https://adssettings.google.com/authenticated.
- As part of our online offering, we use the marketing functions (“LinkedIn Insight Tag”) of the LinkedIn network. The provider is LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA. Each time one of our pages containing LinkedIn functions is accessed, a connection is made with LinkedIn’s servers. LinkedIn is informed that you have visited our website with your IP address. We can use the LinkedIn Insight Tag in particular to analyze the success of our campaigns in LinkedIn or determine target groups for these on the basis of the interaction of the users with our website. If you are registered with LinkedIn, LinkedIn is able to allocate your interactions with our website to your user account. Also, if you click on the LinkedIn “recommend button” and are logged in to your LinkedIn account, it is possible for LinkedIn to allocate your visit to our website to you and to your user account. LinkedIn is certified under the Privacy Shield framework and therefore guarantees compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000L0UZAA0&status=Active). Data protection statement: https://www.linkedin.com/legal/privacy-policy, Opt-out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
- The functions of the Twitter service or platform may be incorporated into our website (hereinafter referred to as “Twitter”). Twitter is offered by Twitter, Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. The functions include the presentation of our contributions in Twitter within our website, links to our profile at Twitter, and the option of interacting with contributions and functions of Twitter, as well as measuring whether users access our online content via our advertisements on Twitter (“conversion measurement”). Twitter is certified under the Privacy Shield agreement and therefore guarantees compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000TORzAAO&status=Active) Data protection statement: https://twitter.com/de/privacy, Opt-out: https://twitter.com/personalization.
- We use functions of the XING network. The provider is XING AG, Dammtorstrasse 29-32, 20354 Hamburg, Germany. Each time our web pages containing the Xing functions are accessed, a connection is made to the Xing servers. As far as we are aware, personal data are not saved in this process. In particular, no IP addresses are saved and the usage behavior is not analyzed. Privacy Policy: https://www.xing.com/app/share?op=data_protection.
- External code of the JavaScript framework “jQuery,” provided by third-party provider jQuery Foundation, https://jquery.org.
- We use functions of the URL service bitly. The provider is bitly, Inc. 139 5th Avenue, 5th Floor, New York, NY 10010, USA. Data protection statement: https://bitly.com/pages/privacy.
- We use the event organization tools provided by Altares. The provider is altares GmbH & Co. KG, Wiesenstrasse 21a, 40549 Düsseldorf, Germany. The invitation and participant management for our events is performed partially online using Altares’s software and servers. There is no explicit commissioning for the processing of data but the possibility of personal data being accessed during testing and maintenance cannot be ruled out. Data protection statement: https://www.altares.de/index.php/datenschutzhinweis.
Data Protection Information last updated: February 12, 2019
(Last updated May 30, 2018)
Part 1
INFORMATION ON DATA PROTECTION RELATED TO OUR PROCESSING UNDER ARTICLES 13, 14 AND 21 GENERAL DATA PROTECTION REGULA-TION (GDPR)
We take data protection very seriously and inform you herein how we process your data and what claims and rights you are entitled to under data protection regulations.
1. Data Controller and contact details
Data Controller:
Heuking Kühn Lüer Wojtek PartGmbB
Georg-Glock-Strasse 4
D-40474 Düsseldorf, Germany
Contact details of our Data Protection Officer (also Data Protection Officer of all notaries working in the law firm):
Heuking Kühn Lüer Wojtek PartGmbB
Data Protection Officer Mr. Harald Eul
(HEC Harald Eul Consulting GmbH)
Georg-Glock-Strasse 4
D-40474 Düsseldorf, Germany
Email: dsb@heuking.de
2. Purposes and legal basis upon which we process your data
We process personal data in accordance with the stipulations of the General Data Protection Regula-tion (GDPR), the German Federal Data Protection Act (Bundesdatenschutzgesetz - BDSG), and other applicable data protection provisions (details are provided below). The details on which data are processed and how they are used largely depend on the services requested or agreed in each case. If you retain our law firm, we will collect the following information in particular:
- contact person (title, first name, last name),
- email address(es),
- street address,
- phone number (landline and/or mobile),
- user data (websites accessed, interest in contents, access times)
- meta/communication data (e.g., device information, IP addresses)
- information necessary for asserting and defending your rights as part of retaining our law firm.
Further details or additions to the purposes of data processing can be found in the respective contract documents, in forms, in a declaration of consent and/or other information provided to you (e.g., in the context of the use of our website or in our terms and conditions).
This Data Protection Information may be updated from time to time and is available on our website https://www.heuking.de/en/data-protection-provisions.html.
2.1 Purposes necessary for performance of a contract or precontractual measures (Art. 6(1)(b) GDPR)
The processing of personal data is performed at your request for the performance of our contracts with you and for the performance of your orders, as well as for the performance of measures and activities within the scope of precontractual relationships, e.g., with interested parties. The collection of these data is performed mainly
- in order to be able to identify you as a client,
- in order to be able to provide you with legal advice and represent you in an appropriate manner,
- for correspondence with you,
- for accounting purposes,
- for processing of any liability claims that exist, as well as the assertion of any claims against you,
- for measures for the control and optimization of business processes,
- for the traceability of transactions, orders, and other agreements,
- to guarantee IT security (including system or plausibility tests),
- for emergency management,
- to fulfill the general duties of care,
- to safeguard and enforce domestic authority (e.g., by means of access controls),
- for cost recording and controlling, as well as for reporting.
2.2 Purposes within the framework of your consent (Art. 6(1)(a) GDPR)
Your personal data may also be processed for certain purposes (e.g., use of company communication systems for private purposes; photographs/videos of you for publication in the Intranet/Internet) includ-ing as a result of your consent. As a rule, you may revoke this consent at any time. This also applies to the revoking of declarations of consent that were issued to us before the GDPR went into effect, i.e., prior to May 25, 2018. You will be informed sepa-rately about the consequences of revocation or refusal to provide consent in the respective text of the consent.
Generally, revocation of consent only applies to the future. Processing carried out prior to consent be-ing issued is not affected and remains lawful.
2.3 Purposes within the framework of a legitimate interest on our part or of third parties (Art. 6(1)(f) GDPR)
Beyond the actual fulfilment of the (pre-)agreement, we process your data whenever this is necessary to protect legitimate interests of our own or of third parties, in particular for the following purposes:
- advertising or market and opinion research, unless you have objected to the use of your data;
- sending newsletters with information on current legal topics and events organized by the law firm;
- obtaining information and exchanging data with credit agencies where this goes beyond our economic risk;
- the checking and optimization of processes for requirements analysis;
- the further development of services and products as well as existing systems and processes;
- the disclosure of personal data within the framework of due diligence in the course of company sale negotiations;
- for comparison with European and international anti-terror lists, insofar as this goes beyond the legal obligations;
- the enrichment of our data, e.g., by using or researching publicly accessible data;
- statistical evaluations or market analysis;
- benchmarking;
- the assertion of legal claims and defense in legal disputes which are not directly attributable to the contractual relationship;
- the restricted processing of data, if erasure is not possible or only possible with disproportionately high effort due to the particular type of storage;
- the development of scoring systems or automated decision-making processes;
- the prevention and investigation of criminal offences, if not exclusively for the fulfilment of legal requirements;
- building and plant security (e.g., by means of access control and video surveillance), insofar as this goes beyond the general duties of care;
- internal and external investigations, safety reviews;
- any monitoring or recording of telephone conversations for quality control and training purposes;
- obtaining and maintenance of certifications of a private-law or official government nature;
- the safeguarding and exercise of domestic authority by means of appropriate measures as well as video surveillance for the protection of our customers and employees as well as for securing evidence in the event of criminal offences and their prevention.
2.4 Purposes necessary for compliance with a legal obligation (Art. 6(1)(c) GDPR) or for the performance of a task carried out in the public interest (Art. 6(1)(e) GDPR)
Like all players in business life, we are also subject to a large number of legal obligations. These are primarily statutory requirements (e.g., commercial and tax laws), but also if applicable supervisory law or other requirements set out by government authorities. The purposes of processing may also include identity and age checks, prevention of fraud and money laundering (e.g., comparisons with European and international anti-terror lists), compliance with control and notification obligations under tax law as well as the archiving of data for the purposes of data protection and data security as well as for purposes of audits by tax advisors/auditors, fiscal and other government authorities. In addition, it may be necessary to disclose personal data within the framework of official government/court measures for the purposes of collecting evidence, law enforcement and criminal prosecution or the satisfaction of civil law claims.
3. The categories of data that we process if we do not receive data directly from you, and their origin
If necessary for the contractual relationship with you and the activities performed by you, we may process data which we lawfully receive from other offices or other third parties (e.g., credit agencies, publishers of address databases, journalist databases). In addition, we process personal data that we have lawfully collected, received or acquired from publicly accessible sources (such as commercial registers and association registers, civil registers, the press, Internet and other media) if such is necessary and we are allowed to process these data in accordance with statutory provisions.
Relevant personal data categories may be, in particular:
- personal data (name, date of birth, place of birth, nationality, marital status, occupation/trade and comparable data),
- contact data (address, e-mail address, telephone number and similar data)
- address data (population register data and comparable data)
- payment confirmation/confirmation of cover for bank and credit cards
- information about your financial situation (creditworthiness data including scoring, i.e., data for assessing the economic risk)
- customer history
- data on your use of the telemedia offered by us (e.g., time of access to our websites, apps or newsletters, clicked pages/links of us or entries and comparable data)
- metadata/communication data (e.g., device information, IP addresses),
- video data
4. Recipients or categories of recipients of your data
Your personal data will only be transferred to third parties if
- you have given us consent to transmit data to third parties,
- this is necessary in accordance with Art. 6(1)(b) GDPR for the processing of client relationships with you (this includes in particular passing it on to the opposing party in proceedings and their representatives, in particular their attorneys, as well as courts and other public authorities for the purposes of correspondence, marketing measures, as well as for the asserting and defending of their rights),
- for purposes where we are obligated or entitled to give information, notification or to forward data,
- to the extent that external service providers commissioned by us process data as order processors or parties that assume certain functions (e.g., external data centers, support and maintenance of IT applications, archiving, document processing, call center services, compliance services, controlling, data screening for anti-money laundering purposes, data validation and data protection. plausibility check, data destruction, purchasing/procurement, customer administration, letter shops, marketing, media technology, research, risk controlling, billing, telephony, website management, auditing services, banks, printing plants or companies for data disposal, courier services, logistics, press relations work).
We will moreover refrain from transmitting your data to third parties if we have not informed you of such separately. If we commission service providers within the framework of processing an order, your data will be subject there to the security standards stipulated by us in order to adequately protect your data. In all other cases, recipients may only use the data for purposes for which the data have been sent to them.
Attorney-client privilege will remain unaffected. With regard to data that are subject to attorney-client privilege, the information will only be passed on with your agreement.
Within our firm, the internal departments and organizational units who need your data in order to fulfill our contractual and legal obligations, or within the framework of processing and implementation of our justified interest, will receive your data.
5. Duration of data storage
We process and store your data for the duration of our business relationship. This also includes the initiation of a contract (precontractual legal relationship) and the execution of a contract.
The personal data that we record for the clients will be stored until the end of the legal storage period for lawyers (6 years after the end of the calendar year in which you ceased being a client) and erased, unless we are obligated to store the data for longer in accordance with Art. 6(1)(c) GDPR as a result of storage and documentation obligations under tax and commercial law (under the German Commercial Code, Penal Code, or Tax Code), or if you have given your consent to longer storage in accordance with Art. 6(1)(a) GDPR.
Furthermore, special statutory provisions may require longer retention such as the preservation of evidence in connection with statutory time-barring provisions (statute of limitations). Under Sections 195 et seq. German Civil Code (BGB), the regular time-barring period is three years, but time-barring periods of up to 30 years may also be applicable.
If the data are no longer required to meet contractual or statutory obligations and rights, data will be routinely erased unless its further processing - for a limited period - is necessary to fulfil the purposes listed under item no. 2.2 due to an overriding legitimate interest. Such an overriding legitimate interest is deemed to be the case, for example, if it is not possible to erase the data as a result of the particular type of storage, if such is only possible at a disproportionately great expense, and processing for other purposes is excluded by appropriate technical and organizational measures.
6. Processing of your data in a third country or through an international organization
Data are transmitted to offices in countries outside the European Economic Area EU/EEA (third countries) whenever such is necessary to meet a contractual obligation towards you (e.g., if you are posted to another country), if such is required by law (e.g., notification obligations under tax law), if such is in the legitimate interest of us or a third party, or you have issued us with your consent to such.
At the same time, your data may be processed in a third country, including in connection with the involvement of service providers within the framework of the processing of the order. If no decision has been issued by the EU Commission regarding the presence of an appropriate level of data protection for the respective country, we warrant that your rights and freedoms will be reasonably protected and guarantied in accordance with EU data protection requirements through contractual agreements to this effect. We will provide you with detailed information on request.
You can request information on the suitable or appropriate guarantees and on the possibility of receiving a copy of these from the company data protection officer or the human resources department responsible for you.
7. Your data protection rights / rights of data subjects
If certain conditions are met, you can assert the following data protection rights against us:
7.1 Under Art. 7(3) GDPR, you may revoke the consent that you have issued to us at any time. The result of this is that we may no longer perform the data processing covered by this consent in future.
7.2 Under Art. 15 GDPR, you have the right to obtain information on your personal data processed by us (where applicable, with limitations in accordance with Section 34 Federal Data Protection Act).
7.3 Upon request, we will rectify or complete data stored on you in accordance with Art. 16 GDPR if such data are inaccurate or incorrect.
7.4 Upon your request, we will erase your data in accordance with the principles of Art. 17 GDPR, unless we are prohibited from doing so by other statutory provisions (e.g., statutory retention obligations or the restrictions laid down in Section 35 Federal Data Protection Act) or an overriding interest on our part (for example, to defend our rights and claims).
7.5 Taking into account the preconditions laid down in Art. 18 GDPR, you may request us to restrict the processing of your data.
7.6 In accordance with the provisions of Art. 20 GDPR, you also have the right to receive the personal data concerning you in a structured, commonly used and machine-readable format or to transmit such data to a third party.
7.7 Furthermore, you may file an objection to the processing of your data in accordance with Art. 21 GDPR, as a result of which we are obliged to stop processing your data. This right of objection only applies, however, if very special circumstances characterize your personal situation, whereby the rights of our firm may stand in the way of your right of objection.
7.8 You also have the right to revoke consent, issued to us to process personal data, at any time with effect for the future.
7.9 In addition, you have the right to complain to a data protection supervisory authority (Art. 77 GDPR). We recommend, however, that complaints should always initially be sent to our Data Protection Officer.
Your applications regarding the exercising of your rights should, if possible, be addressed in writing to the abovementioned address or directly to our Data Protection Officer.
8. Scope of your obligation to provide us with your data
You only need to provide data that are necessary for the commencement and performance of the business relationship, for a precontractual relationship with us, or if we are obliged to collect the data by law. Without these data, we are generally not able to conclude the agreement or continue to perform it. This may also relate to data that are required later within the framework of the contractual relationship. If we request data from you above and beyond this, you will be informed about the voluntary nature of the information separately.
Information on your right of objection under Art. 21 GDPR
1. You have the right to file an objection at any time against processing of your data carried out on the basis of Art. 6(1)(f) GDPR (data processing on the basis of a weighing-up of interests) or Art. 6(1)(e) GDPR (data processing in the public interest). The precondition for this is, however, that there are grounds for your objection emanating from your special personal situation. This also applies to profiling based on this provision within the meaning of Art. 4(4) GDPR.
If you file an objection, we will no longer process your personal data unless we can demonstrate compelling reasons warranting protection for the processing that outweigh your interests, rights and freedoms, or the processing serves the purpose of asserting, exercising or defending legal claims.
2. We also process your personal data in order to perform direct advertising. If you do not want to receive any advertising, you have the right to file an objection against this at any time. This also applies to the profiling to the extent that it is connected with such direct advertising. We will respect this objection with effect for the future.
We will no longer process your data for the purpose of direct advertising if you object to processing for this purpose.
The objection may be filed without adhering to any formal requirements and should be sent to
Heuking Kühn Lüer Wojtek PartGmbB
Data Protection Officer Herr Harald Eul
(HEC Harald Eul Consulting GmbH)
Georg-Glock-Strasse 4
D-40474 Düsseldorf, Germany
Email: dsb@heuking.de
Our Privacy Policy and the information on data protection related to our data processing in accordance with Articles 13, 14 and 21 GDPR may change from time to time. All changes will be published on this site. Older versions can be viewed in an archive.
Data Protection Information last updated: May 30, 2018
Part 2
SUPPLEMENTARY DATA PROTECTION STATEMENT FOR OUR WEBSITE
Thank you very much for your interest in our online presence. The protection of your personal data is very important to us. We would like to inform you of the use of cookies, analysis tools, and the possible effects on personal data on our website.
1. Cookies and opt-out right in direct advertising
We use temporary and permanent cookies, i.e., small files that are stored on the devices of users (for clarification of the term and the function, see the last section of this data protection information). The cookies serve the purpose of security and are necessary for the operation of our website (e.g., for the presentation of the website) or to save the user’s decision when confirming the cookie banner. In addition, either we or our technology partner use cookies for reach measurement and marketing purposes, of which our users are informed in the Data Protection Statement.
You may generally opt out of the use of the cookies, used for the purposes of online marketing, for many services, above all with respect to tracking, via the US-based website http://www.aboutads.info/choices/ or via the EU-based website www.youronlinechoices.com. In addition, the storage of cookies may be achieved by deactivating them in the browser settings. Please note that it may not be possible to use all of the functions of this website in this case.
2. Recording of access data and log files
We record data on each access to our server on which the service is located (server log files) on the basis of our justified interest in accordance with Art. 6(1)(f) GDPR. The access data include the name of the website accessed, file, date, and time of the access, quantity of data transferred, reporting of successful access, browser type and version, the user’s operating system, referrer URL (the page visited previously), IP address, and the enquiring provider.
Log file information will be stored for security reasons (e.g., to clarify misuse or fraud actions) for a maximum period of seven days and then erased. Data that have to be stored for the purposes of evidence are excluded from erasure until the final clarification of the matter in question.
3. Online presence in social media
We maintain an online presence within social networks and platforms in order to communicate with the clients, interested parties, and users who are active there and to be able to inform them there about our services. When accessing the relevant networks and platforms, the terms and conditions of business and the data processing guidelines of their operators apply.
Unless otherwise stated in our Data Protection Statement, we process user data if they communicate with us within the social networks and platforms, e.g., contributions to our online presence or sending messages.
4. Cookies & reach measurement
Cookies are information transferred from our web server or third-party web servers to the web browser of the users and are stored there to be accessed later. Cookies may be small files or other kinds of information storage.
We use session cookies that are only stored for the duration of the current visit to our website (e.g., in order to enable the storage of your login status or the shopping cart function and therefore actually make it possible for you to use our website at all). A randomly generated clear identification number will be stored in a session cookie. This is known as a session ID. In addition, a cookie contains information on its origin and the duration of storage. These cookies cannot store any other data. Session cookies are deleted when you end the use of our website and log out or close the browser.
Users will be informed of the use of cookies as part of pseudonymous reach measurement in this data protection information.
If users do not wish cookies to be stored on their computer, they are requested to deactivate the appropriate option in the system settings for their browsers. Stored cookies can be deleted in the system settings of the browser. Excluding cookies from your computer can result in restricted functioning of this online content.
You may opt out from the use of cookies that serve the purpose of reach measurement and advertising via the deactivation site of the network advertising initiative (http://optout.networkadvertising.org/) and additionally the US-based website (http://www.aboutads.info/choices) or the European-based website (http://www.youronlinechoices.com/uk/your-ad-choices/).
5. Google Analytics
On the basis of our justified interests (i.e., an interest in the analysis, optimization, and economic operation of our website as defined under Art. 6(1)(f) GDPR), we use Google Analytics, a web analysis service provided by Google LLC (Google). Google uses cookies. The information created by the cookie about the use of the website by the user is generally transferred to one of Google’s servers in the USA and is stored there.
Google is certified under the Privacy Shield framework and therefore guarantees compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
Google will use this information on our behalf to analyze the use of our online content by the users and to compile reports on activities within the online content in order to perform further services associated with the use of this online content for us. As part of this process, pseudonymous user profiles for the users can be created from the processed data.
We use Google Analytics to ensure that we only display the advertisements provided as part of the advertising services provided by Google and its partners to users who have shown an interest in our website or who display certain features (e.g., interest in certain topics or products, which is determined on the basis of the websites that are visited), which we send to Google (this is known as remarketing, or Google Analytics audiences). We use remarketing audiences to ensure that our advertisements are in line with the potential interest of the user, rather than being an irritation.
We only use Google Analytics with IP anonymization activated. This means that Google abbreviates the IP address of the user in the member states of the European Union, or in other signatory countries of the Agreement on the European Economic Area. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and then abbreviated there.
The IP address transmitted from the user’s browser is not combined with other data by Google. Users can prevent the storage of cookies by configuring their browser settings appropriately; users can also prevent the recording of the data generated by the cookie and the data collected as a result of their use of the online content to Google, as well as its processing by Google. This can be done by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de.
As an alternative to the browser plugin or in browsers on mobile devices, please click on the following link in order to set up an opt-out cookie, which prevents recording by Google Analytics on this website in future (this opt-out cookie only functions in this browser and only for this domain, delete your cookies in this browser, then click on this link again):
You can find further information on the use of data by Google, as well as options for settings and opt-out on Google’s website: https://www.google.com/intl/de/policies/privacy/partners (“How Google uses information from sites or apps that use our services”), https://policies.google.com/technologies/ads (“How Google uses cookies in advertising”), https://adssettings.google.com/authenticated (“Make the ads you see more useful to you”).
Google-Re/Marketing Services
We use the marketing and remarketing services (abbreviated to “Google Marketing Services”) of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, (“Google”) on the basis of our justified interests (i.e., interest in the analysis, optimization, and economic operation of our online content as defined under Art. 6(1)(f) GDPR).
Google is certified under the Privacy Shield framework and therefore guarantees compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
Google Marketing Services allow us to show advertisements for and on websites in a more targeted way, in order only to present users with advertisements that may be of interest to them. If, for example, users are shown advertisements for products that they have shown an interest in on other websites, this is known as “remarketing.” For these purposes, when our website and other websites on which Google Marketing Services are active are accessed, a code is executed by Google and (re)marketing tags (invisible graphics or codes, which are also known as "web beacons") are incorporated into the website. These are used to save an individual cookie on the user’s device, i.e., a small file (comparable technologies can also be used instead of cookies). The cookies can be created by various different domains, including google.com, doubleclick.net, invitemedia.com, admeld.com, googlesyndication.com, or googleadservices.com. This file records which websites users look at, what content they show an interest in, and which offerings they click on. The file also contains technical information about the browser and operating system, referring websites, duration of the visit, as well as other information about the use of the online content. The IP addresses of users are also recorded, although we state within Google Analytics that the IP addresses are abbreviated within the member states of the European Union or in other signatory states of the Agreement on the European Economic Area, and only in exceptional cases sent in full to a Google server in the USA and abbreviated there. The IP address is not combined with the users’ data within other offers from Google. Google can also combine the aforementioned information with information from other sources. If users then visit other websites, they can be shown advertisements tailored to their interests.
The users’ data is processed in a pseudonymous manner within Google Marketing Services. This means that Google does not process the name or email addresses of the users, but rather processes the relevant data based on cookies within pseudonymized user profiles. This means that from the point of view of Google, the information is not managed and viewed for a concrete, identified person, but rather for the cookie owner, irrespective of who this cookie owner is. This does not apply if a user has expressly given Google permission to process the data without this pseudonymization. The information collected by Google Marketing Services about the users is transmitted to Google and stored on Google’s servers in the USA.
In addition, we may use the "Google Tag Manager" in order to incorporate the Google analysis and marketing services into our website and to manage them.
Additional information on data use for marketing purposes by Google is available at https://policies.google.com/technologies/ads, the Google Data Protection Statement is available at https://policies.google.com/privacy.
If you want to opt-out of interest-based advertising by Google Marketing Services, you can make use of the settings and opt-out options provided by Google: https://adssettings.google.com/authenticated.
6. Facebook Social Plugins
We use social plugins ("plugins") provided by the social network facebook.com, operated by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland on the basis of our justified interests (i.e., interest in the analysis, optimization, and economic operation of our website as defined in Art. 6(1)(f) GDPR). The plugins can be interaction elements or contents (e.g., videos, graphics, or text contributions) and can be identified by the Facebook logo (white “f” on a blue square, the term "like,” or the thumbs up sign) or are marked with the addition of "Facebook Social Plugin.” The list and design of the Facebook Social Plugins are available at https://developers.facebook.com/docs/plugins/.
Facebook is certified under the Privacy Shield framework and therefore guarantees compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active).
If a user accesses a function of this online content that contains a plugin of this kind, its device creates a direct connection with Facebook’s servers. The content of the plugins is sent directly from Facebook to the user’s device and incorporated into the website by Facebook. In this process, user profiles may be created for users based on the processed data. We therefore have no influence on the scope of the data that Facebook records using these plugins and we therefore inform users based on the knowledge we have.
Facebook receives information that a user has accessed the corresponding page of the website by means of the incorporation of the plugins. If the user is logged in to Facebook, Facebook can allocate the visit to its Facebook account. If users interact with the plugins, for example by clicking the like button or submitting a comment, the corresponding information will be sent directly from your device to Facebook and saved there. If a user is not a member of Facebook, it is still possible for Facebook to determine and save the user’s IP address. According to Facebook, in Germany only an anonymized IP address is stored.
The purpose and scope of the recording of data and the further processing and use of the data by Facebook, as well as the rights and setting options for the protection of users’ privacy can be found in Facebook’s data protection information at: https://www.facebook.com/about/privacy/.
If users are Facebook members and do not want Facebook to collect information about them and link it to their data stored with Facebook, they need to log out of Facebook and delete the cookies. Other settings and opt-outs regarding the use of data for advertising purposes are possible within Facebook’s profile settings: https://www.facebook.com/settings?tab=ads or via the US-based website http://www.aboutads.info/choices/ or via the EU-based website http://www.youronlinechoices.com/. The settings are implemented irrespective of the platform, i.e., they are applied to all devices, from desktop computer to mobile devices.
7. Newsletters
Below, we inform you about content of our newsletters, as well as the processes for registration, distribution, and statistical evaluation, as well as your right to opt out. By subscribing to our newsletter, you state that you agree to receive it and to the processes described.
Content of the newsletters: we send newsletters, emails, and other electronic notifications with promotional information (hereinafter: “Newsletter”) only with the consent of the recipient or with legal permission. If the content of a registration to receive a newsletter is outlined in concrete terms within the registration, that content will be decisive with regard to the consent of the user. In addition, our newsletters contain information about our events, offers, campaigns, and our company.
Double opt-in and logging: registering to receive our newsletter takes place in a “double opt-in procedure,” i.e., after registration you will receive an email in which you will be asked to confirm your registration. This confirmation is necessary so that no one can register with someone else’s email address. A log is kept of registrations for the Newsletter in order to be able to prove that the registration process took place in accordance with the legal requirements. This includes the saving of the time of registration and confirmation, as well as the IP address. A record will be kept of changes in your data and stored by the distribution provider.
Distribution provider: the newsletters are generally distributed by a distribution provider, CleverReach GmbH & Co. KG, Mühlenstr. 43, 26180 Rastede, Germany, hereinafter referred to as the “Distribution Provider.” The distribution provider’s Privacy Policy is available at https://www.cleverreach.com/en/privacy-policy/.
In addition, the distribution provider may use these data in a pseudonymized form based on its own information, i.e., without allocation to a user, in order to optimize or improve its own services, e.g., for technical optimization of the distribution and the presentation of the newsletter or for statistical purposes in order to determine which country the recipients come from. The distribution provider will not, however, use the data of our newsletter recipients to write to them itself, nor will it pass on the data to third parties.
Registration data: to register for the Newsletter, it is sufficient to enter your email address. As an option, please enter a name so that we can address you personally in the Newsletter.
Performance measurement: the newsletters contain a “web beacon,” i.e., a pixel-sized file that is accessed by the server of the distribution provider when the Newsletter is opened. During this access, initially technical information, such as information about the browser and your system, as well as your IP address and the time of access, will be collected. This information will be used for the technical improvement of the services based on the technical data or the target groups and their reading behavior based on the locations of access (which can be determined with the aid of the IP address) or the access times. The statistical records will also include the determination of whether the Newsletters are opened, when they are opened, and what links are clicked on. For technical reasons, it is possible to allocate this information to the individual Newsletter recipients. It is, however, not our aim, or that of the Distribution Provider, to monitor individual users. Rather, the analysis serves the purpose of recognizing the reading habits of our users and adjusting our content to suit them or to send different information in line with the interests of our users.
Germany: the distribution of the Newsletter and performance measurement take place on the basis of consent from the recipient in accordance with Art. 6 6(1)(a), Art. 7 in conjunction with Section 7(2)(3) German Act Against Unfair Competition or on the basis of legal permission in accordance with Section 7(3) Act Against Unfair Competition.
The recording of the registration procedure is performed on the basis of our justified interests in accordance with Art. 6(1)(f) GDPR and serves as proof of consent to receipt of the newsletter.
Termination/cancellation: you can terminate your agreement to receipt of our newsletter at any time, i.e., revoke your consent. You will find a link to the termination option for the newsletter at the end of each newsletter. If the user has only registered for the newsletter, his/her personal data will be erased.
8. Incorporation of third-party services and content
On the basis of our justified interest (i.e., an interest in the analysis, optimization, and economic operation of our website in accordance with Art. 6(1)(f) GDPR), our website offers content and services from third party providers in order to incorporate their content and services, such as videos and fonts (hereinafter referred to collectively as “Content”). The prerequisite for this is that the third-party providers of this Content have to use the IP address of the user because, without the IP address, they cannot send the Content to the browser. The IP address is therefore necessary for the provision of this Content. We make every effort only to use Content if the providers only use the IP address for the provision of the Content. Third-party suppliers can also use “pixel tags” (invisible graphics also known as "web beacons") for statistical or marketing purposes. The "pixel tags" can be used to evaluate information on the user traffic to the pages of this website. The pseudonymous information can also be stored in cookies on the user’s device and, among other things, includes technical information about the browser and operating system, referring websites, visit times, and also other information on the use of our online content. This information can also be connected with information of this kind from other sources.
The following description offers an overview of third-party providers, as well as their content, and also links to their data protection statements, which contain further details on the processing of data and opt-out options, some of which have already been mentioned:
- External fonts by Google, LLC., https://www.google.com/fonts (“Google Fonts”). The incorporation of the Google fonts is performed by means of server access at Google (generally in the USA). Data protection statement: https://policies.google.co/privacy, Opt-out: https://adssettings.google.com/authenticated.
- Maps of the “Google Maps” service by third-party provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA,. Data protection statement: https://www.google.com/policies/privacy/, Opt-out: https://www.google.com/settings/ads/.
- We incorporate the function for recognizing bots, e.g., when completing online forms ("ReCaptcha") of the provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Data protection statement: https://www.google.com/policies/privacy/, Opt-out: https://adssettings.google.com/authenticated.
- Videos of the “YouTube” service by third-party provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Data protection statement: https://policies.google.com/privacy, Opt-out: https://adssettings.google.com/authenticated .
- Our website includes Google+ services. These functions are provided by third-party provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. If you are logged into your Google+ account, you can link your Google+ profile to the content of our pages by clicking the Google+ button. This means that Google can allocate the visit to our pages to your user account. Please note that, as the provider of the pages, we have no knowledge of the content of the data transmitted or how the data are used by Google+. Data protection statement: https://policies.google.com/privacy , Opt-out: https://adssettings.google.com/authenticated.
- As part of our online offering, we use the marketing functions (“LinkedIn Insight Tag”) of the LinkedIn network. The provider is LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA. Each time one of our pages containing LinkedIn functions is accessed, a connection is made with LinkedIn’s servers. LinkedIn is informed that you have visited our website with your IP address. We can use the LinkedIn Insight Tag in particular to analyze the success of our campaigns in LinkedIn or determine target groups for these on the basis of the interaction of the users with our website. If you are registered with LinkedIn, LinkedIn is able to allocate your interactions with our website to your user account. Also, if you click on the LinkedIn “recommend button” and are logged in to your LinkedIn account, it is possible for LinkedIn to allocate your visit to our website to you and to your user account. LinkedIn is certified under the Privacy Shield framework and therefore guarantees compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000L0UZAA0&status=Active). Data protection statement: https://www.linkedin.com/legal/privacy-policy, Opt-out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
- The functions of the Twitter service or platform may be incorporated into our website (hereinafter referred to as “Twitter”). Twitter is offered by Twitter, Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. The functions include the presentation of our contributions in Twitter within our website, links to our profile at Twitter, and the option of interacting with contributions and functions of Twitter, as well as measuring whether users access our online content via our advertisements on Twitter (“conversion measurement”). Twitter is certified under the Privacy Shield agreement and therefore guarantees compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000TORzAAO&status=Active) Data protection statement: https://twitter.com/de/privacy, Opt-out: https://twitter.com/personalization.
- We use functions of the XING network. The provider is XING AG, Dammtorstrasse 29-32, 20354 Hamburg, Germany. Each time our web pages containing the Xing functions are accessed, a connection is made to the Xing servers. As far as we are aware, personal data are not saved in this process. In particular, no IP addresses are saved and the usage behavior is not analyzed. Privacy Policy: https://www.xing.com/app/share?op=data_protection.
- External code of the JavaScript framework “jQuery,” provided by third-party provider jQuery Foundation, https://jquery.org.
- We use functions of the URL service bitly. The provider is bitly, Inc. 139 5th Avenue, 5th Floor, New York, NY 10010, USA. Data protection statement: https://bitly.com/pages/privacy.
- We use the event organization tools provided by Altares. The provider is altares GmbH & Co. KG, Wiesenstrasse 21a, 40549 Düsseldorf, Germany. The invitation and participant management for our events is performed partially online using Altares’s software and servers. There is no explicit commissioning for the processing of data but the possibility of personal data being accessed during testing and maintenance cannot be ruled out. Data protection statement: https://www.altares.de/index.php/datenschutzhinweis.
Data Protection Information last updated: May 30, 2018
Data Protection Information Version March 1, 2016:
Thank you for your interest in our online presence. The protection of your personal data is very important to us. Therefore, we would like to inform you about the use of cookies, analysis tools and the possible effects on personal data on our webpage.
Object of the Data Protection
The object of data protection is personal data. According to Section 3(1) of the Federal Data Protection Act, these are individual details about personal or factual circumstances of a specific or specifiable natural person. They include, for example, details such as name, mailing address, e-mail, or telephone number, if necessary, however, also usage data such as your IP address.
Data Processing for a Specific Purpose
We use your data, with the exception of cookies, see below, only for the purpose for which you have communicated the data to us, for instance, sending a newsletter. No further use, in particular, any transmission to a third party will occur unless you have authorized us to do so.
Cookies
Our webpage uses "cookies." These involve text files, which are stored on your computer. In the case of registered users, they serve to permit recognition of the user or which contents a user has already viewed. They also permit an analysis of your use of the website, however. Information, for example, is acquired by cookies on the operating system, the browser, your IP address, the webpages previously accessed by you (referrer URL) and the date and time of your visit to our webpage. You may, however, deactivate the storage of cookies or set up your browser so that cookies are stored only for the duration of the respective connection to the Internet. We automatically make your IP address anonymous so that we are unable to draw any conclusion concerning you by means of it.
Google Analytics
This website uses Google Analytics, a web analytics service provided by Google, Inc. (“Google”). Google Analytics uses “cookies”, which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookie about your use of the website (including your IP address) will be transmitted to and stored by Google on servers in the United States. In case of activation of the IP anonymization, Google will truncate/anonymize the last octet of the IP address for Member States of the European Union as well as for other parties to the Agreement on the European Economic Area. Only in exceptional cases, the full IP address is sent to and shortened by Google servers in the USA. On behalf of the website provider Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage to the website provider. Google will not associate your IP address with any other data held by Google. You may refuse the use of cookies by selecting the appropriate settings on your browser. However, please note that if you do this, you may not be able to use the full functionality of this website. Furthermore you can prevent Google’s collection and use of data (cookies and IP address) by downloading and installing the browser plug-in available under tools.google.com/dlpage/gaoptout.
You can refuse the use of Google Analytics by clicking on the following link. An opt-out cookie will be set on the computer, which prevents the future collection of your data when visiting this website:
Further information concerning the terms and conditions of use and data privacy can be found at www.google.com/analytics/terms/gb.html or at www.google.de/intl/en_uk/policies/. Please note that on this website, Google Analytics code is supplemented by “anonymizeIp” to ensure an anonymized collection of IP addresses (so called IP-masking).
Right to Information and to Revocation
At any time without giving reasons you receive information free of charge about your data stored by us at www.heuking.de. At any time you can block, correct or have your data deleted by us via the homepage. You can also at any time object to these previously described data by sending us an e-mail to dsb@heuking.de. We are at your disposal at any time for further questions concerning our information on data protection and on the processing of your personal data.
Your Contact
Heuking Kühn Lüer Wojtek
Data protection officer Mr. Harald Eul
Georg-Glock-Straße 4
40474 Düsseldorf/Germany
E-Mail: dsb@heuking.de
Version: July 10, 2020
(Last updated July 10, 2020)
Part 1
INFORMATION ON DATA PROTECTION RELATED TO OUR PROCESSING UNDER ARTICLES 13, 14 AND 21 GENERAL DATA PROTECTION REGULATION (GDPR)
We take data protection very seriously and inform you herein how we process your data and what claims and rights you are entitled to under data protection regulations.
1. Data Controller and contact details
Data Controller:
Heuking Kühn Lüer Wojtek PartGmbB
Georg-Glock-Strasse 4
D-40474 Düsseldorf, Germany
Contact details of our Data Protection Officer (also Data Protection Officer of all notaries working in the law firm):
Heuking Kühn Lüer Wojtek PartGmbB
Data Protection Officer Mr. Harald Eul
(HEC Harald Eul Consulting GmbH)
Georg-Glock-Strasse 4
D-40474 Düsseldorf, Germany
Email: dsb@heuking.de
2. Purposes and legal basis upon which we process your data
We process personal data in accordance with the stipulations of the General Data Protection Regula-tion (GDPR), the German Federal Data Protection Act (Bundesdatenschutzgesetz - BDSG), and other applicable data protection provisions (details are provided below). The details on which data are processed and how they are used largely depend on the services requested or agreed in each case. If you retain our law firm, we will collect the following information in particular:
- contact person (title, first name, last name),
- email address(es),
- street address,
- phone number (landline and/or mobile),
- user data (websites accessed, interest in contents, access times)
- meta/communication data (e.g., device information, IP addresses)
- information necessary for asserting and defending your rights as part of retaining our law firm.
Further details or additions to the purposes of data processing can be found in the respective contract documents, in forms, in a declaration of consent and/or other information provided to you (e.g., in the context of the use of our website or in our terms and conditions).
This Data Protection Information may be updated from time to time and is available on our website https://www.heuking.de/en/data-protection-provisions.html.
2.1 Purposes necessary for performance of a contract or precontractual measures (Art. 6(1)(b) GDPR)
The processing of personal data is performed at your request for the performance of our contracts with you and for the performance of your orders, as well as for the performance of measures and activities within the scope of precontractual relationships, e.g., with interested parties. The collection of these data is performed mainly
- in order to be able to identify you as a client,
- in order to be able to provide you with legal advice and represent you in an appropriate manner,
- for correspondence with you,
- for accounting purposes,
- for processing of any liability claims that exist, as well as the assertion of any claims against you,
- for measures for the control and optimization of business processes,
- for the traceability of transactions, orders, and other agreements,
- to guarantee IT security (including system or plausibility tests),
- for emergency management,
- to fulfill the general duties of care,
- to safeguard and enforce domestic authority (e.g., by means of access controls),
- for cost recording and controlling, as well as for reporting.
2.2 Purposes within the framework of your consent (Art. 6(1)(a) GDPR)
Your personal data may also be processed for certain purposes (e.g., use of company communication systems for private purposes; photographs/videos of you for publication in the Intranet/Internet) includ-ing as a result of your consent. As a rule, you may revoke this consent at any time. This also applies to the revoking of declarations of consent that were issued to us before the GDPR went into effect, i.e., prior to May 25, 2018. You will be informed sepa-rately about the consequences of revocation or refusal to provide consent in the respective text of the consent.
Generally, revocation of consent only applies to the future. Processing carried out prior to consent be-ing issued is not affected and remains lawful.
2.3 Purposes within the framework of a legitimate interest on our part or of third parties (Art. 6(1)(f) GDPR)
Beyond the actual fulfilment of the (pre-)agreement, we process your data whenever this is necessary to protect legitimate interests of our own or of third parties, in particular for the following purposes:
- advertising or market and opinion research, unless you have objected to the use of your data;
- sending newsletters with information on current legal topics and events organized by the law firm;
- obtaining information and exchanging data with credit agencies where this goes beyond our economic risk;
- the checking and optimization of processes for requirements analysis;
- the further development of services and products as well as existing systems and processes;
- the disclosure of personal data within the framework of due diligence in the course of company sale negotiations;
- for comparison with European and international anti-terror lists, insofar as this goes beyond the legal obligations;
- the enrichment of our data, e.g., by using or researching publicly accessible data;
- statistical evaluations or market analysis;
- benchmarking;
- the assertion of legal claims and defense in legal disputes which are not directly attributable to the contractual relationship;
- the restricted processing of data, if erasure is not possible or only possible with disproportionately high effort due to the particular type of storage;
- the development of scoring systems or automated decision-making processes;
- the prevention and investigation of criminal offences, if not exclusively for the fulfilment of legal requirements;
- building and plant security (e.g., by means of access control and video surveillance), insofar as this goes beyond the general duties of care;
- internal and external investigations, safety reviews;
- any monitoring or recording of telephone conversations for quality control and training purposes;
- obtaining and maintenance of certifications of a private-law or official government nature;
- the safeguarding and exercise of domestic authority by means of appropriate measures as well as video surveillance for the protection of our customers and employees as well as for securing evidence in the event of criminal offences and their prevention.
2.4 Purposes necessary for compliance with a legal obligation (Art. 6(1)(c) GDPR) or for the performance of a task carried out in the public interest (Art. 6(1)(e) GDPR)
Like all players in business life, we are also subject to a large number of legal obligations. These are primarily statutory requirements (e.g., commercial and tax laws), but also if applicable supervisory law or other requirements set out by government authorities. The purposes of processing may also include identity and age checks, prevention of fraud and money laundering (e.g., comparisons with European and international anti-terror lists), compliance with control and notification obligations under tax law as well as the archiving of data for the purposes of data protection and data security as well as for purposes of audits by tax advisors/auditors, fiscal and other government authorities. In addition, it may be necessary to disclose personal data within the framework of official government/court measures for the purposes of collecting evidence, law enforcement and criminal prosecution or the satisfaction of civil law claims.
3. The categories of data that we process if we do not receive data directly from you, and their origin
If necessary for the contractual relationship with you and the activities performed by you, we may process data which we lawfully receive from other offices or other third parties (e.g., credit agencies, publishers of address databases, journalist databases). In addition, we process personal data that we have lawfully collected, received or acquired from publicly accessible sources (such as commercial registers and association registers, civil registers, the press, Internet and other media) if such is necessary and we are allowed to process these data in accordance with statutory provisions.
Relevant personal data categories may be, in particular:
- personal data (name, date of birth, place of birth, nationality, marital status, occupation/trade and comparable data),
- contact data (address, e-mail address, telephone number and similar data)
- address data (population register data and comparable data)
- payment confirmation/confirmation of cover for bank and credit cards
- information about your financial situation (creditworthiness data including scoring, i.e., data for assessing the economic risk)
- customer history
- data on your use of the telemedia offered by us (e.g., time of access to our websites, apps or newsletters, clicked pages/links of us or entries and comparable data)
- metadata/communication data (e.g., device information, IP addresses),
- video data
4. Recipients or categories of recipients of your data
Your personal data will only be transferred to third parties if
- you have given us consent to transmit data to third parties,
- this is necessary in accordance with Art. 6(1)(b) GDPR for the processing of client relationships with you (this includes in particular passing it on to the opposing party in proceedings and their representatives, in particular their attorneys, as well as courts and other public authorities for the purposes of correspondence, marketing measures, as well as for the asserting and defending of their rights),
- for purposes where we are obligated or entitled to give information, notification or to forward data,
- to the extent that external service providers commissioned by us process data as order processors or parties that assume certain functions (e.g., external data centers, support and maintenance of IT applications, archiving, document processing, call center services, compliance services, controlling, data screening for anti-money laundering purposes, data validation and data protection. plausibility check, data destruction, purchasing/procurement, customer administration, letter shops, marketing, media technology, research, risk controlling, billing, telephony, website management, auditing services, banks, printing plants or companies for data disposal, courier services, logistics, press relations work).
We will moreover refrain from transmitting your data to third parties if we have not informed you of such separately. If we commission service providers within the framework of processing an order, your data will be subject there to the security standards stipulated by us in order to adequately protect your data. In all other cases, recipients may only use the data for purposes for which the data have been sent to them.
Attorney-client privilege will remain unaffected. With regard to data that are subject to attorney-client privilege, the information will only be passed on with your agreement.
Within our firm, the internal departments and organizational units who need your data in order to fulfill our contractual and legal obligations, or within the framework of processing and implementation of our justified interest, will receive your data.
5. Duration of data storage
We process and store your data for the duration of our business relationship. This also includes the initiation of a contract (precontractual legal relationship) and the execution of a contract.
The personal data that we record for the clients will be stored until the end of the legal storage period for lawyers (6 years after the end of the calendar year in which you ceased being a client) and erased, unless we are obligated to store the data for longer in accordance with Art. 6(1)(c) GDPR as a result of storage and documentation obligations under tax and commercial law (under the German Commercial Code, Penal Code, or Tax Code), or if you have given your consent to longer storage in accordance with Art. 6(1)(a) GDPR.
Furthermore, special statutory provisions may require longer retention such as the preservation of evidence in connection with statutory time-barring provisions (statute of limitations). Under Sections 195 et seq. German Civil Code (BGB), the regular time-barring period is three years, but time-barring periods of up to 30 years may also be applicable.
If the data are no longer required to meet contractual or statutory obligations and rights, data will be routinely erased unless its further processing - for a limited period - is necessary to fulfil the purposes listed under item no. 2.2 due to an overriding legitimate interest. Such an overriding legitimate interest is deemed to be the case, for example, if it is not possible to erase the data as a result of the particular type of storage, if such is only possible at a disproportionately great expense, and processing for other purposes is excluded by appropriate technical and organizational measures.
6. Processing of your data in a third country or through an international organization
Data are transmitted to offices in countries outside the European Economic Area EU/EEA (third countries) whenever such is necessary to meet a contractual obligation towards you (e.g., if you are posted to another country), if such is required by law (e.g., notification obligations under tax law), if such is in the legitimate interest of us or a third party, or you have issued us with your consent to such.
At the same time, your data may be processed in a third country, including in connection with the involvement of service providers within the framework of the processing of the order. If no decision has been issued by the EU Commission regarding the presence of an appropriate level of data protection for the respective country, we warrant that your rights and freedoms will be reasonably protected and guarantied in accordance with EU data protection requirements through contractual agreements to this effect. We will provide you with detailed information on request.
You can request information on the suitable or appropriate guarantees and on the possibility of receiving a copy of these from the company data protection officer or the human resources department responsible for you.
7. Your data protection rights / rights of data subjects
If certain conditions are met, you can assert the following data protection rights against us:
7.1 Under Art. 7(3) GDPR, you may revoke the consent that you have issued to us at any time. The result of this is that we may no longer perform the data processing covered by this consent in future.
7.2 Under Art. 15 GDPR, you have the right to obtain information on your personal data processed by us (where applicable, with limitations in accordance with Section 34 Federal Data Protection Act).
7.3 Upon request, we will rectify or complete data stored on you in accordance with Art. 16 GDPR if such data are inaccurate or incorrect.
7.4 Upon your request, we will erase your data in accordance with the principles of Art. 17 GDPR, unless we are prohibited from doing so by other statutory provisions (e.g., statutory retention obligations or the restrictions laid down in Section 35 Federal Data Protection Act) or an overriding interest on our part (for example, to defend our rights and claims).
7.5 Taking into account the preconditions laid down in Art. 18 GDPR, you may request us to restrict the processing of your data.
7.6 In accordance with the provisions of Art. 20 GDPR, you also have the right to receive the personal data concerning you in a structured, commonly used and machine-readable format or to transmit such data to a third party.
7.7 Furthermore, you may file an objection to the processing of your data in accordance with Art. 21 GDPR, as a result of which we are obliged to stop processing your data. This right of objection only applies, however, if very special circumstances characterize your personal situation, whereby the rights of our firm may stand in the way of your right of objection.
7.8 You also have the right to revoke consent, issued to us to process personal data, at any time with effect for the future.
7.9 In addition, you have the right to complain to a data protection supervisory authority (Art. 77 GDPR). We recommend, however, that complaints should always initially be sent to our Data Protection Officer.
Your applications regarding the exercising of your rights should, if possible, be addressed in writing to the abovementioned address or directly to our Data Protection Officer.
8. Scope of your obligation to provide us with your data
You only need to provide data that are necessary for the commencement and performance of the business relationship, for a precontractual relationship with us, or if we are obliged to collect the data by law. Without these data, we are generally not able to conclude the agreement or continue to perform it. This may also relate to data that are required later within the framework of the contractual relationship. If we request data from you above and beyond this, you will be informed about the voluntary nature of the information separately.
Information on your right of objection under Art. 21 GDPR
1. You have the right to file an objection at any time against processing of your data carried out on the basis of Art. 6(1)(f) GDPR (data processing on the basis of a weighing-up of interests) or Art. 6(1)(e) GDPR (data processing in the public interest). The precondition for this is, however, that there are grounds for your objection emanating from your special personal situation. This also applies to profiling based on this provision within the meaning of Art. 4(4) GDPR.
If you file an objection, we will no longer process your personal data unless we can demonstrate compelling reasons warranting protection for the processing that outweigh your interests, rights and freedoms, or the processing serves the purpose of asserting, exercising or defending legal claims.
2. We also process your personal data in order to perform direct advertising. If you do not want to receive any advertising, you have the right to file an objection against this at any time. This also applies to the profiling to the extent that it is connected with such direct advertising. We will respect this objection with effect for the future.
We will no longer process your data for the purpose of direct advertising if you object to processing for this purpose.
The objection may be filed without adhering to any formal requirements and should be sent to
Heuking Kühn Lüer Wojtek PartGmbB
Data Protection Officer Herr Harald Eul
(HEC Harald Eul Consulting GmbH)
Georg-Glock-Strasse 4
D-40474 Düsseldorf, Germany
Email: dsb@heuking.de
Our Privacy Policy and the information on data protection related to our data processing in accordance with Articles 13, 14 and 21 GDPR may change from time to time. All changes will be published on this site. Older versions can be viewed in an archive.
Data Protection Information last updated: April 26, 2019
Part 2
SUPPLEMENTARY DATA PROTECTION STATEMENT FOR OUR WEBSITE
Thank you very much for your interest in our online presence. The protection of your personal data is very important to us. We would like to inform you of the use of cookies, analysis tools, and the possible effects on personal data on our website.
1. Cookies and opt-out right in direct advertising
We use temporary and permanent cookies, i.e., small files that are saved on the devices of users (for clarification of the term and the function, see the last section of this data protection information). The cookies serve the purpose of security and are necessary for the operation of our website (e.g., for the presentation of the website) or to save the user’s decision when confirming the cookie banner. In addition, either we or our technology partner use cookies for reach measurement and marketing purposes, of which our users are informed in the Privacy Policy.
You may generally opt out of the use of the cookies used for the purposes of online marketing in the case of many services, above all with respect to tracking, via the US-based website http://www.aboutads.info/choices/ or via the EU-based website http://www.youronlinechoices.com/. In addition, the retention of cookies may be achieved by deactivating them in the browser settings. Please note that it may not be possible to use all of the functions of this website in that case.
2. Recording of access data and log files
We record data on each access of our server on which the service is located (server log files) on the basis of our justified interest in accordance with Art. 6(1)(f) GDPR. The access data include the name of the website accessed, file, date, and time of the access, quantity of data transferred, reporting of successful access, browser type and version, the user’s operating system, referrer URL (the page visited previously), IP address, and the enquiring provider.
Log file information will be stored for security reasons (e.g., to clarify misuse or fraud actions) for a maximum period of seven days and then deleted. Data that has to be stored for the purposes of evidence are excluded from deletion until the final clarification of the occurrence in question.
3. Online presence in social media
We maintain an online presence within social networks and platforms in order to communicate with the clients, interested parties, and users who are active there and to be able to inform them there about our services. When accessing the relevant networks and platforms, the terms and conditions of business and the data processing guidelines of their operators apply.
Unless otherwise stated in our Privacy Policy, we process user data if they communicate with us within the social networks and platforms, e.g., contributions to our online presence or sending messages.
4. Cookies & Reach Measurement
Cookies are information that are transferred from our web server or third-party web servers to the web browser of the users and are stored there to be accessed later. Cookies may be small files or other kinds of information storage.
You can at any time change or withdraw your consent from the Cookie Declaration on our website.
We use session cookies that are only stored for the duration of the current visit to our website (e.g., in order to enable the storage of your login status or the shopping cart function and therefore actually make it possible for you to use our website at all). A randomly generated clear identification number will be stored in a session cookie. This is known as a session ID. In addition, a cookie contains information on its origin and the duration of storage. These cookies cannot store any other data. Session cookies are deleted when you end the use of our website and log out or close the browser.
If users do not wish cookies to be stored on their computer, they are requested to deactivate the appropriate option in the system settings for their browsers. Stored cookies can be deleted in the system settings of the browser. Excluding cookies from your computer can result in restricted functioning of this online content.
Users will be informed of the use of cookies as part of pseudonymous reach measurement in this data protection information. As far as legally required, we ask you for your consent in advance.
You may also opt out from the use of cookies that serve the purpose of range measurement and advertising via the deactivation pages of the network advertising initiative (http://optout.networkadvertising.org/) and additionally the US-based website (http://www.aboutads.info/choices) or the European-based website (http://www.youronlinechoices.com/uk/your-ad-choices/).
Your consent applies to the following domains: www.heuking.de
5. Google Analytics
If you have given us your prior consent in this respect, we use Google Analytics, a web analytics service of Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google"), for the purposes of analysis, optimization and economic operation of our online offering, on the basis of Art. 6 para. 1 sentence 1 lit. a GDPR. Google uses cookies. The information created by the cookie about the use of the website by the user is generally transferred to one of Google’s servers in the USA and is stored there.
Google is certified under the Privacy Shield framework and therefore guarantees compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
Google will use this information on our behalf to analyze the use of our online content by the users and to compile reports on activities within the online content in order to perform further services associated with the use of this online content for us. As part of this process, pseudonymous user profiles for the users can be created from the processed data.
We use Google Analytics to ensure that we only display the advertisements provided as part of the advertising services provided by Google and its partners to users who have shown an interest in our website or who display certain features (e.g., interest in certain topics or products, which is determined on the basis of the websites that are visited), which we send to Google (this is known as remarketing, or Google Analytics audiences). We use remarketing audiences to ensure that our advertisements are in line with the potential interest of the user, rather than being an irritation.
We only use Google Analytics with IP anonymization activated. This means that Google abbreviates the IP address of the user in the member states of the European Union, or in other signatory countries of the Agreement on the European Economic Area. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and then abbreviated there.
The IP address transmitted from the user’s browser is not combined with other data by Google. Users can prevent the storage of cookies by configuring their browser settings appropriately; users can also prevent the recording of the data generated by the cookie and the data collected as a result of their use of the online content to Google, as well as its processing by Google. This can be done by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de.
As an alternative to the browser plugin or in browsers on mobile devices, please click on the following link in order to set up an opt-out cookie, which prevents recording by Google Analytics on this website in future (this opt-out cookie only functions in this browser and only for this domain, delete your cookies in this browser, then click on this link again):
You can find further information on the use of data by Google, as well as options of settings and opt-out on Google’s website: https://www.google.com/
intl/de/policies/privacy/partners (“How Google uses information from sites or apps that use our services”), https://policies.google.com/technologies/ads (“How Google uses cookies in advertising”), https://adssettings.google.com/authenticated (“Make the ads you see more useful to you”).
Google-Re/Marketing-Services
We use the marketing and remarketing services (abbreviated to “Google Marketing Services”) of Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland, (“Google”) on the basis of our justified interests (i.e., interest in the analysis, optimization, and economic operation of our online content as defined under Art. 6(1)(f) GDPR).
Google is certified under the Privacy Shield framework and therefore guarantees compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
Google Marketing Services allow us to show advertisements for and on websites in a more targeted way in order only to present users with advertisements that may be of interest to. If users, for example, are shown advertisements for products that they have shown an interest in on other websites, this is known as “remarketing.” For these purposes, when our website and other websites on which Google Marketing Services are active are accessed, a code is executed by Google and (re)marketing tags (invisible graphics or codes, which are also known as "web beacons") are incorporated into the website. These are used to save an individual cookie on the user’s device, i.e., a small file (comparable technologies can also be used instead of cookies). The cookies can be created by various different domains, including google.com, doubleclick.net, invitemedia.com, admeld.com, googlesyndication.com, or googleadservices.com. This file records which websites users look at, what content they show an interest in, and which offerings they click on. The file also contains technical information about the browser and operating system, referring websites, duration of the visit, as well as other information about the use of the online content. The IP addresses of users are also recorded, although we state within Google Analytics that the IP addresses within the member states of the European Union or in other signatory states of the Agreement on the European Economic Area and only sent in full to Google server in the USA and abbreviated there. The IP address is not combined with the users’ data within other offers from Google. Google an also combine the aforementioned information with information from other sources. If users then visit other websites, they can be shown advertisements tailored to their interests.
The users’ data is processed in a pseudonymous manner within Google Marketing Services. This means that Google does not process the name or email addresses of the users, but rather processes the relevant data based on cookies within pseudonymized user profiles. This means that from the point of view of Google, the information is not managed and viewed for a concrete, identified person, but rather for the cookie owner, irrespective of who this cookie owner is. This does not apply if a user has expressly given Google permission to process the data without this pseudonymization. The information collected by Google Marketing Services about the users is transmitted to Google and stored on Google’s servers in the USA.
In addition, we may use the "Google Tag Manager" in order to incorporate the Google analysis and marketing services into our website and to manage them.
Additional information on data use for marketing purposes by Google is available at https://policies.google.com/technologies/ads, the Google Privacy Policy is available at https://policies.google.com/privacy.
If you want to opt-out of interest-based advertising by Google Marketing Services, you can make use of the settings and opt-out options provided by Google: https://adssettings.google.com/authenticated.
6. Cloudflare - Content Delivery Network
On the basis of our legitimate interests (i.e. interests in the optimization of the performance, to secure this website and to optimize loading times and security of our online offer and recognition of the language settings of the user within the meaning of Article 6 Para. 1 letter F GDPR), we use the Cloudflare CDN service from Cloudflare, Inc. ("Cloudflare"). In this connection, personal data may be transmitted to Cloudflare by the browser you are using, but this data will be deleted once the purpose has been achieved.
Cloudflare uses cookies. The information generated by the cookie about the use of the online offer by users is usually transmitted to a Cloudflare server in the USA and stored there.
Cloudflare is certified under the Privacy Shield Convention and offers a guarantee through this that it will comply with the European Data Protection Law (https://www.privacyshield.gov/participant?id=a2zt0000000GnZKAA0&status=Active).
You can find further information about data use by Cloudflare, setting and objection options on Cloudflare's website: https://www.cloudflare.com/privacypolicy/
7. Newsletters
In the following, we inform you about content of our newsletters, as well as the processes for registration, distribution, and statistical evaluation, as well as your right to opt out. By subscribing to our newsletter, you state that you agree to receive it and to the processes described.
Content of the newsletters: we send newsletters, emails, and other electronic notifications with promotional information (hereinafter: “Newsletter”) only with the consent of the recipient or legal permission. If the content of a registration to receive a newsletter is outlined in concrete terms within the registration, that content will be decisive with regard to the consent of the user. In addition, our newsletters contain information about our events, offers, campaigns, and our company.
Double opt-in and logging: registering to receive our newsletter takes place in a “double opt-in procedure,” i.e., after registration you will receive an email in which you will be asked to confirm your registration. This confirmation is necessary so that no one can register with someone else’s email address. A log is kept of registrations for the Newsletter in order to be able to prove that the registration process took place in accordance with the legal requirements. This includes the saving of the time of registration and confirmation, as well as the IP address. A record will be kept of changes in your data that is stored by the distribution provider.
Distribution provider: The newsletters are generally distributed by a distribution provider, CleverReach GmbH & Co. KG, Mühlenstr. 43, 26180 Rastede, Germany, hereinafter referred to as the “Distribution Provider.” The distribution provider’s Privacy Policy is available at https://www.cleverreach.com/en/privacy-policy/.
In addition, the distribution provider may use these data in a pseudonymized form based on its own information, i.e., without allocation to a user, in order to optimize or improve its own services, e.g., for technical optimization of the distribution and the presentation of the newsletter or for statistical purposes in order to determine which country the recipients come from. The distribution provider will not, however, use the data of our newsletter recipients to write to them itself, nor will it pass on the data to third parties.
Registration data: to register for the Newsletter, it is sufficient to enter your email address. As an option, please enter a name so that we can address you personally in the Newsletter.
Performance measurement: the newsletters contain a “web beacon,” i.e., a pixel-sized file that is accessed by the server of the distribution provider when the Newsletter is opened. During this access, initially technical information, such as information about the browser and your system, as well as your IP address and the time of access. This information will be used for the technical improvement of the services based on the technical data or the target groups and their reading behavior based on the locations of access (which can be determined with the aid of the IP address) or the access times. The statistical records will also include the determination of whether the Newsletters are opened, when they are opened, and what links are clicked on. For technical reasons, it is possible to allocate this information to the individual Newsletter recipients. It is, however, not our aim, or that of the Distribution Provider, to observe individual users. Rather, the analysis serves the purpose of recognizing the reading habits of our users and adjusting our content to suit them or to send different information in line with the interests of our users.
Germany: The distribution of the Newsletter and performance measurement take place on the basis of consent from the recipient in accordance with Art. 6 6(1)(a), Art. 7 in conjunction with Section 7(2)(3) German Act Against Unfair Competition or on the basis of legal permission in accordance with Section 7(3) Act Against Unfair Competition.
The recording of the registration procedure is performed on the basis of our justified interests in accordance with Art. 6(1)(f) GDPR and serves as proof of consent for receipt of the newsletter.
Termination/cancellation: you can terminate your agreement to receipt of our newsletter at any time, i.e., revoke your consent. You will find a link for cancellation option of the newsletter at the end of each newsletter. If the user has only registered for the newsletter, his/her personal information will be erased.
8. Incorporation of third-party services and content
On the basis of our justified interest (i.e., an interest in the analysis, optimization, and economic operation of our website in accordance with Art. 6(1)(f) GDPR), within our website we offer content and services from third party providers in order to incorporate their content and services, such as videos and fonts (hereinafter referred to collectively as “Content”). The prerequisite for this is that the third-party providers of this Content have to use the IP address of the user because without the IP address, they cannot send the Content to the browser. The IP address is therefore necessary for the provision of this Content. We make every effort only to use Content if the providers only use the IP address for the provision of the Content. Third party suppliers can also use “pixel tags” (invisible graphics also known as "web beacons") for statistical or marketing purposes. The "pixel tags" can be used to evaluate information on the user traffic to the pages of this website. The pseudonymous information can also be stored in cookies on the user’s device and among other things includes technical information about the browser and operating system, referring websites, visit times, and also other information on the use of our online content. This information can also be connected with information of this kind from other sources.
The following description offers an overview of third-party providers, as well as their content, and also links to their Privacy Policies, which contain further details on the processing of data and opt-out options, some of which have already been mentioned:
- External fonts by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland, www.google.com/fonts (“Google Fonts”). The incorporation of the Google fonts is performed by means of a server access at Google (generally in the USA). Privacy Policy: https://policies.google.com/privacy , Opt-out: https://adssettings.google.com/authenticated.
- Maps of the “Google Maps” service by third-party provider Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland. Privacy Policy: https://www.google.com/
policies/privacy/, Opt-out: https://www.google.com/settings/ads/. - We incorporate the function for recognizing bots, e.g., when completing online forms ("ReCaptcha") of the Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland. Privacy Policy: https://www.google.com/
policies/privacy/, Opt-out: https://adssettings.google.com/authenticated. - Videos of the “YouTube” service by third-party provider Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland. Privacy Policy: https://policies.google.com/privacy, Opt-out: https://adssettings.google.com/
authenticated.
For this purpose, we use the "extended data protection mode" for the integration of the YouTube videos, through which a cookie is only stored on the user's computer when the respective YouTube video is played. YouTube states that no personal cookie information is stored when embedded videos are played in extended privacy mode. Further information on data processing and notes on data protection by YouTube (Google) can be found at www.google.de/intl/de/policies/privacy/. If you want to ensure that YouTube does not receive any data from you, please do not click on the embedded YouTube videos.
- As part of our online offering, we are using the marketing functions (“LinkedIn Insight Tag”) of the LinkedIn network. The provider is LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA. Each time one of our pages that contains LinkedIn functions is accessed, a connection is made with LinkedIn’s servers. LinkedIn is informed that you have visited our website with your IP address. We can use the LinkedIn Insight tag in particular to analyze the success of our campaigns in LinkedIn or determine target groups for these on the basis of the interaction of the users with our website. If you are registered with LinkedIn, LinkedIn is able to allocate your interactions with our website to your user account. Also, if you click on the LinkedIn “recommend button” and are logged in to your LinkedIn account, it is possible for LinkedIn to allocate your visit to our website to you and to your user account. LinkedIn is certified under the Privacy Shield framework and therefore guarantees compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000L0UZAA0&status=Active). Privacy Policy: https://www.linkedin.com/legal/privacy-policy, Opt-out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
- The functions of the Twitter service or platform may be incorporated into our website (hereinafter referred to as “Twitter”). Twitter is offered by Twitter, Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. The functions include the presentation of our contributions in Twitter within our website, links to our profile at Twitter, and the option of interacting with contributions and functions of Twitter, as well as measuring whether users access our online content via our advertisements on Twitter (“conversion measurement”). Twitter is certified under the Privacy Shield agreement and therefore guarantees compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000TORzAAO&status=Active) Privacy Policy: https://twitter.com/de/privacy, Opt-out: twitter.com/personalization.
- We use functions of the XING network. The provider is XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany. Each time our web pages containing the Xing functions are accessed, a connection is made to the Xing servers. As far as we are aware, personal data is not saved in this process. In particular, no IP addresses are saved and the usage behavior is not analyzed. Privacy Policy: https://www.xing.com/app/share?op=data_protection.
- External code of the JavaScript frameworks “jQuery,” provided by third-party provider jQuery Foundation, https://jquery.org.
- We use functions of the URL shortener service bitly. The provider is bitly, Inc. 139 5th Avenue, 5th Floor, New York, NY 10010, USA. Privacy Policy: https://bitly.com/pages/privacy.
- We use the event organization tools provided by Altares. The provider is altares GmbH & Co. KG, Wiesenstraße 21a, 40549 Düsseldorf, Germany. The invitation and participant management for our events is performed partially online using Altares’s software and servers. There is no explicit commission for the processing of data but the possibility of personal data being accessed during testing and maintenance cannot be ruled out. Privacy Policy: https://www.altares.de/index.php/datenschutzhinweis.
Data Protection Information last updated: July 10, 2020
Version: April 26, 2019
(Last updated April 26, 2019)
Part 1
INFORMATION ON DATA PROTECTION RELATED TO OUR PROCESSING UNDER ARTICLES 13, 14 AND 21 GENERAL DATA PROTECTION REGULA-TION (GDPR)
We take data protection very seriously and inform you herein how we process your data and what claims and rights you are entitled to under data protection regulations.
1. Data Controller and contact details
Data Controller:
Heuking Kühn Lüer Wojtek PartGmbB
Georg-Glock-Strasse 4
D-40474 Düsseldorf, Germany
Contact details of our Data Protection Officer (also Data Protection Officer of all notaries working in the law firm):
Heuking Kühn Lüer Wojtek PartGmbB
Data Protection Officer Mr. Harald Eul
(HEC Harald Eul Consulting GmbH)
Georg-Glock-Strasse 4
D-40474 Düsseldorf, Germany
Email: dsb@heuking.de
2. Purposes and legal basis upon which we process your data
We process personal data in accordance with the stipulations of the General Data Protection Regula-tion (GDPR), the German Federal Data Protection Act (Bundesdatenschutzgesetz - BDSG), and other applicable data protection provisions (details are provided below). The details on which data are processed and how they are used largely depend on the services requested or agreed in each case. If you retain our law firm, we will collect the following information in particular:
- contact person (title, first name, last name),
- email address(es),
- street address,
- phone number (landline and/or mobile),
- user data (websites accessed, interest in contents, access times)
- meta/communication data (e.g., device information, IP addresses)
- information necessary for asserting and defending your rights as part of retaining our law firm.
Further details or additions to the purposes of data processing can be found in the respective contract documents, in forms, in a declaration of consent and/or other information provided to you (e.g., in the context of the use of our website or in our terms and conditions).
This Data Protection Information may be updated from time to time and is available on our website https://www.heuking.de/en/data-protection-provisions.html.
2.1 Purposes necessary for performance of a contract or precontractual measures (Art. 6(1)(b) GDPR)
The processing of personal data is performed at your request for the performance of our contracts with you and for the performance of your orders, as well as for the performance of measures and activities within the scope of precontractual relationships, e.g., with interested parties. The collection of these data is performed mainly
- in order to be able to identify you as a client,
- in order to be able to provide you with legal advice and represent you in an appropriate manner,
- for correspondence with you,
- for accounting purposes,
- for processing of any liability claims that exist, as well as the assertion of any claims against you,
- for measures for the control and optimization of business processes,
- for the traceability of transactions, orders, and other agreements,
- to guarantee IT security (including system or plausibility tests),
- for emergency management,
- to fulfill the general duties of care,
- to safeguard and enforce domestic authority (e.g., by means of access controls),
- for cost recording and controlling, as well as for reporting.
2.2 Purposes within the framework of your consent (Art. 6(1)(a) GDPR)
Your personal data may also be processed for certain purposes (e.g., use of company communication systems for private purposes; photographs/videos of you for publication in the Intranet/Internet) includ-ing as a result of your consent. As a rule, you may revoke this consent at any time. This also applies to the revoking of declarations of consent that were issued to us before the GDPR went into effect, i.e., prior to May 25, 2018. You will be informed sepa-rately about the consequences of revocation or refusal to provide consent in the respective text of the consent.
Generally, revocation of consent only applies to the future. Processing carried out prior to consent be-ing issued is not affected and remains lawful.
2.3 Purposes within the framework of a legitimate interest on our part or of third parties (Art. 6(1)(f) GDPR)
Beyond the actual fulfilment of the (pre-)agreement, we process your data whenever this is necessary to protect legitimate interests of our own or of third parties, in particular for the following purposes:
- advertising or market and opinion research, unless you have objected to the use of your data;
- sending newsletters with information on current legal topics and events organized by the law firm;
- obtaining information and exchanging data with credit agencies where this goes beyond our economic risk;
- the checking and optimization of processes for requirements analysis;
- the further development of services and products as well as existing systems and processes;
- the disclosure of personal data within the framework of due diligence in the course of company sale negotiations;
- for comparison with European and international anti-terror lists, insofar as this goes beyond the legal obligations;
- the enrichment of our data, e.g., by using or researching publicly accessible data;
- statistical evaluations or market analysis;
- benchmarking;
- the assertion of legal claims and defense in legal disputes which are not directly attributable to the contractual relationship;
- the restricted processing of data, if erasure is not possible or only possible with disproportionately high effort due to the particular type of storage;
- the development of scoring systems or automated decision-making processes;
- the prevention and investigation of criminal offences, if not exclusively for the fulfilment of legal requirements;
- building and plant security (e.g., by means of access control and video surveillance), insofar as this goes beyond the general duties of care;
- internal and external investigations, safety reviews;
- any monitoring or recording of telephone conversations for quality control and training purposes;
- obtaining and maintenance of certifications of a private-law or official government nature;
- the safeguarding and exercise of domestic authority by means of appropriate measures as well as video surveillance for the protection of our customers and employees as well as for securing evidence in the event of criminal offences and their prevention.
2.4 Purposes necessary for compliance with a legal obligation (Art. 6(1)(c) GDPR) or for the performance of a task carried out in the public interest (Art. 6(1)(e) GDPR)
Like all players in business life, we are also subject to a large number of legal obligations. These are primarily statutory requirements (e.g., commercial and tax laws), but also if applicable supervisory law or other requirements set out by government authorities. The purposes of processing may also include identity and age checks, prevention of fraud and money laundering (e.g., comparisons with European and international anti-terror lists), compliance with control and notification obligations under tax law as well as the archiving of data for the purposes of data protection and data security as well as for purposes of audits by tax advisors/auditors, fiscal and other government authorities. In addition, it may be necessary to disclose personal data within the framework of official government/court measures for the purposes of collecting evidence, law enforcement and criminal prosecution or the satisfaction of civil law claims.
3. The categories of data that we process if we do not receive data directly from you, and their origin
If necessary for the contractual relationship with you and the activities performed by you, we may process data which we lawfully receive from other offices or other third parties (e.g., credit agencies, publishers of address databases, journalist databases). In addition, we process personal data that we have lawfully collected, received or acquired from publicly accessible sources (such as commercial registers and association registers, civil registers, the press, Internet and other media) if such is necessary and we are allowed to process these data in accordance with statutory provisions.
Relevant personal data categories may be, in particular:
- personal data (name, date of birth, place of birth, nationality, marital status, occupation/trade and comparable data),
- contact data (address, e-mail address, telephone number and similar data)
- address data (population register data and comparable data)
- payment confirmation/confirmation of cover for bank and credit cards
- information about your financial situation (creditworthiness data including scoring, i.e., data for assessing the economic risk)
- customer history
- data on your use of the telemedia offered by us (e.g., time of access to our websites, apps or newsletters, clicked pages/links of us or entries and comparable data)
- metadata/communication data (e.g., device information, IP addresses),
- video data
4. Recipients or categories of recipients of your data
Your personal data will only be transferred to third parties if
- you have given us consent to transmit data to third parties,
- this is necessary in accordance with Art. 6(1)(b) GDPR for the processing of client relationships with you (this includes in particular passing it on to the opposing party in proceedings and their representatives, in particular their attorneys, as well as courts and other public authorities for the purposes of correspondence, marketing measures, as well as for the asserting and defending of their rights),
- for purposes where we are obligated or entitled to give information, notification or to forward data,
- to the extent that external service providers commissioned by us process data as order processors or parties that assume certain functions (e.g., external data centers, support and maintenance of IT applications, archiving, document processing, call center services, compliance services, controlling, data screening for anti-money laundering purposes, data validation and data protection. plausibility check, data destruction, purchasing/procurement, customer administration, letter shops, marketing, media technology, research, risk controlling, billing, telephony, website management, auditing services, banks, printing plants or companies for data disposal, courier services, logistics, press relations work).
We will moreover refrain from transmitting your data to third parties if we have not informed you of such separately. If we commission service providers within the framework of processing an order, your data will be subject there to the security standards stipulated by us in order to adequately protect your data. In all other cases, recipients may only use the data for purposes for which the data have been sent to them.
Attorney-client privilege will remain unaffected. With regard to data that are subject to attorney-client privilege, the information will only be passed on with your agreement.
Within our firm, the internal departments and organizational units who need your data in order to fulfill our contractual and legal obligations, or within the framework of processing and implementation of our justified interest, will receive your data.
5. Duration of data storage
We process and store your data for the duration of our business relationship. This also includes the initiation of a contract (precontractual legal relationship) and the execution of a contract.
The personal data that we record for the clients will be stored until the end of the legal storage period for lawyers (6 years after the end of the calendar year in which you ceased being a client) and erased, unless we are obligated to store the data for longer in accordance with Art. 6(1)(c) GDPR as a result of storage and documentation obligations under tax and commercial law (under the German Commercial Code, Penal Code, or Tax Code), or if you have given your consent to longer storage in accordance with Art. 6(1)(a) GDPR.
Furthermore, special statutory provisions may require longer retention such as the preservation of evidence in connection with statutory time-barring provisions (statute of limitations). Under Sections 195 et seq. German Civil Code (BGB), the regular time-barring period is three years, but time-barring periods of up to 30 years may also be applicable.
If the data are no longer required to meet contractual or statutory obligations and rights, data will be routinely erased unless its further processing - for a limited period - is necessary to fulfil the purposes listed under item no. 2.2 due to an overriding legitimate interest. Such an overriding legitimate interest is deemed to be the case, for example, if it is not possible to erase the data as a result of the particular type of storage, if such is only possible at a disproportionately great expense, and processing for other purposes is excluded by appropriate technical and organizational measures.
6. Processing of your data in a third country or through an international organization
Data are transmitted to offices in countries outside the European Economic Area EU/EEA (third countries) whenever such is necessary to meet a contractual obligation towards you (e.g., if you are posted to another country), if such is required by law (e.g., notification obligations under tax law), if such is in the legitimate interest of us or a third party, or you have issued us with your consent to such.
At the same time, your data may be processed in a third country, including in connection with the involvement of service providers within the framework of the processing of the order. If no decision has been issued by the EU Commission regarding the presence of an appropriate level of data protection for the respective country, we warrant that your rights and freedoms will be reasonably protected and guarantied in accordance with EU data protection requirements through contractual agreements to this effect. We will provide you with detailed information on request.
You can request information on the suitable or appropriate guarantees and on the possibility of receiving a copy of these from the company data protection officer or the human resources department responsible for you.
7. Your data protection rights / rights of data subjects
If certain conditions are met, you can assert the following data protection rights against us:
7.1 Under Art. 7(3) GDPR, you may revoke the consent that you have issued to us at any time. The result of this is that we may no longer perform the data processing covered by this consent in future.
7.2 Under Art. 15 GDPR, you have the right to obtain information on your personal data processed by us (where applicable, with limitations in accordance with Section 34 Federal Data Protection Act).
7.3 Upon request, we will rectify or complete data stored on you in accordance with Art. 16 GDPR if such data are inaccurate or incorrect.
7.4 Upon your request, we will erase your data in accordance with the principles of Art. 17 GDPR, unless we are prohibited from doing so by other statutory provisions (e.g., statutory retention obligations or the restrictions laid down in Section 35 Federal Data Protection Act) or an overriding interest on our part (for example, to defend our rights and claims).
7.5 Taking into account the preconditions laid down in Art. 18 GDPR, you may request us to restrict the processing of your data.
7.6 In accordance with the provisions of Art. 20 GDPR, you also have the right to receive the personal data concerning you in a structured, commonly used and machine-readable format or to transmit such data to a third party.
7.7 Furthermore, you may file an objection to the processing of your data in accordance with Art. 21 GDPR, as a result of which we are obliged to stop processing your data. This right of objection only applies, however, if very special circumstances characterize your personal situation, whereby the rights of our firm may stand in the way of your right of objection.
7.8 You also have the right to revoke consent, issued to us to process personal data, at any time with effect for the future.
7.9 In addition, you have the right to complain to a data protection supervisory authority (Art. 77 GDPR). We recommend, however, that complaints should always initially be sent to our Data Protection Officer.
Your applications regarding the exercising of your rights should, if possible, be addressed in writing to the abovementioned address or directly to our Data Protection Officer.
8. Scope of your obligation to provide us with your data
You only need to provide data that are necessary for the commencement and performance of the business relationship, for a precontractual relationship with us, or if we are obliged to collect the data by law. Without these data, we are generally not able to conclude the agreement or continue to perform it. This may also relate to data that are required later within the framework of the contractual relationship. If we request data from you above and beyond this, you will be informed about the voluntary nature of the information separately.
Information on your right of objection under Art. 21 GDPR
1. You have the right to file an objection at any time against processing of your data carried out on the basis of Art. 6(1)(f) GDPR (data processing on the basis of a weighing-up of interests) or Art. 6(1)(e) GDPR (data processing in the public interest). The precondition for this is, however, that there are grounds for your objection emanating from your special personal situation. This also applies to profiling based on this provision within the meaning of Art. 4(4) GDPR.
If you file an objection, we will no longer process your personal data unless we can demonstrate compelling reasons warranting protection for the processing that outweigh your interests, rights and freedoms, or the processing serves the purpose of asserting, exercising or defending legal claims.
2. We also process your personal data in order to perform direct advertising. If you do not want to receive any advertising, you have the right to file an objection against this at any time. This also applies to the profiling to the extent that it is connected with such direct advertising. We will respect this objection with effect for the future.
We will no longer process your data for the purpose of direct advertising if you object to processing for this purpose.
The objection may be filed without adhering to any formal requirements and should be sent to
Heuking Kühn Lüer Wojtek PartGmbB
Data Protection Officer Herr Harald Eul
(HEC Harald Eul Consulting GmbH)
Georg-Glock-Strasse 4
D-40474 Düsseldorf, Germany
Email: dsb@heuking.de
Our Privacy Policy and the information on data protection related to our data processing in accordance with Articles 13, 14 and 21 GDPR may change from time to time. All changes will be published on this site. Older versions can be viewed in an archive.
Data Protection Information last updated: April 26, 2019
Part 2
SUPPLEMENTARY DATA PROTECTION STATEMENT FOR OUR WEBSITE
Thank you very much for your interest in our online presence. The protection of your personal data is very important to us. We would like to inform you of the use of cookies, analysis tools, and the possible effects on personal data on our website.
1. Cookies and opt-out right in direct advertising
We use temporary and permanent cookies, i.e., small files that are stored on the devices of users (for clarification of the term and the function, see the last section of this data protection information). The cookies serve the purpose of security and are necessary for the operation of our website (e.g., for the presentation of the website) or to save the user’s decision when confirming the cookie banner. In addition, either we or our technology partner use cookies for reach measurement and marketing purposes, of which our users are informed in the Data Protection Statement.
You may generally opt out of the use of the cookies, used for the purposes of online marketing, for many services, above all with respect to tracking, via the US-based website http://www.aboutads.info/choices/ or via the EU-based website www.youronlinechoices.com. In addition, the storage of cookies may be achieved by deactivating them in the browser settings. Please note that it may not be possible to use all of the functions of this website in this case.
2. Recording of access data and log files
We record data on each access to our server on which the service is located (server log files) on the basis of our justified interest in accordance with Art. 6(1)(f) GDPR. The access data include the name of the website accessed, file, date, and time of the access, quantity of data transferred, reporting of successful access, browser type and version, the user’s operating system, referrer URL (the page visited previously), IP address, and the enquiring provider.
Log file information will be stored for security reasons (e.g., to clarify misuse or fraud actions) for a maximum period of seven days and then erased. Data that have to be stored for the purposes of evidence are excluded from erasure until the final clarification of the matter in question.
3. Online presence in social media
We maintain an online presence within social networks and platforms in order to communicate with the clients, interested parties, and users who are active there and to be able to inform them there about our services. When accessing the relevant networks and platforms, the terms and conditions of business and the data processing guidelines of their operators apply.
Unless otherwise stated in our Data Protection Statement, we process user data if they communicate with us within the social networks and platforms, e.g., contributions to our online presence or sending messages.
4. Cookies & reach measurement
Cookies are information transferred from our web server or third-party web servers to the web browser of the users and are stored there to be accessed later. Cookies may be small files or other kinds of information storage.
We use session cookies that are only stored for the duration of the current visit to our website (e.g., in order to enable the storage of your login status or the shopping cart function and therefore actually make it possible for you to use our website at all). A randomly generated clear identification number will be stored in a session cookie. This is known as a session ID. In addition, a cookie contains information on its origin and the duration of storage. These cookies cannot store any other data. Session cookies are deleted when you end the use of our website and log out or close the browser.
Users will be informed of the use of cookies as part of pseudonymous reach measurement in this data protection information.
If users do not wish cookies to be stored on their computer, they are requested to deactivate the appropriate option in the system settings for their browsers. Stored cookies can be deleted in the system settings of the browser. Excluding cookies from your computer can result in restricted functioning of this online content.
You may opt out from the use of cookies that serve the purpose of reach measurement and advertising via the deactivation site of the network advertising initiative (http://optout.networkadvertising.org/) and additionally the US-based website (http://www.aboutads.info/choices) or the European-based website (http://www.youronlinechoices.com/uk/your-ad-choices/).
5. Google Analytics
On the basis of our justified interests (i.e., an interest in the analysis, optimization, and economic operation of our website as defined under Art. 6(1)(f) GDPR), we use Google Analytics, a web analysis service provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland, (Google). Google uses cookies. The information created by the cookie about the use of the website by the user is generally transferred to one of Google’s servers in the USA and is stored there.
Google is certified under the Privacy Shield framework and therefore guarantees compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
Google will use this information on our behalf to analyze the use of our online content by the users and to compile reports on activities within the online content in order to perform further services associated with the use of this online content for us. As part of this process, pseudonymous user profiles for the users can be created from the processed data.
We use Google Analytics to ensure that we only display the advertisements provided as part of the advertising services provided by Google and its partners to users who have shown an interest in our website or who display certain features (e.g., interest in certain topics or products, which is determined on the basis of the websites that are visited), which we send to Google (this is known as remarketing, or Google Analytics audiences). We use remarketing audiences to ensure that our advertisements are in line with the potential interest of the user, rather than being an irritation.
We only use Google Analytics with IP anonymization activated. This means that Google abbreviates the IP address of the user in the member states of the European Union, or in other signatory countries of the Agreement on the European Economic Area. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and then abbreviated there.
The IP address transmitted from the user’s browser is not combined with other data by Google. Users can prevent the storage of cookies by configuring their browser settings appropriately; users can also prevent the recording of the data generated by the cookie and the data collected as a result of their use of the online content to Google, as well as its processing by Google. This can be done by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de.
As an alternative to the browser plugin or in browsers on mobile devices, please click on the following link in order to set up an opt-out cookie, which prevents recording by Google Analytics on this website in future (this opt-out cookie only functions in this browser and only for this domain, delete your cookies in this browser, then click on this link again):
You can find further information on the use of data by Google, as well as options for settings and opt-out on Google’s website: https://www.google.com/intl/de/policies/privacy/partners (“How Google uses information from sites or apps that use our services”), https://policies.google.com/technologies/ads (“How Google uses cookies in advertising”), https://adssettings.google.com/authenticated (“Make the ads you see more useful to you”).
Google-Re/Marketing Services
We use the marketing and remarketing services (abbreviated to “Google Marketing Services”) of Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland, (“Google”) on the basis of our justified interests (i.e., interest in the analysis, optimization, and economic operation of our online content as defined under Art. 6(1)(f) GDPR).
Google is certified under the Privacy Shield framework and therefore guarantees compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
Google Marketing Services allow us to show advertisements for and on websites in a more targeted way, in order only to present users with advertisements that may be of interest to them. If, for example, users are shown advertisements for products that they have shown an interest in on other websites, this is known as “remarketing.” For these purposes, when our website and other websites on which Google Marketing Services are active are accessed, a code is executed by Google and (re)marketing tags (invisible graphics or codes, which are also known as "web beacons") are incorporated into the website. These are used to save an individual cookie on the user’s device, i.e., a small file (comparable technologies can also be used instead of cookies). The cookies can be created by various different domains, including google.com, doubleclick.net, invitemedia.com, admeld.com, googlesyndication.com, or googleadservices.com. This file records which websites users look at, what content they show an interest in, and which offerings they click on. The file also contains technical information about the browser and operating system, referring websites, duration of the visit, as well as other information about the use of the online content. The IP addresses of users are also recorded, although we state within Google Analytics that the IP addresses are abbreviated within the member states of the European Union or in other signatory states of the Agreement on the European Economic Area, and only in exceptional cases sent in full to a Google server in the USA and abbreviated there. The IP address is not combined with the users’ data within other offers from Google. Google can also combine the aforementioned information with information from other sources. If users then visit other websites, they can be shown advertisements tailored to their interests.
The users’ data is processed in a pseudonymous manner within Google Marketing Services. This means that Google does not process the name or email addresses of the users, but rather processes the relevant data based on cookies within pseudonymized user profiles. This means that from the point of view of Google, the information is not managed and viewed for a concrete, identified person, but rather for the cookie owner, irrespective of who this cookie owner is. This does not apply if a user has expressly given Google permission to process the data without this pseudonymization. The information collected by Google Marketing Services about the users is transmitted to Google and stored on Google’s servers in the USA.
In addition, we may use the "Google Tag Manager" in order to incorporate the Google analysis and marketing services into our website and to manage them.
Additional information on data use for marketing purposes by Google is available at https://policies.google.com/technologies/ads, the Google Data Protection Statement is available at https://policies.google.com/privacy.
If you want to opt-out of interest-based advertising by Google Marketing Services, you can make use of the settings and opt-out options provided by Google: https://adssettings.google.com/authenticated.
6. Facebook Social Plugins
We use social plugins ("plugins") provided by the social network facebook.com, operated by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland on the basis of our justified interests (i.e., interest in the analysis, optimization, and economic operation of our website as defined in Art. 6(1)(f) GDPR). The plugins can be interaction elements or contents (e.g., videos, graphics, or text contributions) and can be identified by the Facebook logo (white “f” on a blue square, the term "like,” or the thumbs up sign) or are marked with the addition of "Facebook Social Plugin.” The list and design of the Facebook Social Plugins are available at https://developers.facebook.com/docs/plugins/.
Facebook is certified under the Privacy Shield framework and therefore guarantees compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active).
If a user accesses a function of this online content that contains a plugin of this kind, its device creates a direct connection with Facebook’s servers. The content of the plugins is sent directly from Facebook to the user’s device and incorporated into the website by Facebook. In this process, user profiles may be created for users based on the processed data. We therefore have no influence on the scope of the data that Facebook records using these plugins and we therefore inform users based on the knowledge we have.
Facebook receives information that a user has accessed the corresponding page of the website by means of the incorporation of the plugins. If the user is logged in to Facebook, Facebook can allocate the visit to its Facebook account. If users interact with the plugins, for example by clicking the like button or submitting a comment, the corresponding information will be sent directly from your device to Facebook and saved there. If a user is not a member of Facebook, it is still possible for Facebook to determine and save the user’s IP address. According to Facebook, in Germany only an anonymized IP address is stored.
The purpose and scope of the recording of data and the further processing and use of the data by Facebook, as well as the rights and setting options for the protection of users’ privacy can be found in Facebook’s data protection information at: https://www.facebook.com/about/privacy/.
If users are Facebook members and do not want Facebook to collect information about them and link it to their data stored with Facebook, they need to log out of Facebook and delete the cookies. Other settings and opt-outs regarding the use of data for advertising purposes are possible within Facebook’s profile settings: https://www.facebook.com/settings?tab=ads or via the US-based website http://www.aboutads.info/choices/ or via the EU-based website http://www.youronlinechoices.com/. The settings are implemented irrespective of the platform, i.e., they are applied to all devices, from desktop computer to mobile devices.
7. Cloudflare - Content Delivery Network
On the basis of our legitimate interests (i.e. interests in the optimization of the performance, to secure this website and to optimize loading times and security of our online offer and recognition of the language settings of the user within the meaning of Article 6 Para. 1 letter F GDPR), we use the Cloudflare CDN service from Cloudflare, Inc. ("Cloudflare"). In this connection, personal data may be transmitted to Cloudflare by the browser you are using, but this data will be deleted once the purpose has been achieved.
Cloudflare uses cookies. The information generated by the cookie about the use of the online offer by users is usually transmitted to a Cloudflare server in the USA and stored there.
Cloudflare is certified under the Privacy Shield Convention and offers a guarantee through this that it will comply with the European Data Protection Law (https://www.privacyshield.gov/participant?id=a2zt0000000GnZKAA0&status=Active).
You can find further information about data use by Cloudflare, setting and objection options on Cloudflare's website: https://www.cloudflare.com/privacypolicy/
8. Newsletters
Below, we inform you about content of our newsletters, as well as the processes for registration, distribution, and statistical evaluation, as well as your right to opt out. By subscribing to our newsletter, you state that you agree to receive it and to the processes described.
Content of the newsletters: we send newsletters, emails, and other electronic notifications with promotional information (hereinafter: “Newsletter”) only with the consent of the recipient or with legal permission. If the content of a registration to receive a newsletter is outlined in concrete terms within the registration, that content will be decisive with regard to the consent of the user. In addition, our newsletters contain information about our events, offers, campaigns, and our company.
Double opt-in and logging: registering to receive our newsletter takes place in a “double opt-in procedure,” i.e., after registration you will receive an email in which you will be asked to confirm your registration. This confirmation is necessary so that no one can register with someone else’s email address. A log is kept of registrations for the Newsletter in order to be able to prove that the registration process took place in accordance with the legal requirements. This includes the saving of the time of registration and confirmation, as well as the IP address. A record will be kept of changes in your data and stored by the distribution provider.
Distribution provider: the newsletters are generally distributed by a distribution provider, CleverReach GmbH & Co. KG, Mühlenstr. 43, 26180 Rastede, Germany, hereinafter referred to as the “Distribution Provider.” The distribution provider’s Privacy Policy is available at https://www.cleverreach.com/en/privacy-policy/.
In addition, the distribution provider may use these data in a pseudonymized form based on its own information, i.e., without allocation to a user, in order to optimize or improve its own services, e.g., for technical optimization of the distribution and the presentation of the newsletter or for statistical purposes in order to determine which country the recipients come from. The distribution provider will not, however, use the data of our newsletter recipients to write to them itself, nor will it pass on the data to third parties.
Registration data: to register for the Newsletter, it is sufficient to enter your email address. As an option, please enter a name so that we can address you personally in the Newsletter.
Performance measurement: the newsletters contain a “web beacon,” i.e., a pixel-sized file that is accessed by the server of the distribution provider when the Newsletter is opened. During this access, initially technical information, such as information about the browser and your system, as well as your IP address and the time of access, will be collected. This information will be used for the technical improvement of the services based on the technical data or the target groups and their reading behavior based on the locations of access (which can be determined with the aid of the IP address) or the access times. The statistical records will also include the determination of whether the Newsletters are opened, when they are opened, and what links are clicked on. For technical reasons, it is possible to allocate this information to the individual Newsletter recipients. It is, however, not our aim, or that of the Distribution Provider, to monitor individual users. Rather, the analysis serves the purpose of recognizing the reading habits of our users and adjusting our content to suit them or to send different information in line with the interests of our users.
Germany: the distribution of the Newsletter and performance measurement take place on the basis of consent from the recipient in accordance with Art. 6 6(1)(a), Art. 7 in conjunction with Section 7(2)(3) German Act Against Unfair Competition or on the basis of legal permission in accordance with Section 7(3) Act Against Unfair Competition.
The recording of the registration procedure is performed on the basis of our justified interests in accordance with Art. 6(1)(f) GDPR and serves as proof of consent to receipt of the newsletter.
Termination/cancellation: you can terminate your agreement to receipt of our newsletter at any time, i.e., revoke your consent. You will find a link to the termination option for the newsletter at the end of each newsletter. If the user has only registered for the newsletter, his/her personal data will be erased.
9. Incorporation of third-party services and content
On the basis of our justified interest (i.e., an interest in the analysis, optimization, and economic operation of our website in accordance with Art. 6(1)(f) GDPR), our website offers content and services from third party providers in order to incorporate their content and services, such as videos and fonts (hereinafter referred to collectively as “Content”). The prerequisite for this is that the third-party providers of this Content have to use the IP address of the user because, without the IP address, they cannot send the Content to the browser. The IP address is therefore necessary for the provision of this Content. We make every effort only to use Content if the providers only use the IP address for the provision of the Content. Third-party suppliers can also use “pixel tags” (invisible graphics also known as "web beacons") for statistical or marketing purposes. The "pixel tags" can be used to evaluate information on the user traffic to the pages of this website. The pseudonymous information can also be stored in cookies on the user’s device and, among other things, includes technical information about the browser and operating system, referring websites, visit times, and also other information on the use of our online content. This information can also be connected with information of this kind from other sources.
The following description offers an overview of third-party providers, as well as their content, and also links to their data protection statements, which contain further details on the processing of data and opt-out options, some of which have already been mentioned:
- External fonts by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland, https://www.google.com/fonts (“Google Fonts”). The incorporation of the Google fonts is performed by means of server access at Google (generally in the USA). Data protection statement: https://policies.google.co/privacy, Opt-out: https://adssettings.google.com/authenticated.
- Maps of the “Google Maps” service by third-party provider Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland,. Data protection statement: https://www.google.com/policies/privacy/, Opt-out: https://www.google.com/settings/ads/.
- We incorporate the function for recognizing bots, e.g., when completing online forms ("ReCaptcha") of the provider Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland. Data protection statement: https://www.google.com/policies/privacy/, Opt-out: https://adssettings.google.com/authenticated.
- Videos of the “YouTube” service by third-party provider Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland. Data protection statement: https://policies.google.com/privacy, Opt-out: https://adssettings.google.com/authenticated .
- Our website includes Google+ services. These functions are provided by third-party provider Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland. If you are logged into your Google+ account, you can link your Google+ profile to the content of our pages by clicking the Google+ button. This means that Google can allocate the visit to our pages to your user account. Please note that, as the provider of the pages, we have no knowledge of the content of the data transmitted or how the data are used by Google+. Data protection statement: https://policies.google.com/privacy , Opt-out: https://adssettings.google.com/authenticated.
- As part of our online offering, we use the marketing functions (“LinkedIn Insight Tag”) of the LinkedIn network. The provider is LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA. Each time one of our pages containing LinkedIn functions is accessed, a connection is made with LinkedIn’s servers. LinkedIn is informed that you have visited our website with your IP address. We can use the LinkedIn Insight Tag in particular to analyze the success of our campaigns in LinkedIn or determine target groups for these on the basis of the interaction of the users with our website. If you are registered with LinkedIn, LinkedIn is able to allocate your interactions with our website to your user account. Also, if you click on the LinkedIn “recommend button” and are logged in to your LinkedIn account, it is possible for LinkedIn to allocate your visit to our website to you and to your user account. LinkedIn is certified under the Privacy Shield framework and therefore guarantees compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000L0UZAA0&status=Active). Data protection statement: https://www.linkedin.com/legal/privacy-policy, Opt-out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
- The functions of the Twitter service or platform may be incorporated into our website (hereinafter referred to as “Twitter”). Twitter is offered by Twitter, Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. The functions include the presentation of our contributions in Twitter within our website, links to our profile at Twitter, and the option of interacting with contributions and functions of Twitter, as well as measuring whether users access our online content via our advertisements on Twitter (“conversion measurement”). Twitter is certified under the Privacy Shield agreement and therefore guarantees compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000TORzAAO&status=Active) Data protection statement: https://twitter.com/de/privacy, Opt-out: https://twitter.com/personalization.
- We use functions of the XING network. The provider is XING AG, Dammtorstrasse 29-32, 20354 Hamburg, Germany. Each time our web pages containing the Xing functions are accessed, a connection is made to the Xing servers. As far as we are aware, personal data are not saved in this process. In particular, no IP addresses are saved and the usage behavior is not analyzed. Privacy Policy: https://www.xing.com/app/share?op=data_protection.
- External code of the JavaScript framework “jQuery,” provided by third-party provider jQuery Foundation, https://jquery.org.
- We use functions of the URL service bitly. The provider is bitly, Inc. 139 5th Avenue, 5th Floor, New York, NY 10010, USA. Data protection statement: https://bitly.com/pages/privacy.
- We use the event organization tools provided by Altares. The provider is altares GmbH & Co. KG, Wiesenstrasse 21a, 40549 Düsseldorf, Germany. The invitation and participant management for our events is performed partially online using Altares’s software and servers. There is no explicit commissioning for the processing of data but the possibility of personal data being accessed during testing and maintenance cannot be ruled out. Data protection statement: https://www.altares.de/index.php/datenschutzhinweis.
Data Protection Information last updated: April 26, 2019
Version: February 12, 2019
(Last updated February 12, 2019)
Part 1
INFORMATION ON DATA PROTECTION RELATED TO OUR PROCESSING UNDER ARTICLES 13, 14 AND 21 GENERAL DATA PROTECTION REGULA-TION (GDPR)
We take data protection very seriously and inform you herein how we process your data and what claims and rights you are entitled to under data protection regulations.
1. Data Controller and contact details
Data Controller:
Heuking Kühn Lüer Wojtek PartGmbB
Georg-Glock-Strasse 4
D-40474 Düsseldorf, Germany
Contact details of our Data Protection Officer (also Data Protection Officer of all notaries working in the law firm):
Heuking Kühn Lüer Wojtek PartGmbB
Data Protection Officer Mr. Harald Eul
(HEC Harald Eul Consulting GmbH)
Georg-Glock-Strasse 4
D-40474 Düsseldorf, Germany
Email: dsb@heuking.de
2. Purposes and legal basis upon which we process your data
We process personal data in accordance with the stipulations of the General Data Protection Regula-tion (GDPR), the German Federal Data Protection Act (Bundesdatenschutzgesetz - BDSG), and other applicable data protection provisions (details are provided below). The details on which data are processed and how they are used largely depend on the services requested or agreed in each case. If you retain our law firm, we will collect the following information in particular:
- contact person (title, first name, last name),
- email address(es),
- street address,
- phone number (landline and/or mobile),
- user data (websites accessed, interest in contents, access times)
- meta/communication data (e.g., device information, IP addresses)
- information necessary for asserting and defending your rights as part of retaining our law firm.
Further details or additions to the purposes of data processing can be found in the respective contract documents, in forms, in a declaration of consent and/or other information provided to you (e.g., in the context of the use of our website or in our terms and conditions).
This Data Protection Information may be updated from time to time and is available on our website https://www.heuking.de/en/data-protection-provisions.html.
2.1 Purposes necessary for performance of a contract or precontractual measures (Art. 6(1)(b) GDPR)
The processing of personal data is performed at your request for the performance of our contracts with you and for the performance of your orders, as well as for the performance of measures and activities within the scope of precontractual relationships, e.g., with interested parties. The collection of these data is performed mainly
- in order to be able to identify you as a client,
- in order to be able to provide you with legal advice and represent you in an appropriate manner,
- for correspondence with you,
- for accounting purposes,
- for processing of any liability claims that exist, as well as the assertion of any claims against you,
- for measures for the control and optimization of business processes,
- for the traceability of transactions, orders, and other agreements,
- to guarantee IT security (including system or plausibility tests),
- for emergency management,
- to fulfill the general duties of care,
- to safeguard and enforce domestic authority (e.g., by means of access controls),
- for cost recording and controlling, as well as for reporting.
2.2 Purposes within the framework of your consent (Art. 6(1)(a) GDPR)
Your personal data may also be processed for certain purposes (e.g., use of company communication systems for private purposes; photographs/videos of you for publication in the Intranet/Internet) includ-ing as a result of your consent. As a rule, you may revoke this consent at any time. This also applies to the revoking of declarations of consent that were issued to us before the GDPR went into effect, i.e., prior to May 25, 2018. You will be informed sepa-rately about the consequences of revocation or refusal to provide consent in the respective text of the consent.
Generally, revocation of consent only applies to the future. Processing carried out prior to consent be-ing issued is not affected and remains lawful.
2.3 Purposes within the framework of a legitimate interest on our part or of third parties (Art. 6(1)(f) GDPR)
Beyond the actual fulfilment of the (pre-)agreement, we process your data whenever this is necessary to protect legitimate interests of our own or of third parties, in particular for the following purposes:
- advertising or market and opinion research, unless you have objected to the use of your data;
- sending newsletters with information on current legal topics and events organized by the law firm;
- obtaining information and exchanging data with credit agencies where this goes beyond our economic risk;
- the checking and optimization of processes for requirements analysis;
- the further development of services and products as well as existing systems and processes;
- the disclosure of personal data within the framework of due diligence in the course of company sale negotiations;
- for comparison with European and international anti-terror lists, insofar as this goes beyond the legal obligations;
- the enrichment of our data, e.g., by using or researching publicly accessible data;
- statistical evaluations or market analysis;
- benchmarking;
- the assertion of legal claims and defense in legal disputes which are not directly attributable to the contractual relationship;
- the restricted processing of data, if erasure is not possible or only possible with disproportionately high effort due to the particular type of storage;
- the development of scoring systems or automated decision-making processes;
- the prevention and investigation of criminal offences, if not exclusively for the fulfilment of legal requirements;
- building and plant security (e.g., by means of access control and video surveillance), insofar as this goes beyond the general duties of care;
- internal and external investigations, safety reviews;
- any monitoring or recording of telephone conversations for quality control and training purposes;
- obtaining and maintenance of certifications of a private-law or official government nature;
- the safeguarding and exercise of domestic authority by means of appropriate measures as well as video surveillance for the protection of our customers and employees as well as for securing evidence in the event of criminal offences and their prevention.
2.4 Purposes necessary for compliance with a legal obligation (Art. 6(1)(c) GDPR) or for the performance of a task carried out in the public interest (Art. 6(1)(e) GDPR)
Like all players in business life, we are also subject to a large number of legal obligations. These are primarily statutory requirements (e.g., commercial and tax laws), but also if applicable supervisory law or other requirements set out by government authorities. The purposes of processing may also include identity and age checks, prevention of fraud and money laundering (e.g., comparisons with European and international anti-terror lists), compliance with control and notification obligations under tax law as well as the archiving of data for the purposes of data protection and data security as well as for purposes of audits by tax advisors/auditors, fiscal and other government authorities. In addition, it may be necessary to disclose personal data within the framework of official government/court measures for the purposes of collecting evidence, law enforcement and criminal prosecution or the satisfaction of civil law claims.
3. The categories of data that we process if we do not receive data directly from you, and their origin
If necessary for the contractual relationship with you and the activities performed by you, we may process data which we lawfully receive from other offices or other third parties (e.g., credit agencies, publishers of address databases, journalist databases). In addition, we process personal data that we have lawfully collected, received or acquired from publicly accessible sources (such as commercial registers and association registers, civil registers, the press, Internet and other media) if such is necessary and we are allowed to process these data in accordance with statutory provisions.
Relevant personal data categories may be, in particular:
- personal data (name, date of birth, place of birth, nationality, marital status, occupation/trade and comparable data),
- contact data (address, e-mail address, telephone number and similar data)
- address data (population register data and comparable data)
- payment confirmation/confirmation of cover for bank and credit cards
- information about your financial situation (creditworthiness data including scoring, i.e., data for assessing the economic risk)
- customer history
- data on your use of the telemedia offered by us (e.g., time of access to our websites, apps or newsletters, clicked pages/links of us or entries and comparable data)
- metadata/communication data (e.g., device information, IP addresses),
- video data
4. Recipients or categories of recipients of your data
Your personal data will only be transferred to third parties if
- you have given us consent to transmit data to third parties,
- this is necessary in accordance with Art. 6(1)(b) GDPR for the processing of client relationships with you (this includes in particular passing it on to the opposing party in proceedings and their representatives, in particular their attorneys, as well as courts and other public authorities for the purposes of correspondence, marketing measures, as well as for the asserting and defending of their rights),
- for purposes where we are obligated or entitled to give information, notification or to forward data,
- to the extent that external service providers commissioned by us process data as order processors or parties that assume certain functions (e.g., external data centers, support and maintenance of IT applications, archiving, document processing, call center services, compliance services, controlling, data screening for anti-money laundering purposes, data validation and data protection. plausibility check, data destruction, purchasing/procurement, customer administration, letter shops, marketing, media technology, research, risk controlling, billing, telephony, website management, auditing services, banks, printing plants or companies for data disposal, courier services, logistics, press relations work).
We will moreover refrain from transmitting your data to third parties if we have not informed you of such separately. If we commission service providers within the framework of processing an order, your data will be subject there to the security standards stipulated by us in order to adequately protect your data. In all other cases, recipients may only use the data for purposes for which the data have been sent to them.
Attorney-client privilege will remain unaffected. With regard to data that are subject to attorney-client privilege, the information will only be passed on with your agreement.
Within our firm, the internal departments and organizational units who need your data in order to fulfill our contractual and legal obligations, or within the framework of processing and implementation of our justified interest, will receive your data.
5. Duration of data storage
We process and store your data for the duration of our business relationship. This also includes the initiation of a contract (precontractual legal relationship) and the execution of a contract.
The personal data that we record for the clients will be stored until the end of the legal storage period for lawyers (6 years after the end of the calendar year in which you ceased being a client) and erased, unless we are obligated to store the data for longer in accordance with Art. 6(1)(c) GDPR as a result of storage and documentation obligations under tax and commercial law (under the German Commercial Code, Penal Code, or Tax Code), or if you have given your consent to longer storage in accordance with Art. 6(1)(a) GDPR.
Furthermore, special statutory provisions may require longer retention such as the preservation of evidence in connection with statutory time-barring provisions (statute of limitations). Under Sections 195 et seq. German Civil Code (BGB), the regular time-barring period is three years, but time-barring periods of up to 30 years may also be applicable.
If the data are no longer required to meet contractual or statutory obligations and rights, data will be routinely erased unless its further processing - for a limited period - is necessary to fulfil the purposes listed under item no. 2.2 due to an overriding legitimate interest. Such an overriding legitimate interest is deemed to be the case, for example, if it is not possible to erase the data as a result of the particular type of storage, if such is only possible at a disproportionately great expense, and processing for other purposes is excluded by appropriate technical and organizational measures.
6. Processing of your data in a third country or through an international organization
Data are transmitted to offices in countries outside the European Economic Area EU/EEA (third countries) whenever such is necessary to meet a contractual obligation towards you (e.g., if you are posted to another country), if such is required by law (e.g., notification obligations under tax law), if such is in the legitimate interest of us or a third party, or you have issued us with your consent to such.
At the same time, your data may be processed in a third country, including in connection with the involvement of service providers within the framework of the processing of the order. If no decision has been issued by the EU Commission regarding the presence of an appropriate level of data protection for the respective country, we warrant that your rights and freedoms will be reasonably protected and guarantied in accordance with EU data protection requirements through contractual agreements to this effect. We will provide you with detailed information on request.
You can request information on the suitable or appropriate guarantees and on the possibility of receiving a copy of these from the company data protection officer or the human resources department responsible for you.
7. Your data protection rights / rights of data subjects
If certain conditions are met, you can assert the following data protection rights against us:
7.1 Under Art. 7(3) GDPR, you may revoke the consent that you have issued to us at any time. The result of this is that we may no longer perform the data processing covered by this consent in future.
7.2 Under Art. 15 GDPR, you have the right to obtain information on your personal data processed by us (where applicable, with limitations in accordance with Section 34 Federal Data Protection Act).
7.3 Upon request, we will rectify or complete data stored on you in accordance with Art. 16 GDPR if such data are inaccurate or incorrect.
7.4 Upon your request, we will erase your data in accordance with the principles of Art. 17 GDPR, unless we are prohibited from doing so by other statutory provisions (e.g., statutory retention obligations or the restrictions laid down in Section 35 Federal Data Protection Act) or an overriding interest on our part (for example, to defend our rights and claims).
7.5 Taking into account the preconditions laid down in Art. 18 GDPR, you may request us to restrict the processing of your data.
7.6 In accordance with the provisions of Art. 20 GDPR, you also have the right to receive the personal data concerning you in a structured, commonly used and machine-readable format or to transmit such data to a third party.
7.7 Furthermore, you may file an objection to the processing of your data in accordance with Art. 21 GDPR, as a result of which we are obliged to stop processing your data. This right of objection only applies, however, if very special circumstances characterize your personal situation, whereby the rights of our firm may stand in the way of your right of objection.
7.8 You also have the right to revoke consent, issued to us to process personal data, at any time with effect for the future.
7.9 In addition, you have the right to complain to a data protection supervisory authority (Art. 77 GDPR). We recommend, however, that complaints should always initially be sent to our Data Protection Officer.
Your applications regarding the exercising of your rights should, if possible, be addressed in writing to the abovementioned address or directly to our Data Protection Officer.
8. Scope of your obligation to provide us with your data
You only need to provide data that are necessary for the commencement and performance of the business relationship, for a precontractual relationship with us, or if we are obliged to collect the data by law. Without these data, we are generally not able to conclude the agreement or continue to perform it. This may also relate to data that are required later within the framework of the contractual relationship. If we request data from you above and beyond this, you will be informed about the voluntary nature of the information separately.
Information on your right of objection under Art. 21 GDPR
1. You have the right to file an objection at any time against processing of your data carried out on the basis of Art. 6(1)(f) GDPR (data processing on the basis of a weighing-up of interests) or Art. 6(1)(e) GDPR (data processing in the public interest). The precondition for this is, however, that there are grounds for your objection emanating from your special personal situation. This also applies to profiling based on this provision within the meaning of Art. 4(4) GDPR.
If you file an objection, we will no longer process your personal data unless we can demonstrate compelling reasons warranting protection for the processing that outweigh your interests, rights and freedoms, or the processing serves the purpose of asserting, exercising or defending legal claims.
2. We also process your personal data in order to perform direct advertising. If you do not want to receive any advertising, you have the right to file an objection against this at any time. This also applies to the profiling to the extent that it is connected with such direct advertising. We will respect this objection with effect for the future.
We will no longer process your data for the purpose of direct advertising if you object to processing for this purpose.
The objection may be filed without adhering to any formal requirements and should be sent to
Heuking Kühn Lüer Wojtek PartGmbB
Data Protection Officer Herr Harald Eul
(HEC Harald Eul Consulting GmbH)
Georg-Glock-Strasse 4
D-40474 Düsseldorf, Germany
Email: dsb@heuking.de
Our Privacy Policy and the information on data protection related to our data processing in accordance with Articles 13, 14 and 21 GDPR may change from time to time. All changes will be published on this site. Older versions can be viewed in an archive.
Data Protection Information last updated: February 12, 2019
Part 2
SUPPLEMENTARY DATA PROTECTION STATEMENT FOR OUR WEBSITE
Thank you very much for your interest in our online presence. The protection of your personal data is very important to us. We would like to inform you of the use of cookies, analysis tools, and the possible effects on personal data on our website.
1. Cookies and opt-out right in direct advertising
We use temporary and permanent cookies, i.e., small files that are stored on the devices of users (for clarification of the term and the function, see the last section of this data protection information). The cookies serve the purpose of security and are necessary for the operation of our website (e.g., for the presentation of the website) or to save the user’s decision when confirming the cookie banner. In addition, either we or our technology partner use cookies for reach measurement and marketing purposes, of which our users are informed in the Data Protection Statement.
You may generally opt out of the use of the cookies, used for the purposes of online marketing, for many services, above all with respect to tracking, via the US-based website http://www.aboutads.info/choices/ or via the EU-based website www.youronlinechoices.com. In addition, the storage of cookies may be achieved by deactivating them in the browser settings. Please note that it may not be possible to use all of the functions of this website in this case.
2. Recording of access data and log files
We record data on each access to our server on which the service is located (server log files) on the basis of our justified interest in accordance with Art. 6(1)(f) GDPR. The access data include the name of the website accessed, file, date, and time of the access, quantity of data transferred, reporting of successful access, browser type and version, the user’s operating system, referrer URL (the page visited previously), IP address, and the enquiring provider.
Log file information will be stored for security reasons (e.g., to clarify misuse or fraud actions) for a maximum period of seven days and then erased. Data that have to be stored for the purposes of evidence are excluded from erasure until the final clarification of the matter in question.
3. Online presence in social media
We maintain an online presence within social networks and platforms in order to communicate with the clients, interested parties, and users who are active there and to be able to inform them there about our services. When accessing the relevant networks and platforms, the terms and conditions of business and the data processing guidelines of their operators apply.
Unless otherwise stated in our Data Protection Statement, we process user data if they communicate with us within the social networks and platforms, e.g., contributions to our online presence or sending messages.
4. Cookies & reach measurement
Cookies are information transferred from our web server or third-party web servers to the web browser of the users and are stored there to be accessed later. Cookies may be small files or other kinds of information storage.
We use session cookies that are only stored for the duration of the current visit to our website (e.g., in order to enable the storage of your login status or the shopping cart function and therefore actually make it possible for you to use our website at all). A randomly generated clear identification number will be stored in a session cookie. This is known as a session ID. In addition, a cookie contains information on its origin and the duration of storage. These cookies cannot store any other data. Session cookies are deleted when you end the use of our website and log out or close the browser.
Users will be informed of the use of cookies as part of pseudonymous reach measurement in this data protection information.
If users do not wish cookies to be stored on their computer, they are requested to deactivate the appropriate option in the system settings for their browsers. Stored cookies can be deleted in the system settings of the browser. Excluding cookies from your computer can result in restricted functioning of this online content.
You may opt out from the use of cookies that serve the purpose of reach measurement and advertising via the deactivation site of the network advertising initiative (http://optout.networkadvertising.org/) and additionally the US-based website (http://www.aboutads.info/choices) or the European-based website (http://www.youronlinechoices.com/uk/your-ad-choices/).
5. Google Analytics
On the basis of our justified interests (i.e., an interest in the analysis, optimization, and economic operation of our website as defined under Art. 6(1)(f) GDPR), we use Google Analytics, a web analysis service provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland, (Google). Google uses cookies. The information created by the cookie about the use of the website by the user is generally transferred to one of Google’s servers in the USA and is stored there.
Google is certified under the Privacy Shield framework and therefore guarantees compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
Google will use this information on our behalf to analyze the use of our online content by the users and to compile reports on activities within the online content in order to perform further services associated with the use of this online content for us. As part of this process, pseudonymous user profiles for the users can be created from the processed data.
We use Google Analytics to ensure that we only display the advertisements provided as part of the advertising services provided by Google and its partners to users who have shown an interest in our website or who display certain features (e.g., interest in certain topics or products, which is determined on the basis of the websites that are visited), which we send to Google (this is known as remarketing, or Google Analytics audiences). We use remarketing audiences to ensure that our advertisements are in line with the potential interest of the user, rather than being an irritation.
We only use Google Analytics with IP anonymization activated. This means that Google abbreviates the IP address of the user in the member states of the European Union, or in other signatory countries of the Agreement on the European Economic Area. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and then abbreviated there.
The IP address transmitted from the user’s browser is not combined with other data by Google. Users can prevent the storage of cookies by configuring their browser settings appropriately; users can also prevent the recording of the data generated by the cookie and the data collected as a result of their use of the online content to Google, as well as its processing by Google. This can be done by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de.
As an alternative to the browser plugin or in browsers on mobile devices, please click on the following link in order to set up an opt-out cookie, which prevents recording by Google Analytics on this website in future (this opt-out cookie only functions in this browser and only for this domain, delete your cookies in this browser, then click on this link again):
You can find further information on the use of data by Google, as well as options for settings and opt-out on Google’s website: https://www.google.com/intl/de/policies/privacy/partners (“How Google uses information from sites or apps that use our services”), https://policies.google.com/technologies/ads (“How Google uses cookies in advertising”), https://adssettings.google.com/authenticated (“Make the ads you see more useful to you”).
Google-Re/Marketing Services
We use the marketing and remarketing services (abbreviated to “Google Marketing Services”) of Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland, (“Google”) on the basis of our justified interests (i.e., interest in the analysis, optimization, and economic operation of our online content as defined under Art. 6(1)(f) GDPR).
Google is certified under the Privacy Shield framework and therefore guarantees compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
Google Marketing Services allow us to show advertisements for and on websites in a more targeted way, in order only to present users with advertisements that may be of interest to them. If, for example, users are shown advertisements for products that they have shown an interest in on other websites, this is known as “remarketing.” For these purposes, when our website and other websites on which Google Marketing Services are active are accessed, a code is executed by Google and (re)marketing tags (invisible graphics or codes, which are also known as "web beacons") are incorporated into the website. These are used to save an individual cookie on the user’s device, i.e., a small file (comparable technologies can also be used instead of cookies). The cookies can be created by various different domains, including google.com, doubleclick.net, invitemedia.com, admeld.com, googlesyndication.com, or googleadservices.com. This file records which websites users look at, what content they show an interest in, and which offerings they click on. The file also contains technical information about the browser and operating system, referring websites, duration of the visit, as well as other information about the use of the online content. The IP addresses of users are also recorded, although we state within Google Analytics that the IP addresses are abbreviated within the member states of the European Union or in other signatory states of the Agreement on the European Economic Area, and only in exceptional cases sent in full to a Google server in the USA and abbreviated there. The IP address is not combined with the users’ data within other offers from Google. Google can also combine the aforementioned information with information from other sources. If users then visit other websites, they can be shown advertisements tailored to their interests.
The users’ data is processed in a pseudonymous manner within Google Marketing Services. This means that Google does not process the name or email addresses of the users, but rather processes the relevant data based on cookies within pseudonymized user profiles. This means that from the point of view of Google, the information is not managed and viewed for a concrete, identified person, but rather for the cookie owner, irrespective of who this cookie owner is. This does not apply if a user has expressly given Google permission to process the data without this pseudonymization. The information collected by Google Marketing Services about the users is transmitted to Google and stored on Google’s servers in the USA.
In addition, we may use the "Google Tag Manager" in order to incorporate the Google analysis and marketing services into our website and to manage them.
Additional information on data use for marketing purposes by Google is available at https://policies.google.com/technologies/ads, the Google Data Protection Statement is available at https://policies.google.com/privacy.
If you want to opt-out of interest-based advertising by Google Marketing Services, you can make use of the settings and opt-out options provided by Google: https://adssettings.google.com/authenticated.
6. Facebook Social Plugins
We use social plugins ("plugins") provided by the social network facebook.com, operated by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland on the basis of our justified interests (i.e., interest in the analysis, optimization, and economic operation of our website as defined in Art. 6(1)(f) GDPR). The plugins can be interaction elements or contents (e.g., videos, graphics, or text contributions) and can be identified by the Facebook logo (white “f” on a blue square, the term "like,” or the thumbs up sign) or are marked with the addition of "Facebook Social Plugin.” The list and design of the Facebook Social Plugins are available at https://developers.facebook.com/docs/plugins/.
Facebook is certified under the Privacy Shield framework and therefore guarantees compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active).
If a user accesses a function of this online content that contains a plugin of this kind, its device creates a direct connection with Facebook’s servers. The content of the plugins is sent directly from Facebook to the user’s device and incorporated into the website by Facebook. In this process, user profiles may be created for users based on the processed data. We therefore have no influence on the scope of the data that Facebook records using these plugins and we therefore inform users based on the knowledge we have.
Facebook receives information that a user has accessed the corresponding page of the website by means of the incorporation of the plugins. If the user is logged in to Facebook, Facebook can allocate the visit to its Facebook account. If users interact with the plugins, for example by clicking the like button or submitting a comment, the corresponding information will be sent directly from your device to Facebook and saved there. If a user is not a member of Facebook, it is still possible for Facebook to determine and save the user’s IP address. According to Facebook, in Germany only an anonymized IP address is stored.
The purpose and scope of the recording of data and the further processing and use of the data by Facebook, as well as the rights and setting options for the protection of users’ privacy can be found in Facebook’s data protection information at: https://www.facebook.com/about/privacy/.
If users are Facebook members and do not want Facebook to collect information about them and link it to their data stored with Facebook, they need to log out of Facebook and delete the cookies. Other settings and opt-outs regarding the use of data for advertising purposes are possible within Facebook’s profile settings: https://www.facebook.com/settings?tab=ads or via the US-based website http://www.aboutads.info/choices/ or via the EU-based website http://www.youronlinechoices.com/. The settings are implemented irrespective of the platform, i.e., they are applied to all devices, from desktop computer to mobile devices.
7. Newsletters
Below, we inform you about content of our newsletters, as well as the processes for registration, distribution, and statistical evaluation, as well as your right to opt out. By subscribing to our newsletter, you state that you agree to receive it and to the processes described.
Content of the newsletters: we send newsletters, emails, and other electronic notifications with promotional information (hereinafter: “Newsletter”) only with the consent of the recipient or with legal permission. If the content of a registration to receive a newsletter is outlined in concrete terms within the registration, that content will be decisive with regard to the consent of the user. In addition, our newsletters contain information about our events, offers, campaigns, and our company.
Double opt-in and logging: registering to receive our newsletter takes place in a “double opt-in procedure,” i.e., after registration you will receive an email in which you will be asked to confirm your registration. This confirmation is necessary so that no one can register with someone else’s email address. A log is kept of registrations for the Newsletter in order to be able to prove that the registration process took place in accordance with the legal requirements. This includes the saving of the time of registration and confirmation, as well as the IP address. A record will be kept of changes in your data and stored by the distribution provider.
Distribution provider: the newsletters are generally distributed by a distribution provider, CleverReach GmbH & Co. KG, Mühlenstr. 43, 26180 Rastede, Germany, hereinafter referred to as the “Distribution Provider.” The distribution provider’s Privacy Policy is available at https://www.cleverreach.com/en/privacy-policy/.
In addition, the distribution provider may use these data in a pseudonymized form based on its own information, i.e., without allocation to a user, in order to optimize or improve its own services, e.g., for technical optimization of the distribution and the presentation of the newsletter or for statistical purposes in order to determine which country the recipients come from. The distribution provider will not, however, use the data of our newsletter recipients to write to them itself, nor will it pass on the data to third parties.
Registration data: to register for the Newsletter, it is sufficient to enter your email address. As an option, please enter a name so that we can address you personally in the Newsletter.
Performance measurement: the newsletters contain a “web beacon,” i.e., a pixel-sized file that is accessed by the server of the distribution provider when the Newsletter is opened. During this access, initially technical information, such as information about the browser and your system, as well as your IP address and the time of access, will be collected. This information will be used for the technical improvement of the services based on the technical data or the target groups and their reading behavior based on the locations of access (which can be determined with the aid of the IP address) or the access times. The statistical records will also include the determination of whether the Newsletters are opened, when they are opened, and what links are clicked on. For technical reasons, it is possible to allocate this information to the individual Newsletter recipients. It is, however, not our aim, or that of the Distribution Provider, to monitor individual users. Rather, the analysis serves the purpose of recognizing the reading habits of our users and adjusting our content to suit them or to send different information in line with the interests of our users.
Germany: the distribution of the Newsletter and performance measurement take place on the basis of consent from the recipient in accordance with Art. 6 6(1)(a), Art. 7 in conjunction with Section 7(2)(3) German Act Against Unfair Competition or on the basis of legal permission in accordance with Section 7(3) Act Against Unfair Competition.
The recording of the registration procedure is performed on the basis of our justified interests in accordance with Art. 6(1)(f) GDPR and serves as proof of consent to receipt of the newsletter.
Termination/cancellation: you can terminate your agreement to receipt of our newsletter at any time, i.e., revoke your consent. You will find a link to the termination option for the newsletter at the end of each newsletter. If the user has only registered for the newsletter, his/her personal data will be erased.
8. Incorporation of third-party services and content
On the basis of our justified interest (i.e., an interest in the analysis, optimization, and economic operation of our website in accordance with Art. 6(1)(f) GDPR), our website offers content and services from third party providers in order to incorporate their content and services, such as videos and fonts (hereinafter referred to collectively as “Content”). The prerequisite for this is that the third-party providers of this Content have to use the IP address of the user because, without the IP address, they cannot send the Content to the browser. The IP address is therefore necessary for the provision of this Content. We make every effort only to use Content if the providers only use the IP address for the provision of the Content. Third-party suppliers can also use “pixel tags” (invisible graphics also known as "web beacons") for statistical or marketing purposes. The "pixel tags" can be used to evaluate information on the user traffic to the pages of this website. The pseudonymous information can also be stored in cookies on the user’s device and, among other things, includes technical information about the browser and operating system, referring websites, visit times, and also other information on the use of our online content. This information can also be connected with information of this kind from other sources.
The following description offers an overview of third-party providers, as well as their content, and also links to their data protection statements, which contain further details on the processing of data and opt-out options, some of which have already been mentioned:
- External fonts by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland, https://www.google.com/fonts (“Google Fonts”). The incorporation of the Google fonts is performed by means of server access at Google (generally in the USA). Data protection statement: https://policies.google.co/privacy, Opt-out: https://adssettings.google.com/authenticated.
- Maps of the “Google Maps” service by third-party provider Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland,. Data protection statement: https://www.google.com/policies/privacy/, Opt-out: https://www.google.com/settings/ads/.
- We incorporate the function for recognizing bots, e.g., when completing online forms ("ReCaptcha") of the provider Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland. Data protection statement: https://www.google.com/policies/privacy/, Opt-out: https://adssettings.google.com/authenticated.
- Videos of the “YouTube” service by third-party provider Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland. Data protection statement: https://policies.google.com/privacy, Opt-out: https://adssettings.google.com/authenticated .
- Our website includes Google+ services. These functions are provided by third-party provider Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland. If you are logged into your Google+ account, you can link your Google+ profile to the content of our pages by clicking the Google+ button. This means that Google can allocate the visit to our pages to your user account. Please note that, as the provider of the pages, we have no knowledge of the content of the data transmitted or how the data are used by Google+. Data protection statement: https://policies.google.com/privacy , Opt-out: https://adssettings.google.com/authenticated.
- As part of our online offering, we use the marketing functions (“LinkedIn Insight Tag”) of the LinkedIn network. The provider is LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA. Each time one of our pages containing LinkedIn functions is accessed, a connection is made with LinkedIn’s servers. LinkedIn is informed that you have visited our website with your IP address. We can use the LinkedIn Insight Tag in particular to analyze the success of our campaigns in LinkedIn or determine target groups for these on the basis of the interaction of the users with our website. If you are registered with LinkedIn, LinkedIn is able to allocate your interactions with our website to your user account. Also, if you click on the LinkedIn “recommend button” and are logged in to your LinkedIn account, it is possible for LinkedIn to allocate your visit to our website to you and to your user account. LinkedIn is certified under the Privacy Shield framework and therefore guarantees compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000L0UZAA0&status=Active). Data protection statement: https://www.linkedin.com/legal/privacy-policy, Opt-out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
- The functions of the Twitter service or platform may be incorporated into our website (hereinafter referred to as “Twitter”). Twitter is offered by Twitter, Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. The functions include the presentation of our contributions in Twitter within our website, links to our profile at Twitter, and the option of interacting with contributions and functions of Twitter, as well as measuring whether users access our online content via our advertisements on Twitter (“conversion measurement”). Twitter is certified under the Privacy Shield agreement and therefore guarantees compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000TORzAAO&status=Active) Data protection statement: https://twitter.com/de/privacy, Opt-out: https://twitter.com/personalization.
- We use functions of the XING network. The provider is XING AG, Dammtorstrasse 29-32, 20354 Hamburg, Germany. Each time our web pages containing the Xing functions are accessed, a connection is made to the Xing servers. As far as we are aware, personal data are not saved in this process. In particular, no IP addresses are saved and the usage behavior is not analyzed. Privacy Policy: https://www.xing.com/app/share?op=data_protection.
- External code of the JavaScript framework “jQuery,” provided by third-party provider jQuery Foundation, https://jquery.org.
- We use functions of the URL service bitly. The provider is bitly, Inc. 139 5th Avenue, 5th Floor, New York, NY 10010, USA. Data protection statement: https://bitly.com/pages/privacy.
- We use the event organization tools provided by Altares. The provider is altares GmbH & Co. KG, Wiesenstrasse 21a, 40549 Düsseldorf, Germany. The invitation and participant management for our events is performed partially online using Altares’s software and servers. There is no explicit commissioning for the processing of data but the possibility of personal data being accessed during testing and maintenance cannot be ruled out. Data protection statement: https://www.altares.de/index.php/datenschutzhinweis.
Data Protection Information last updated: February 12, 2019
Version: May 30, 2018
(Last updated May 30, 2018)
Part 1
INFORMATION ON DATA PROTECTION RELATED TO OUR PROCESSING UNDER ARTICLES 13, 14 AND 21 GENERAL DATA PROTECTION REGULA-TION (GDPR)
We take data protection very seriously and inform you herein how we process your data and what claims and rights you are entitled to under data protection regulations.
1. Data Controller and contact details
Data Controller:
Heuking Kühn Lüer Wojtek PartGmbB
Georg-Glock-Strasse 4
D-40474 Düsseldorf, Germany
Contact details of our Data Protection Officer (also Data Protection Officer of all notaries working in the law firm):
Heuking Kühn Lüer Wojtek PartGmbB
Data Protection Officer Mr. Harald Eul
(HEC Harald Eul Consulting GmbH)
Georg-Glock-Strasse 4
D-40474 Düsseldorf, Germany
Email: dsb@heuking.de
2. Purposes and legal basis upon which we process your data
We process personal data in accordance with the stipulations of the General Data Protection Regula-tion (GDPR), the German Federal Data Protection Act (Bundesdatenschutzgesetz - BDSG), and other applicable data protection provisions (details are provided below). The details on which data are processed and how they are used largely depend on the services requested or agreed in each case. If you retain our law firm, we will collect the following information in particular:
- contact person (title, first name, last name),
- email address(es),
- street address,
- phone number (landline and/or mobile),
- user data (websites accessed, interest in contents, access times)
- meta/communication data (e.g., device information, IP addresses)
- information necessary for asserting and defending your rights as part of retaining our law firm.
Further details or additions to the purposes of data processing can be found in the respective contract documents, in forms, in a declaration of consent and/or other information provided to you (e.g., in the context of the use of our website or in our terms and conditions).
This Data Protection Information may be updated from time to time and is available on our website https://www.heuking.de/en/data-protection-provisions.html.
2.1 Purposes necessary for performance of a contract or precontractual measures (Art. 6(1)(b) GDPR)
The processing of personal data is performed at your request for the performance of our contracts with you and for the performance of your orders, as well as for the performance of measures and activities within the scope of precontractual relationships, e.g., with interested parties. The collection of these data is performed mainly
- in order to be able to identify you as a client,
- in order to be able to provide you with legal advice and represent you in an appropriate manner,
- for correspondence with you,
- for accounting purposes,
- for processing of any liability claims that exist, as well as the assertion of any claims against you,
- for measures for the control and optimization of business processes,
- for the traceability of transactions, orders, and other agreements,
- to guarantee IT security (including system or plausibility tests),
- for emergency management,
- to fulfill the general duties of care,
- to safeguard and enforce domestic authority (e.g., by means of access controls),
- for cost recording and controlling, as well as for reporting.
2.2 Purposes within the framework of your consent (Art. 6(1)(a) GDPR)
Your personal data may also be processed for certain purposes (e.g., use of company communication systems for private purposes; photographs/videos of you for publication in the Intranet/Internet) includ-ing as a result of your consent. As a rule, you may revoke this consent at any time. This also applies to the revoking of declarations of consent that were issued to us before the GDPR went into effect, i.e., prior to May 25, 2018. You will be informed sepa-rately about the consequences of revocation or refusal to provide consent in the respective text of the consent.
Generally, revocation of consent only applies to the future. Processing carried out prior to consent be-ing issued is not affected and remains lawful.
2.3 Purposes within the framework of a legitimate interest on our part or of third parties (Art. 6(1)(f) GDPR)
Beyond the actual fulfilment of the (pre-)agreement, we process your data whenever this is necessary to protect legitimate interests of our own or of third parties, in particular for the following purposes:
- advertising or market and opinion research, unless you have objected to the use of your data;
- sending newsletters with information on current legal topics and events organized by the law firm;
- obtaining information and exchanging data with credit agencies where this goes beyond our economic risk;
- the checking and optimization of processes for requirements analysis;
- the further development of services and products as well as existing systems and processes;
- the disclosure of personal data within the framework of due diligence in the course of company sale negotiations;
- for comparison with European and international anti-terror lists, insofar as this goes beyond the legal obligations;
- the enrichment of our data, e.g., by using or researching publicly accessible data;
- statistical evaluations or market analysis;
- benchmarking;
- the assertion of legal claims and defense in legal disputes which are not directly attributable to the contractual relationship;
- the restricted processing of data, if erasure is not possible or only possible with disproportionately high effort due to the particular type of storage;
- the development of scoring systems or automated decision-making processes;
- the prevention and investigation of criminal offences, if not exclusively for the fulfilment of legal requirements;
- building and plant security (e.g., by means of access control and video surveillance), insofar as this goes beyond the general duties of care;
- internal and external investigations, safety reviews;
- any monitoring or recording of telephone conversations for quality control and training purposes;
- obtaining and maintenance of certifications of a private-law or official government nature;
- the safeguarding and exercise of domestic authority by means of appropriate measures as well as video surveillance for the protection of our customers and employees as well as for securing evidence in the event of criminal offences and their prevention.
2.4 Purposes necessary for compliance with a legal obligation (Art. 6(1)(c) GDPR) or for the performance of a task carried out in the public interest (Art. 6(1)(e) GDPR)
Like all players in business life, we are also subject to a large number of legal obligations. These are primarily statutory requirements (e.g., commercial and tax laws), but also if applicable supervisory law or other requirements set out by government authorities. The purposes of processing may also include identity and age checks, prevention of fraud and money laundering (e.g., comparisons with European and international anti-terror lists), compliance with control and notification obligations under tax law as well as the archiving of data for the purposes of data protection and data security as well as for purposes of audits by tax advisors/auditors, fiscal and other government authorities. In addition, it may be necessary to disclose personal data within the framework of official government/court measures for the purposes of collecting evidence, law enforcement and criminal prosecution or the satisfaction of civil law claims.
3. The categories of data that we process if we do not receive data directly from you, and their origin
If necessary for the contractual relationship with you and the activities performed by you, we may process data which we lawfully receive from other offices or other third parties (e.g., credit agencies, publishers of address databases, journalist databases). In addition, we process personal data that we have lawfully collected, received or acquired from publicly accessible sources (such as commercial registers and association registers, civil registers, the press, Internet and other media) if such is necessary and we are allowed to process these data in accordance with statutory provisions.
Relevant personal data categories may be, in particular:
- personal data (name, date of birth, place of birth, nationality, marital status, occupation/trade and comparable data),
- contact data (address, e-mail address, telephone number and similar data)
- address data (population register data and comparable data)
- payment confirmation/confirmation of cover for bank and credit cards
- information about your financial situation (creditworthiness data including scoring, i.e., data for assessing the economic risk)
- customer history
- data on your use of the telemedia offered by us (e.g., time of access to our websites, apps or newsletters, clicked pages/links of us or entries and comparable data)
- metadata/communication data (e.g., device information, IP addresses),
- video data
4. Recipients or categories of recipients of your data
Your personal data will only be transferred to third parties if
- you have given us consent to transmit data to third parties,
- this is necessary in accordance with Art. 6(1)(b) GDPR for the processing of client relationships with you (this includes in particular passing it on to the opposing party in proceedings and their representatives, in particular their attorneys, as well as courts and other public authorities for the purposes of correspondence, marketing measures, as well as for the asserting and defending of their rights),
- for purposes where we are obligated or entitled to give information, notification or to forward data,
- to the extent that external service providers commissioned by us process data as order processors or parties that assume certain functions (e.g., external data centers, support and maintenance of IT applications, archiving, document processing, call center services, compliance services, controlling, data screening for anti-money laundering purposes, data validation and data protection. plausibility check, data destruction, purchasing/procurement, customer administration, letter shops, marketing, media technology, research, risk controlling, billing, telephony, website management, auditing services, banks, printing plants or companies for data disposal, courier services, logistics, press relations work).
We will moreover refrain from transmitting your data to third parties if we have not informed you of such separately. If we commission service providers within the framework of processing an order, your data will be subject there to the security standards stipulated by us in order to adequately protect your data. In all other cases, recipients may only use the data for purposes for which the data have been sent to them.
Attorney-client privilege will remain unaffected. With regard to data that are subject to attorney-client privilege, the information will only be passed on with your agreement.
Within our firm, the internal departments and organizational units who need your data in order to fulfill our contractual and legal obligations, or within the framework of processing and implementation of our justified interest, will receive your data.
5. Duration of data storage
We process and store your data for the duration of our business relationship. This also includes the initiation of a contract (precontractual legal relationship) and the execution of a contract.
The personal data that we record for the clients will be stored until the end of the legal storage period for lawyers (6 years after the end of the calendar year in which you ceased being a client) and erased, unless we are obligated to store the data for longer in accordance with Art. 6(1)(c) GDPR as a result of storage and documentation obligations under tax and commercial law (under the German Commercial Code, Penal Code, or Tax Code), or if you have given your consent to longer storage in accordance with Art. 6(1)(a) GDPR.
Furthermore, special statutory provisions may require longer retention such as the preservation of evidence in connection with statutory time-barring provisions (statute of limitations). Under Sections 195 et seq. German Civil Code (BGB), the regular time-barring period is three years, but time-barring periods of up to 30 years may also be applicable.
If the data are no longer required to meet contractual or statutory obligations and rights, data will be routinely erased unless its further processing - for a limited period - is necessary to fulfil the purposes listed under item no. 2.2 due to an overriding legitimate interest. Such an overriding legitimate interest is deemed to be the case, for example, if it is not possible to erase the data as a result of the particular type of storage, if such is only possible at a disproportionately great expense, and processing for other purposes is excluded by appropriate technical and organizational measures.
6. Processing of your data in a third country or through an international organization
Data are transmitted to offices in countries outside the European Economic Area EU/EEA (third countries) whenever such is necessary to meet a contractual obligation towards you (e.g., if you are posted to another country), if such is required by law (e.g., notification obligations under tax law), if such is in the legitimate interest of us or a third party, or you have issued us with your consent to such.
At the same time, your data may be processed in a third country, including in connection with the involvement of service providers within the framework of the processing of the order. If no decision has been issued by the EU Commission regarding the presence of an appropriate level of data protection for the respective country, we warrant that your rights and freedoms will be reasonably protected and guarantied in accordance with EU data protection requirements through contractual agreements to this effect. We will provide you with detailed information on request.
You can request information on the suitable or appropriate guarantees and on the possibility of receiving a copy of these from the company data protection officer or the human resources department responsible for you.
7. Your data protection rights / rights of data subjects
If certain conditions are met, you can assert the following data protection rights against us:
7.1 Under Art. 7(3) GDPR, you may revoke the consent that you have issued to us at any time. The result of this is that we may no longer perform the data processing covered by this consent in future.
7.2 Under Art. 15 GDPR, you have the right to obtain information on your personal data processed by us (where applicable, with limitations in accordance with Section 34 Federal Data Protection Act).
7.3 Upon request, we will rectify or complete data stored on you in accordance with Art. 16 GDPR if such data are inaccurate or incorrect.
7.4 Upon your request, we will erase your data in accordance with the principles of Art. 17 GDPR, unless we are prohibited from doing so by other statutory provisions (e.g., statutory retention obligations or the restrictions laid down in Section 35 Federal Data Protection Act) or an overriding interest on our part (for example, to defend our rights and claims).
7.5 Taking into account the preconditions laid down in Art. 18 GDPR, you may request us to restrict the processing of your data.
7.6 In accordance with the provisions of Art. 20 GDPR, you also have the right to receive the personal data concerning you in a structured, commonly used and machine-readable format or to transmit such data to a third party.
7.7 Furthermore, you may file an objection to the processing of your data in accordance with Art. 21 GDPR, as a result of which we are obliged to stop processing your data. This right of objection only applies, however, if very special circumstances characterize your personal situation, whereby the rights of our firm may stand in the way of your right of objection.
7.8 You also have the right to revoke consent, issued to us to process personal data, at any time with effect for the future.
7.9 In addition, you have the right to complain to a data protection supervisory authority (Art. 77 GDPR). We recommend, however, that complaints should always initially be sent to our Data Protection Officer.
Your applications regarding the exercising of your rights should, if possible, be addressed in writing to the abovementioned address or directly to our Data Protection Officer.
8. Scope of your obligation to provide us with your data
You only need to provide data that are necessary for the commencement and performance of the business relationship, for a precontractual relationship with us, or if we are obliged to collect the data by law. Without these data, we are generally not able to conclude the agreement or continue to perform it. This may also relate to data that are required later within the framework of the contractual relationship. If we request data from you above and beyond this, you will be informed about the voluntary nature of the information separately.
Information on your right of objection under Art. 21 GDPR
1. You have the right to file an objection at any time against processing of your data carried out on the basis of Art. 6(1)(f) GDPR (data processing on the basis of a weighing-up of interests) or Art. 6(1)(e) GDPR (data processing in the public interest). The precondition for this is, however, that there are grounds for your objection emanating from your special personal situation. This also applies to profiling based on this provision within the meaning of Art. 4(4) GDPR.
If you file an objection, we will no longer process your personal data unless we can demonstrate compelling reasons warranting protection for the processing that outweigh your interests, rights and freedoms, or the processing serves the purpose of asserting, exercising or defending legal claims.
2. We also process your personal data in order to perform direct advertising. If you do not want to receive any advertising, you have the right to file an objection against this at any time. This also applies to the profiling to the extent that it is connected with such direct advertising. We will respect this objection with effect for the future.
We will no longer process your data for the purpose of direct advertising if you object to processing for this purpose.
The objection may be filed without adhering to any formal requirements and should be sent to
Heuking Kühn Lüer Wojtek PartGmbB
Data Protection Officer Herr Harald Eul
(HEC Harald Eul Consulting GmbH)
Georg-Glock-Strasse 4
D-40474 Düsseldorf, Germany
Email: dsb@heuking.de
Our Privacy Policy and the information on data protection related to our data processing in accordance with Articles 13, 14 and 21 GDPR may change from time to time. All changes will be published on this site. Older versions can be viewed in an archive.
Data Protection Information last updated: May 30, 2018
Part 2
SUPPLEMENTARY DATA PROTECTION STATEMENT FOR OUR WEBSITE
Thank you very much for your interest in our online presence. The protection of your personal data is very important to us. We would like to inform you of the use of cookies, analysis tools, and the possible effects on personal data on our website.
1. Cookies and opt-out right in direct advertising
We use temporary and permanent cookies, i.e., small files that are stored on the devices of users (for clarification of the term and the function, see the last section of this data protection information). The cookies serve the purpose of security and are necessary for the operation of our website (e.g., for the presentation of the website) or to save the user’s decision when confirming the cookie banner. In addition, either we or our technology partner use cookies for reach measurement and marketing purposes, of which our users are informed in the Data Protection Statement.
You may generally opt out of the use of the cookies, used for the purposes of online marketing, for many services, above all with respect to tracking, via the US-based website http://www.aboutads.info/choices/ or via the EU-based website www.youronlinechoices.com. In addition, the storage of cookies may be achieved by deactivating them in the browser settings. Please note that it may not be possible to use all of the functions of this website in this case.
2. Recording of access data and log files
We record data on each access to our server on which the service is located (server log files) on the basis of our justified interest in accordance with Art. 6(1)(f) GDPR. The access data include the name of the website accessed, file, date, and time of the access, quantity of data transferred, reporting of successful access, browser type and version, the user’s operating system, referrer URL (the page visited previously), IP address, and the enquiring provider.
Log file information will be stored for security reasons (e.g., to clarify misuse or fraud actions) for a maximum period of seven days and then erased. Data that have to be stored for the purposes of evidence are excluded from erasure until the final clarification of the matter in question.
3. Online presence in social media
We maintain an online presence within social networks and platforms in order to communicate with the clients, interested parties, and users who are active there and to be able to inform them there about our services. When accessing the relevant networks and platforms, the terms and conditions of business and the data processing guidelines of their operators apply.
Unless otherwise stated in our Data Protection Statement, we process user data if they communicate with us within the social networks and platforms, e.g., contributions to our online presence or sending messages.
4. Cookies & reach measurement
Cookies are information transferred from our web server or third-party web servers to the web browser of the users and are stored there to be accessed later. Cookies may be small files or other kinds of information storage.
We use session cookies that are only stored for the duration of the current visit to our website (e.g., in order to enable the storage of your login status or the shopping cart function and therefore actually make it possible for you to use our website at all). A randomly generated clear identification number will be stored in a session cookie. This is known as a session ID. In addition, a cookie contains information on its origin and the duration of storage. These cookies cannot store any other data. Session cookies are deleted when you end the use of our website and log out or close the browser.
Users will be informed of the use of cookies as part of pseudonymous reach measurement in this data protection information.
If users do not wish cookies to be stored on their computer, they are requested to deactivate the appropriate option in the system settings for their browsers. Stored cookies can be deleted in the system settings of the browser. Excluding cookies from your computer can result in restricted functioning of this online content.
You may opt out from the use of cookies that serve the purpose of reach measurement and advertising via the deactivation site of the network advertising initiative (http://optout.networkadvertising.org/) and additionally the US-based website (http://www.aboutads.info/choices) or the European-based website (http://www.youronlinechoices.com/uk/your-ad-choices/).
5. Google Analytics
On the basis of our justified interests (i.e., an interest in the analysis, optimization, and economic operation of our website as defined under Art. 6(1)(f) GDPR), we use Google Analytics, a web analysis service provided by Google LLC (Google). Google uses cookies. The information created by the cookie about the use of the website by the user is generally transferred to one of Google’s servers in the USA and is stored there.
Google is certified under the Privacy Shield framework and therefore guarantees compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
Google will use this information on our behalf to analyze the use of our online content by the users and to compile reports on activities within the online content in order to perform further services associated with the use of this online content for us. As part of this process, pseudonymous user profiles for the users can be created from the processed data.
We use Google Analytics to ensure that we only display the advertisements provided as part of the advertising services provided by Google and its partners to users who have shown an interest in our website or who display certain features (e.g., interest in certain topics or products, which is determined on the basis of the websites that are visited), which we send to Google (this is known as remarketing, or Google Analytics audiences). We use remarketing audiences to ensure that our advertisements are in line with the potential interest of the user, rather than being an irritation.
We only use Google Analytics with IP anonymization activated. This means that Google abbreviates the IP address of the user in the member states of the European Union, or in other signatory countries of the Agreement on the European Economic Area. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and then abbreviated there.
The IP address transmitted from the user’s browser is not combined with other data by Google. Users can prevent the storage of cookies by configuring their browser settings appropriately; users can also prevent the recording of the data generated by the cookie and the data collected as a result of their use of the online content to Google, as well as its processing by Google. This can be done by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de.
As an alternative to the browser plugin or in browsers on mobile devices, please click on the following link in order to set up an opt-out cookie, which prevents recording by Google Analytics on this website in future (this opt-out cookie only functions in this browser and only for this domain, delete your cookies in this browser, then click on this link again):
You can find further information on the use of data by Google, as well as options for settings and opt-out on Google’s website: https://www.google.com/intl/de/policies/privacy/partners (“How Google uses information from sites or apps that use our services”), https://policies.google.com/technologies/ads (“How Google uses cookies in advertising”), https://adssettings.google.com/authenticated (“Make the ads you see more useful to you”).
Google-Re/Marketing Services
We use the marketing and remarketing services (abbreviated to “Google Marketing Services”) of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, (“Google”) on the basis of our justified interests (i.e., interest in the analysis, optimization, and economic operation of our online content as defined under Art. 6(1)(f) GDPR).
Google is certified under the Privacy Shield framework and therefore guarantees compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
Google Marketing Services allow us to show advertisements for and on websites in a more targeted way, in order only to present users with advertisements that may be of interest to them. If, for example, users are shown advertisements for products that they have shown an interest in on other websites, this is known as “remarketing.” For these purposes, when our website and other websites on which Google Marketing Services are active are accessed, a code is executed by Google and (re)marketing tags (invisible graphics or codes, which are also known as "web beacons") are incorporated into the website. These are used to save an individual cookie on the user’s device, i.e., a small file (comparable technologies can also be used instead of cookies). The cookies can be created by various different domains, including google.com, doubleclick.net, invitemedia.com, admeld.com, googlesyndication.com, or googleadservices.com. This file records which websites users look at, what content they show an interest in, and which offerings they click on. The file also contains technical information about the browser and operating system, referring websites, duration of the visit, as well as other information about the use of the online content. The IP addresses of users are also recorded, although we state within Google Analytics that the IP addresses are abbreviated within the member states of the European Union or in other signatory states of the Agreement on the European Economic Area, and only in exceptional cases sent in full to a Google server in the USA and abbreviated there. The IP address is not combined with the users’ data within other offers from Google. Google can also combine the aforementioned information with information from other sources. If users then visit other websites, they can be shown advertisements tailored to their interests.
The users’ data is processed in a pseudonymous manner within Google Marketing Services. This means that Google does not process the name or email addresses of the users, but rather processes the relevant data based on cookies within pseudonymized user profiles. This means that from the point of view of Google, the information is not managed and viewed for a concrete, identified person, but rather for the cookie owner, irrespective of who this cookie owner is. This does not apply if a user has expressly given Google permission to process the data without this pseudonymization. The information collected by Google Marketing Services about the users is transmitted to Google and stored on Google’s servers in the USA.
In addition, we may use the "Google Tag Manager" in order to incorporate the Google analysis and marketing services into our website and to manage them.
Additional information on data use for marketing purposes by Google is available at https://policies.google.com/technologies/ads, the Google Data Protection Statement is available at https://policies.google.com/privacy.
If you want to opt-out of interest-based advertising by Google Marketing Services, you can make use of the settings and opt-out options provided by Google: https://adssettings.google.com/authenticated.
6. Facebook Social Plugins
We use social plugins ("plugins") provided by the social network facebook.com, operated by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland on the basis of our justified interests (i.e., interest in the analysis, optimization, and economic operation of our website as defined in Art. 6(1)(f) GDPR). The plugins can be interaction elements or contents (e.g., videos, graphics, or text contributions) and can be identified by the Facebook logo (white “f” on a blue square, the term "like,” or the thumbs up sign) or are marked with the addition of "Facebook Social Plugin.” The list and design of the Facebook Social Plugins are available at https://developers.facebook.com/docs/plugins/.
Facebook is certified under the Privacy Shield framework and therefore guarantees compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active).
If a user accesses a function of this online content that contains a plugin of this kind, its device creates a direct connection with Facebook’s servers. The content of the plugins is sent directly from Facebook to the user’s device and incorporated into the website by Facebook. In this process, user profiles may be created for users based on the processed data. We therefore have no influence on the scope of the data that Facebook records using these plugins and we therefore inform users based on the knowledge we have.
Facebook receives information that a user has accessed the corresponding page of the website by means of the incorporation of the plugins. If the user is logged in to Facebook, Facebook can allocate the visit to its Facebook account. If users interact with the plugins, for example by clicking the like button or submitting a comment, the corresponding information will be sent directly from your device to Facebook and saved there. If a user is not a member of Facebook, it is still possible for Facebook to determine and save the user’s IP address. According to Facebook, in Germany only an anonymized IP address is stored.
The purpose and scope of the recording of data and the further processing and use of the data by Facebook, as well as the rights and setting options for the protection of users’ privacy can be found in Facebook’s data protection information at: https://www.facebook.com/about/privacy/.
If users are Facebook members and do not want Facebook to collect information about them and link it to their data stored with Facebook, they need to log out of Facebook and delete the cookies. Other settings and opt-outs regarding the use of data for advertising purposes are possible within Facebook’s profile settings: https://www.facebook.com/settings?tab=ads or via the US-based website http://www.aboutads.info/choices/ or via the EU-based website http://www.youronlinechoices.com/. The settings are implemented irrespective of the platform, i.e., they are applied to all devices, from desktop computer to mobile devices.
7. Newsletters
Below, we inform you about content of our newsletters, as well as the processes for registration, distribution, and statistical evaluation, as well as your right to opt out. By subscribing to our newsletter, you state that you agree to receive it and to the processes described.
Content of the newsletters: we send newsletters, emails, and other electronic notifications with promotional information (hereinafter: “Newsletter”) only with the consent of the recipient or with legal permission. If the content of a registration to receive a newsletter is outlined in concrete terms within the registration, that content will be decisive with regard to the consent of the user. In addition, our newsletters contain information about our events, offers, campaigns, and our company.
Double opt-in and logging: registering to receive our newsletter takes place in a “double opt-in procedure,” i.e., after registration you will receive an email in which you will be asked to confirm your registration. This confirmation is necessary so that no one can register with someone else’s email address. A log is kept of registrations for the Newsletter in order to be able to prove that the registration process took place in accordance with the legal requirements. This includes the saving of the time of registration and confirmation, as well as the IP address. A record will be kept of changes in your data and stored by the distribution provider.
Distribution provider: the newsletters are generally distributed by a distribution provider, CleverReach GmbH & Co. KG, Mühlenstr. 43, 26180 Rastede, Germany, hereinafter referred to as the “Distribution Provider.” The distribution provider’s Privacy Policy is available at https://www.cleverreach.com/en/privacy-policy/.
In addition, the distribution provider may use these data in a pseudonymized form based on its own information, i.e., without allocation to a user, in order to optimize or improve its own services, e.g., for technical optimization of the distribution and the presentation of the newsletter or for statistical purposes in order to determine which country the recipients come from. The distribution provider will not, however, use the data of our newsletter recipients to write to them itself, nor will it pass on the data to third parties.
Registration data: to register for the Newsletter, it is sufficient to enter your email address. As an option, please enter a name so that we can address you personally in the Newsletter.
Performance measurement: the newsletters contain a “web beacon,” i.e., a pixel-sized file that is accessed by the server of the distribution provider when the Newsletter is opened. During this access, initially technical information, such as information about the browser and your system, as well as your IP address and the time of access, will be collected. This information will be used for the technical improvement of the services based on the technical data or the target groups and their reading behavior based on the locations of access (which can be determined with the aid of the IP address) or the access times. The statistical records will also include the determination of whether the Newsletters are opened, when they are opened, and what links are clicked on. For technical reasons, it is possible to allocate this information to the individual Newsletter recipients. It is, however, not our aim, or that of the Distribution Provider, to monitor individual users. Rather, the analysis serves the purpose of recognizing the reading habits of our users and adjusting our content to suit them or to send different information in line with the interests of our users.
Germany: the distribution of the Newsletter and performance measurement take place on the basis of consent from the recipient in accordance with Art. 6 6(1)(a), Art. 7 in conjunction with Section 7(2)(3) German Act Against Unfair Competition or on the basis of legal permission in accordance with Section 7(3) Act Against Unfair Competition.
The recording of the registration procedure is performed on the basis of our justified interests in accordance with Art. 6(1)(f) GDPR and serves as proof of consent to receipt of the newsletter.
Termination/cancellation: you can terminate your agreement to receipt of our newsletter at any time, i.e., revoke your consent. You will find a link to the termination option for the newsletter at the end of each newsletter. If the user has only registered for the newsletter, his/her personal data will be erased.
8. Incorporation of third-party services and content
On the basis of our justified interest (i.e., an interest in the analysis, optimization, and economic operation of our website in accordance with Art. 6(1)(f) GDPR), our website offers content and services from third party providers in order to incorporate their content and services, such as videos and fonts (hereinafter referred to collectively as “Content”). The prerequisite for this is that the third-party providers of this Content have to use the IP address of the user because, without the IP address, they cannot send the Content to the browser. The IP address is therefore necessary for the provision of this Content. We make every effort only to use Content if the providers only use the IP address for the provision of the Content. Third-party suppliers can also use “pixel tags” (invisible graphics also known as "web beacons") for statistical or marketing purposes. The "pixel tags" can be used to evaluate information on the user traffic to the pages of this website. The pseudonymous information can also be stored in cookies on the user’s device and, among other things, includes technical information about the browser and operating system, referring websites, visit times, and also other information on the use of our online content. This information can also be connected with information of this kind from other sources.
The following description offers an overview of third-party providers, as well as their content, and also links to their data protection statements, which contain further details on the processing of data and opt-out options, some of which have already been mentioned:
- External fonts by Google, LLC., https://www.google.com/fonts (“Google Fonts”). The incorporation of the Google fonts is performed by means of server access at Google (generally in the USA). Data protection statement: https://policies.google.co/privacy, Opt-out: https://adssettings.google.com/authenticated.
- Maps of the “Google Maps” service by third-party provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA,. Data protection statement: https://www.google.com/policies/privacy/, Opt-out: https://www.google.com/settings/ads/.
- We incorporate the function for recognizing bots, e.g., when completing online forms ("ReCaptcha") of the provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Data protection statement: https://www.google.com/policies/privacy/, Opt-out: https://adssettings.google.com/authenticated.
- Videos of the “YouTube” service by third-party provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Data protection statement: https://policies.google.com/privacy, Opt-out: https://adssettings.google.com/authenticated .
- Our website includes Google+ services. These functions are provided by third-party provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. If you are logged into your Google+ account, you can link your Google+ profile to the content of our pages by clicking the Google+ button. This means that Google can allocate the visit to our pages to your user account. Please note that, as the provider of the pages, we have no knowledge of the content of the data transmitted or how the data are used by Google+. Data protection statement: https://policies.google.com/privacy , Opt-out: https://adssettings.google.com/authenticated.
- As part of our online offering, we use the marketing functions (“LinkedIn Insight Tag”) of the LinkedIn network. The provider is LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA. Each time one of our pages containing LinkedIn functions is accessed, a connection is made with LinkedIn’s servers. LinkedIn is informed that you have visited our website with your IP address. We can use the LinkedIn Insight Tag in particular to analyze the success of our campaigns in LinkedIn or determine target groups for these on the basis of the interaction of the users with our website. If you are registered with LinkedIn, LinkedIn is able to allocate your interactions with our website to your user account. Also, if you click on the LinkedIn “recommend button” and are logged in to your LinkedIn account, it is possible for LinkedIn to allocate your visit to our website to you and to your user account. LinkedIn is certified under the Privacy Shield framework and therefore guarantees compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000L0UZAA0&status=Active). Data protection statement: https://www.linkedin.com/legal/privacy-policy, Opt-out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
- The functions of the Twitter service or platform may be incorporated into our website (hereinafter referred to as “Twitter”). Twitter is offered by Twitter, Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. The functions include the presentation of our contributions in Twitter within our website, links to our profile at Twitter, and the option of interacting with contributions and functions of Twitter, as well as measuring whether users access our online content via our advertisements on Twitter (“conversion measurement”). Twitter is certified under the Privacy Shield agreement and therefore guarantees compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000TORzAAO&status=Active) Data protection statement: https://twitter.com/de/privacy, Opt-out: https://twitter.com/personalization.
- We use functions of the XING network. The provider is XING AG, Dammtorstrasse 29-32, 20354 Hamburg, Germany. Each time our web pages containing the Xing functions are accessed, a connection is made to the Xing servers. As far as we are aware, personal data are not saved in this process. In particular, no IP addresses are saved and the usage behavior is not analyzed. Privacy Policy: https://www.xing.com/app/share?op=data_protection.
- External code of the JavaScript framework “jQuery,” provided by third-party provider jQuery Foundation, https://jquery.org.
- We use functions of the URL service bitly. The provider is bitly, Inc. 139 5th Avenue, 5th Floor, New York, NY 10010, USA. Data protection statement: https://bitly.com/pages/privacy.
- We use the event organization tools provided by Altares. The provider is altares GmbH & Co. KG, Wiesenstrasse 21a, 40549 Düsseldorf, Germany. The invitation and participant management for our events is performed partially online using Altares’s software and servers. There is no explicit commissioning for the processing of data but the possibility of personal data being accessed during testing and maintenance cannot be ruled out. Data protection statement: https://www.altares.de/index.php/datenschutzhinweis.
Data Protection Information last updated: May 30, 2018
Version: March 1, 2016
Data Protection Information Version March 1, 2016:
Thank you for your interest in our online presence. The protection of your personal data is very important to us. Therefore, we would like to inform you about the use of cookies, analysis tools and the possible effects on personal data on our webpage.
Object of the Data Protection
The object of data protection is personal data. According to Section 3(1) of the Federal Data Protection Act, these are individual details about personal or factual circumstances of a specific or specifiable natural person. They include, for example, details such as name, mailing address, e-mail, or telephone number, if necessary, however, also usage data such as your IP address.
Data Processing for a Specific Purpose
We use your data, with the exception of cookies, see below, only for the purpose for which you have communicated the data to us, for instance, sending a newsletter. No further use, in particular, any transmission to a third party will occur unless you have authorized us to do so.
Cookies
Our webpage uses "cookies." These involve text files, which are stored on your computer. In the case of registered users, they serve to permit recognition of the user or which contents a user has already viewed. They also permit an analysis of your use of the website, however. Information, for example, is acquired by cookies on the operating system, the browser, your IP address, the webpages previously accessed by you (referrer URL) and the date and time of your visit to our webpage. You may, however, deactivate the storage of cookies or set up your browser so that cookies are stored only for the duration of the respective connection to the Internet. We automatically make your IP address anonymous so that we are unable to draw any conclusion concerning you by means of it.
Google Analytics
This website uses Google Analytics, a web analytics service provided by Google, Inc. (“Google”). Google Analytics uses “cookies”, which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookie about your use of the website (including your IP address) will be transmitted to and stored by Google on servers in the United States. In case of activation of the IP anonymization, Google will truncate/anonymize the last octet of the IP address for Member States of the European Union as well as for other parties to the Agreement on the European Economic Area. Only in exceptional cases, the full IP address is sent to and shortened by Google servers in the USA. On behalf of the website provider Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage to the website provider. Google will not associate your IP address with any other data held by Google. You may refuse the use of cookies by selecting the appropriate settings on your browser. However, please note that if you do this, you may not be able to use the full functionality of this website. Furthermore you can prevent Google’s collection and use of data (cookies and IP address) by downloading and installing the browser plug-in available under tools.google.com/dlpage/gaoptout.
You can refuse the use of Google Analytics by clicking on the following link. An opt-out cookie will be set on the computer, which prevents the future collection of your data when visiting this website:
Further information concerning the terms and conditions of use and data privacy can be found at www.google.com/analytics/terms/gb.html or at www.google.de/intl/en_uk/policies/. Please note that on this website, Google Analytics code is supplemented by “anonymizeIp” to ensure an anonymized collection of IP addresses (so called IP-masking).
Right to Information and to Revocation
At any time without giving reasons you receive information free of charge about your data stored by us at www.heuking.de. At any time you can block, correct or have your data deleted by us via the homepage. You can also at any time object to these previously described data by sending us an e-mail to dsb@heuking.de. We are at your disposal at any time for further questions concerning our information on data protection and on the processing of your personal data.
Your Contact
Heuking Kühn Lüer Wojtek
Data protection officer Mr. Harald Eul
Georg-Glock-Straße 4
40474 Düsseldorf/Germany
E-Mail: dsb@heuking.de