a) Personal data
Personal data is any information relating to an identified or identifiable natural person (herein-after “data subject”). A natural person is considered to be identifiable if he/she can be identi-fied, directly or indirectly, in particular by association with an identifier such as a name, an identification number, location data, an online identifier or one or more special features, which express the physical, physiological, genetic, mental, economic, cultural or social identity of this natural person.
b) Data subject (user)
Data subject is any identified or identifiable natural person whose personal data is processed by the controller.
Processing is any operation or series of operations, with or without the aid of automated pro-cedures, related to personal data, such as collecting, registration, organizing, sorting, storing, adapting or modifying, reading, querying, using, disclosure by transferring, dissemination or any other form of provision, matching or association, restriction, deletion or destruction.
d) Restriction of processing
Restriction of processing is the marking of stored personal data with the aim to restrict their future processing.
Profiling is any kind of automated processing of personal data that consists in using that per-sonal information to evaluate certain personal aspects relating to a natural person, in particu-lar, to analyse or predict aspects relating to job performance, economic situation, health, per-sonal preferences, interests, reliability, behaviour, whereabouts or relocation of that natural person.
Pseudonymisation is the processing of personal data in such a way that personal data can no longer be attributed to a specific data subject without using some additional information, pro-vided that such additional information is kept separate and subject to technical and organiza-tional measures to ensure that the personal data is not assigned to an identified or identifiable natural person.
g) Controller or the person responsible for processing
Controller or the person responsible for processing is the natural or legal person, public au-thority, agency or other body that, alone or in concert with others, decides on the purposes and means of processing personal data. Where the purposes and means of such processing are determined by the Union law or the law of the Member States, the controller and/or spe-cific criteria for his/her designation may be provided for under the Union law or the law of the Member States.
Processor is a natural or legal person, public authority, agency or other body that processes personal data on behalf of the controller.
Recipient is a natural or legal person, public authority, agency or other entity to whom person-al data is disclosed, whether or not it is a third party. However, authorities which may receive personal data under the Union or the law of the Member State in connection with a particular investigation mandate are not considered as recipients.
j) Third party
Third party is a natural or legal person, public authority, agency or entity other than the data subject, the controller, the processor and the persons authorized to process the personal data under the direct responsibility of the controller or the processor.
Consent is any declaration of will by the data subject, voluntarily given and unambiguously expressed in the form of a statement or other unambiguous confirmatory act, by which the data subject indicates that they consent to the processing of the personal data relating to him/her.
Attorney at Law Felix Ginthum
Phone: +49 (0) 30 20050720
Fax: +49 (0) 30 – 2005072-10
3. General information about data processing
a) Scope of data processing
Generally, we process personal data of our users only insofar as this is necessary to provide a functioning website and our content and services. The processing of personal data of our users takes place regularly only with the consent of the user. An exception applies to cases in which prior consent can not be obtained for actual reasons and the processing of the data is permitted by law.
b) Legal basis for data processing
Insofar as we obtain the data subject’s consent for processing of personal data, Art. 6 Sec. 1 lit. a General Data Protection Regulation (EU GDPR) is used as legal basis.
For the processing of personal data required for the performance of a contract to which the data subject is a party, Art. 6 Sec. 1 lit. b EU GDPR is used as legal basis. This also applies to processing operations required to carry out pre-contractual actions. Insofar as processing of personal data is required to fulfil a legal obligation that our company is subject to, Art. 6 Sec. 1 lit. c EU GDPR is used as legal basis.
In the event that vital interests of the data subject or another natural person require the pro-cessing of personal data, Art. 6 Sec. 1 lit. d EU GDPR is used as legal basis. If the processing is necessary to safeguard the legitimate interests of our company or a third party, and if the interests, fundamental rights and freedoms of the data subject do not prevail over the afore-mentioned interest, Art. 6 Sec. 1 lit. f EU-GDPR is used as legal basis for processing.
c) Duration of processing
We only process your data for as long as it is necessary to fulfil the contract, to maintain our relationship or in accordance with applicable legal provisions.
There are different retention periods for the storage of business documents. According to the Tax Code, data with tax relevance usually has a retention period of 10 years, other data ac-cording to the provisions of the German Commercial Code – 6 years.
As long as you do not object, we shall use your information to our mutual benefit within the framework of our trusting relationship.
If you wish your data to be deleted, we shall carry out the deletion immediately, as far as the deletion does not conflict with legal storage requirements.
4. SSL encryption
This website uses SSL (Secure Socket Layer) encryption to transfer data from your browser to our server and to servers that provide files that we incorporate on our website. You can recognize the presence of SSL encryption by the text prefix “https” in front of the address of the web page that you open in the browser.
5. Contact form and e-mail contact
a) Description and scope of data processing
There is no contact form available on our website.
b) Legal basis for data processing
The legal basis for the processing of data after the user has provided his/her consent is Art. 6 Sec. 1 lit. a EU GDPR.
The legal basis for the processing of the data transmitted in the course of sending an e-mail is Article 6 Sec. 1 lit. f EU GDPR. If the e-mail contact aims to conclude a contract, then Art. 6 Sec. 1 lit. b EU GDPR is the additional legal basis for the processing.
c) Purpose of data processing
The processing of the personal data from the input form serves us only to process the con-tact. In the case of contact via e-mail, this also includes the required legitimate interest in the processing of the data.
The other personal data processed during the sending process serve to prevent misuse of the contact form and to ensure the security of our information technology systems.
d) Duration of storage
The data will be deleted as soon as they are no longer required for the purpose of their collec-tion. For the personal data from the input form of the contact form and those sent by e-mail, this is the case when the respective conversation with the user has ended. The conversation is ended when it can be inferred from the circumstances that the relevant facts have been finally clarified.
The additional personal data collected during the sending process will be deleted at the latest after a period of seven days.
e) Possibility to object and remove
The user has the possibility at any time to revoke his/her consent to the processing of the per-sonal data. If the user contacts us via e-mail, he/she may object to the storage of his/her per-sonal data at any time. In such a case, the conversation can not continue. All personal data stored in the course of contacting will be deleted in this case.
6. Your rights as data subject
Pursuant to the EU GDPR you have the following rights:
a) Right of access to information
You are entitled to demand a confirmation from the controller whether the personal data con-cerning you is processed by us.
If such processing takes place, you can request information from the controller about the fol-lowing:
(1) the purposes for which the personal data are processed;
(2) the categories of personal data that are processed;
(3) the recipients or categories of recipients to whom the personal data relating to you have been disclosed or are still to be disclosed;
(4) the intended duration of the storage of your personal data or, if specific information is not available, criteria for determining the duration of storage;
(5) the existence of a right to correct or delete of personal data relating to you, a right to re-strict the processing by the controller or a right to object to such processing;
(6) the existence of a right of appeal to a supervisory authority;
(7) all available information on the source of the data if the personal data are not collected from the data subject;
(8) the existence of any automated decision-making including profiling under Article 22 Sec. 1 and 4 of the EU GDPR and – at least in these cases – substantive information about the logic involved and the scope and intended impact of such processing on the data subject.
You have the right to request information about whether your personal information is trans-ferred to a third country or to an international organization. In this context, you can request the information about the appropriate guarantees in connection with the transfer pursuant to Art. 46 EU GDPR.
b) Right to correction of your data
You have a right with respect to the controller to correct and / or complete the data, if your processed personal data are incorrect or incomplete. The controller shall make the correction without delay.
c) Right to restrict the processing of your data
You may request the restriction of the processing of your personal data under the following conditions:
(1) if you dispute the accuracy of your personal data for a period of time that enables the con-troller to verify the accuracy of your personal information;
(2) the processing is unlawful and you refuse to delete the personal data and instead request the restriction of the use of the personal data;
(3) the controller no longer requires personal data for the purposes of processing, however, you require those to assert, exercise or defend legal claims, or
(4) if you have objected to the processing pursuant to Art. 21 Sec. 1 EU GDPR and it is not yet certain whether the legitimate reasons of the controller outweigh your reasons.
If the processing of personal data relating to you has been restricted, these data may only be used with your consent or for the purpose of asserting, exercising or defending legal claims or protecting the rights of another natural or legal person or for reasons of important public inter-est of the Union or a Member State.
If the processing has been restricted in accordance to the aforementioned you shall be in-formed by the controller prior to the lifting of the restriction.
b) Right to deletion of your data
aa) Obligation to delete
You may require the controller to delete your personal information without delay, and the con-troller is required to delete that information immediately if one of the following applies:
(1) Your personal data are no longer necessary for the purposes for which they were collect-ed or otherwise processed.
(2) You revoke your consent to the processing in accordance to Art. 6 Sec. 1 lit. a or Art. 9 Sec. 2 lit. a GDPR, and there is no other legal basis for processing.
(3) You object to the processing in accordance to Art. 21 Sec. 1 EU GDPR and there are no overriding justifiable reasons for the processing, or you object to the processing in accordance to Art. 21 Sec. 2 EU GDPR.
(4) Your personal data have been processed unlawfully.
(5) The deletion of personal data relating to you is required to fulfil a legal obligation under the Union law or the law of the Member States to which the controller is subject.
(6) The personal data relating to you were collected in relation to the offered information soci-ety services under Article 8 Sec. 1 EU GDPR.
bb) Information to third parties
If the controller has made the personal data relating to you public and is according to Article 17 Sec. 1 EU GDPR obliged to delete those, he shall take appropriate measures, considering the available technical means and costs of the implementation, also of technical nature, to inform data controllers who process the personal data that you, as data subject, have re-quested them to delete any links to such personal data or provide copies or replications of such personal data.
The right to delete does not exist if the processing is necessary
(1) to exercise the right to freedom of expression and information;
(2) to fulfil a legal obligation required by the law of the Union or of the Member States to which the controller is subject, or to carry out a task of public interest or in the exercise of official authority conferred on the controller;
(3) for reasons of public interest in the field of public health pursuant to Art. 9 Sec.2 lit. h and i and Art. 9 Sec. 3 EU GDPR;
(4) for archival purposes of public interest, scientific or historical research purposes or for statistical purposes acc. to Article 89 Sec. EU GDPR, to the extent that the law referred to in (a) is likely to render impossible or seriously affect the achievement of the objectives of that processing, or
(5) to assert, exercise or defend legal claims.
e) Right to information
If you have asserted towards the controller your right to correct, delete or restrict the pro-cessing, he/she is obliged to notify all recipients to whom your personal data have been dis-closed of this correction or deletion of the data or restriction of processing, unless this proves to be impossible or involves a disproportionate effort.
You have the right towards the controller to be informed about these recipients.
f) Right to data portability
You have the right to receive personal information related to you which you have provided to the controller in a structured, conventional and machine-readable format. In addition, you have the right to submit this information to another controller without any hindrance by the controller to whom the personal information had been provided, if
(1) the processing is based on consent acc. to Art. 6 Sec. 1 lit. a EU GDPR or Art. 9 Sec. 2 lit. a EU GDPR or on a contract acc. to Art. 6 Sec. 1 Abs. 1 lit. b EU GDPR and
(2) the processing is done using automated procedures.
In exercising this right, you also have the right to effect that the personal data relating to you are transmitted directly from one controller to another, insofar as this is technically feasible. Freedoms and rights of other persons may not be affected thereby.
The right to data portability does not apply to the processing of personal data necessary for the performance of a task in the public interest or in the exercise of official authority delegat-ed to the controller.
g) Right to object
You have the right at any time, for reasons that arise from your particular situation, to object against the processing of your personal data taking place pursuant to Art. 6 Sec. 1 lit. e or f EU GDPR; this also applies to profiling based on these provisions.
The controller shall no longer process the personal data concerning you unless he/she can demonstrate compelling legitimate grounds for processing that outweigh your interests, rights and freedoms, or the processing serves the purpose of enforcing, exercising or defending legal claims.
If the personal data relating to you are processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for the purpose of such ad-vertising; this also applies to profiling insofar as it is associated with such direct advertisement.
If you object to processing for direct marketing purposes, your personal data will no longer be processed for these purposes.
Regardless of Directive 2002/58/EC, you have the option, in the context of the use of infor-mation society services, to exercise your right to object through automated procedures that use technical specifications.
h) Right to revoke the data protection consent declaration
You have the right to revoke your data protection consent declaration at any time. The revo-cation of consent does not affect the legality of the processing carried out on the basis of the consent until the revocation.
i) Right to complain to the Data Protection Supervisory Authority
Without prejudice to any other administrative or judicial remedy, you shall have the right to complain to a supervisory authority, in particular in the Member State of your residence, place of work or place of alleged infringement, if you believe that the processing of the personal data relating to you violates the EU GDPR. The supervisory authority to which the complaint has been lodged informs the complainant of the status and results of the complaint, including the possibility of a judicial remedy pursuant to Art. 78 EU GDPR.
The jurisdiction of the supervisory authority depends on your place of residence. A list of su-pervisory authorities can be found here: