With the law firm Prinz Rechtsanwälte PartG mbB being the controller of the processing, it implemented numerous technical and organisational steps to ensure protection of the personal data processed via this website as complete as possible. However, web-based data transfers may still have security flaws so that absolute protection cannot be guaranteed. For this reason any data subject has the choice of transmitting to us any personal data via alternative routes, for example by telephone.
You will find the definitions of the terms used (for instance “personal data” or “processing”) in Art. 4 GDPR.
1. Controller of the processing and the firm’s privacy officer
Prinz Rechtsanwälte PartG mbB
Tesdorpfstrasse 16, 20148 Hamburg, Deutschland
(hereafter: “we” or “us”)
tel +49 40 413 200-0
fax +49 40 450 53 68
Our in-house privacy officer may be contacted at the above address or numbers, for Att. Mrs Stefanie Schulz, or under firstname.lastname@example.org.
2. Collection and storage of personal data as well as the manner and purpose of its use
a) Visiting the website
With every visit of our website by the data subject or an automated system general data and information are collected. This general data and information are temporarily stored in the log files of the server for 7 days. If the data needs to be retained for reasons of proof (e. g. for cases of abuse), they are exempted from being erased until the incident has been finally clarified.
The following information is collected without any action on your part and stored until erased automatically:
- IP-Address of the accessing remote terminal,
- Date and time of the access,
- Name and URL of the accessed file or website,
- Amount of data sent,
- URL of the referring website or web page from which access was made (Referrer-URL),
- Type and version of browser used and the operating system as well as unit type of your device.
When using this general data and information, we do not draw inferences about the data subject. Rather, this information is needed and processed for the following purposes:
- to ensure a trouble-free connection establishment of the website;
- to ensure a user-friendly interaction with our website;
- Evaluation of the system security and stability / ensuring permanent functionality
- Provision of information necessary for prosecution to prosecuting authorities in the event of a cyber attack;
- for additional administrative purposes.
The legal basis for the data processing is Art. 6 subsection 1 S. 1 lit. f GDRP. Our legitimate interest arises from the purposes for data capture listed above. In neither case do we use the data collected for the purpose of drawing any inference to you as person.
b) Making contact
Personal data is collected within the context of you making contact with us (e. g. contact form or email). The data collected when using a contact form can be seen in the contact form. This data is exclusively stored and used for the purpose of replying to your enquiry and/or for making contact and the technical administration attached to this. The legal basis for the processing of the data is our legitimate interest for replying to your enquiry in terms of Art. 6 subsection 1 lit. f GDPR. If the purpose of your contacting us is to form a contract, Art. 6 subsection 1 lit. b GDPR is the additional legal basis for the processing. After the final processing of your enquiry, your data will be erased; this will be the case if the circumstances show that the relevant issue has been conclusively settled and unless legal obligations to retain data prevent this.
3. Data protection in cases of applications and during application procedures
We collect and process personal data of applicants for the purpose of handling the application procedures. The processing can also take place electronically. This is the case especially if an applicant sends us the relevant application documents electronically, for instance per email or via a web form available on our website. If we enter into an employment contract with an applicant, the transmitted data is stored for the purpose of dealing with the employment taking into account the legal requirements. If no employment contract is concluded between the controller of the processing and the applicant, the application documents are automatically erased two months after a decision of a negative reply has been made, provided we have no other legitimate interests that would prevent the erasure. Other legitimate interest in this sense, for example, is the burden of proof in a court proceeding in terms of the General Equal Treatment Act (AGG). If the processing of personal data is based on Article 6 I lit. f GDPR, our legitimate interest is the performance of our business operation for the benefit and wellbeing of all our staff and shareholders.
4. Disclosure of data
Your personal data is not disclosed to third parties other than for the purposes stated as follows:
We disclose your personal data to third parties only if:
- You have given your explicit consent to this in terms of Art. 6 para. 1 S. 1 lit. a GDPR;
- the disclosure in terms of Art. 6 para. 1 S. 1 lit. f GDPR is necessary for the enforcement, exercise or defence of legal claims and there is no reason to assume that you have an overriding interest warranting protection in the non-disclosure of your data;
- in the event that there is a legal obligation for the disclosure in terms of Art. 6 para. 1 S. 1 lit. c GDPR; and
- that this is permitted by law and necessary in terms of Art. 6 para. 1 S. 1 lit. b GDPR for dealing with the contractual relationship with you.
5. Rights of the data subject
You have the right:
- in terms of 15 GDPR to request a confirmation whether personal data concerning you is processed by us;
- in terms of Art. 15 GDPR, to request information about your personal data processed by us. In particular, you may request information about the processing purposes, the category of the personal data, the category of recipients to which your data was or will be disclosed, the envisaged storage period, the existence of a right to correction, erasure, restriction of the processing or objection, the existence of a right to lodge a complaint, the source of your data – where it was not collected by us – and the existence of an automated decision-making inclusive of profiling and, if required, meaningful information in respect of its details. You also have a right to information on whether personal data was disclosed to a third country or an international organisation. If this is the case, you have otherwise the right to receive information on appropriate safeguards in connection with the transfer;
- in terms of Art. 16 GDPR, to immediately request the rectification of inaccurate personal data or the completion of your data stored by us; you also have the right to request – taking into account the purposes of the processing – the completion of incomplete personal data – also by means of a supplementary statement;
- in terms of Art. 17 GDPR, to request the erasure of your personal data stored by us, unless the processing for the exercise of the right to freedom of expression and information, the fulfilment of a legal obligation, for reasons of public interest or for the enforcement, exercise or defence of legal claims is required.;
- in terms of Art. 18 GDPR, to request the restriction of the processing of your personal data, if you contest the accuracy of the data, where the processing is unlawful, but you oppose the erasure of the data and we no longer require the data, but you need the data for the enforcement, exercise and defence of legal claims or you have lodged a complaint to the processing in terms of Art. 21 GDPR;
- in terms of Art. 20 GDPR, to receive your personal data, which you made available to us, in a structured, commonly used and machine-readable format or to request the transmission to another controller;
- in terms of Art. 7 para. 3 GDPR, to withdraw your given consent at any time. The result of this is that we may no longer continue with the data processing that was based on this consent; and
- in terms of Art. 77 GDPR, to lodge a complaint with the supervisory authority. Generally, you may lodge the complaint with the supervisory body of your habitual residence or place of work or our office.
6. Right to object
Where your personal data is processed on the basis of legitimate interests in terms of Art 6 para. 1 S. 1 lit f GDPR, you have the right, in terms of Art. 21 GDPR, to object to the processing of your personal data, provided there are reasons which arise from your particular situation or if the objection is to direct marketing. In the latter case you have a general right to objection which we will comply without indication of a particular situation.
If you wish to make use of your right to withdraw or object, an email to email@example.com is sufficient.
7. Legal bases of processing
Art. 6 I lit. a GDPR serves as the legal basis for processing for which we obtain an approval for a particular processing purpose. If the processing of personal data is necessary for the performance of a contract, where the contractual party is the data subject, as this is the case, for instance, in processing operations which are necessary for delivery of goods or any other service delivery or service in return, the processing is based on Art. 6 I lit. b GDPR. The same applies to such processing which is necessary for the performance of pre-contractual actions, for instance in cases of enquiries regarding our products or services. If our company is subject to a legal obligation which makes the processing of personal data necessary, as for instance the fulfilment of the duty to pay taxes, the processing is based on Art. 6 I lit. c GDPR. In rare cases the processing of personal data may become necessary in order to protect vital interests of the data subject or another natural person. This would be the case, for instance, if a visitor would sustain an injury on our premises, his name, age, medical aid details or other vital information would have to be disclosed to a doctor, hospital or other third parties. The processing would then be based on Art. 6 I lit. d GDPR. Ultimately, processing could be based on Art. 6 I lit. f GDPR. Processing which is not covered by any of the above legal bases is based on this legal basis, if the processing is necessary for protection of legitimate interests of our business or a third party, unless it is overridden by the interests, fundamental rights and freedoms of the data subject.
Such processing is permitted to us in particular, because it was specifically mentioned by the European legislator. It was of the opinion that a legitimate interest could be assumed in the data subject is a client of the controller (Recital 47 Sentence 2 GDPR).
8. Legal or contractual regulations for the provision of the personal data
We inform you that the provision of personal data is, to some extent, required by law (e. g. tax regulations) may arise from contractual regulations (e. g. details of the contractual partner). At times, it may be necessary for the conclusion of a contract that a data subject, for instance, may be obliged to disclose personal data to us if our firm enters into a contract with it. The non-disclosure of the personal data would result in the fact that the contract could not be concluded with the data subject. Before a data subject discloses the personal data, the data subject must contact one of our staff. Depending on the individual case, our staff informs the data subject whether the disclosure of the personal data is legally or contractually compulsory or required for the contract formation, whether there is an obligation to disclose the personal data and what the consequences are in the case of the non-disclosure of the personal data.
9. Existence of automated decision making
As a responsible business, we refrain from automatic decision making or profiling.
10. Data security
Within the website visit, we use the common SSL protocol (Secure Socket Layer) in conjunction with the highest level of encryption supported by your browser. This usually means a 256 bit encryption. If your browser does not support a 256-bit encryption, we use a 128-bit v3 technology. Whether an individual page of our internet presence is transmitted encrypted you can recognise by the locked-key or the padlock symbol on the status bar of your browser.
Otherwise we use suitable technical and organisational security arrangements in order to protect your data against accidental or deliberate manipulation, partial or complete loss, destruction or the unauthorised access by third parties. Our security arrangements are being continuously improved according to technological developments.