DATA PRIVACY STATEMENT SCHMITZ KNOTH RECHTSANWÄLTE PARTGMBB

1. Name and contact details of the controller/processor as well as the data protection officer.

This information on data privacy is valid for data processing by:

Controller & Processor: Schmitz Knoth Rechtsanwälte PartGmbB (“Schmitz Knoth Rechtsanwälte“), Bertha-von-Suttner-Platz 2-4, D-50933 Bonn, Germany Email: kontakt@schmitzknoth.de Telefon: +49 (0)228 – 98509-0 Fax: +49 (0) 228 – 98509-33

The data protection officer of Schmitz Knoth Rechtsanwälte is available at the address of the controller & processor, c/o Dr. Adrian Gehrig, and at datenschutz@schmitzknoth.de.

2. Collection and storage of personal data, and purpose and manner of their use.

2.1 On visiting this website

2.1.1 Processing of IP-Address and Login data

On visiting www.schmitzknoth.de, the browser on your device automatically sends information to the server hosting our website. This information is saved temporarily in a logfile. The following data is collected without further action on your part and stored on our servers until its automatic deletion:

  • IP-Address of the device accessing the website
  • Date and time of access
  • Name and URL of the accessed file
  • Website from which the access takes place (Referral-URL)
  • The browser used and, potentially, the operating system of your device, as well as the name of your access provider

This data is processed by us for the following purposes:

  • Guaranteeing the establishment of a reliable connection to the website,
  • Guaranteeing the usability of our website,
  • Evaluation of system security and stability, and
  • Further administrative purposes.

Art. 6(1)(f) GDPR entitles us to collect the data enumerated in this section. Our legitimate interests are derived from the purposes for the data processing, as listed above. In no case do we use the processed data to draw conclusions as to the identity of the user.

Additionally, our website uses Cookies and traffic analysis services. You can find more information below.

2.1.2 Cookies

Our website uses cookies. Cookies are small data files that your browser creates automatically and are saved on your device when accessing our website. Cookies do not harm your device and do not contain viruses, trojans, or other malware.

In a cookie, information is stored that relates to the specific device used. But this does not enable us to draw a conclusion as to your identity.

We use cookies to make your visit of our webpage as convenient as possible; temporary cookies are stored for a set amount of time on your device. When visiting our webpage a second time to engage with us and the services we provide, your device is recognised which allows us to register your continued interest and, for your convenience, pre-fill any forms and settings you filled out and selected during your previous visit.

The data processed by cookies is necessary to maintain our legitimate interests and those of third parties pursuant to Art. 6(1)(f) GDPR.

Most browsers are preconfigured to accept Cookies. You can configure your browser to prevent the creation of cookies on your device or to alert you before a cookie is created. Preventing the creation of cookies may disable some features on our website.

2.1.3 Tools for data and traffic analysis and tracking

The following tracking measures are employed by us, utilising cookies (pursuant to section 2.1.2 of this statement), on the basis of Art. 6(1)(f) GDPR. We use tracking to constantly optimise our website and adapt to the needs of our users. Additionally, we use tracking to create statistics on the usage of our website. These interests are considered legitimate pursuant to the GDPR since no personal data is processed.

Specific purposes of data processing and categories of data are listed below in the sections on tracking tools.

2.1.3.1 Google Analytics

To adapt to our user’s needs and to optimise our website, we use Google Analytics, a data analysis service offered by Google Inc. ((https://www.google.de/intl/de/about/) (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; „Google“). In this context, anonymous data profiles are created and cookies (see 2.1.2) are used. Data created by the cookies, such as

  • Browser & version number
  • Operating system of the device
  • Referral-URL (previously accessed page)
  • IP-Address of the device
  • Date and time of access,

are sent to and stored on a server owned by Google in the United States of America. The data collected is used to evaluate usage of the website, create reports on website activity, and to perform further services related to usage of the website and usage of the internet for the purposes of marketing research and efficient website design. The data may be submitted to third parties when mandated by law or when it is processed by third parties on our behalf. Your IP address is not shared with other data controlled by Google. In processing, IP addresses are anonymised (IP-masking) to prevent mapping.

You may prevent the installation of cookies by configuring your browser but please note that this may disable certain features otherwise available on this website.

Furthermore, you may prevent the collection of data and the processing of data by Google (as created by cookies, and user data [e.g. IP addresses]) by downloading and installing an add-on for your browser (https://tools.google.com/dlpage/gaoptout?hl=de).

Alternatively, you may prevent the collection of data by Google Analytics by pressing on this link. Doing so creates an opt-out cookie which prevents the creation of cookies when accessing this website in the future. This opt-out cookie is only valid for our website and your browser on this device and is saved on your device. If you delete all cookies from your browser, you have to set the opt-out cookie again by clicking the link above.

Further information on data privacy in relation to Google Analytics can be found in the Google Analytics help pages (https://support.google.com/analytics/ answer/6004245?hl=de).

2.1.3.2 Google Adwords Conversion Tracking

To evaluate usage of our website statistically and to optimise our website for you, we also use Google Conversion Tracking. Google Adwords sets a cookie on your device if you used an ad provided by Google to access our website.

These cookies lose their validity after 30 days and are not used to discover your identity. If the user accesses certain parts of the website of the Adwords customer and the cookie remains valid, Google and the customer can recognise that the same person accessed the website through the ad.

Adwords sets a different cookie for every customer. Therefore, cookies cannot be traced across the websites of multiple Adwords customers. Data collected using the Conversion cookie is used to create Conversion statistics for Adwords customers who opted into Conversion tracking. Adwords customers gain knowledge on how many users clicked on their advertisement and are taken to the linked page with a Conversion tracking tag. Customers do not receive data allowing them to infer the identity of the user.

If you do not want to participate in this tracking process, you can prevent the setting of the cookie through configuration of your browser to prevent the creation of any cookies. Alternatively, you may prevent the creation of all cookies originating from the domain www.googleadservices.com. Google’s privacy statement on Conversion tracking can be found at https://services.google.com/sitestats/de.html.

2.1.3.3 Google Tag Manager

This website uses Google Tag Manager. Google Tag Manager allows marketers to manage website tags through a user interface. The Tool Tag Manager implementing the tags is a domain that does not set cookies and does not collect personal data. The tool triggers the application of other Tags which themselves may collect data. Google Tag Manager does not access this data. If the tags are deactivated (through deactivating cookies or the domain), this deactivation remains valid for all tracking tags implemented by Google Tag Manager.

2.2 Using the Contact Us form

For any questions you might have, we offer you the opportunity to contact us via a form on our website. To send the form, it is necessary to provide us with an email address in order for us to know who sent the message and how we can reply to it. Further personal data can be entered at your discretion.

Data processing for the purposes of the Contact Us page is compliant with Art 6(1)(a) GDPR based on your consent in providing us with these details.

The personal data collected when utilising the Contact Us form is deleted automatically when your query has been answered.

2.3 Google Maps

Only when you press on the Google Maps link above the direction map provided is your complete IP address, allowing your identification, submitted to a server operated by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA („Google“).

This server may be physically present in Europe but may be physically present in the United States of America, where the European laws on data privacy are not in force. However, Google has acceded to the EU-US Privacy Shield. This framework is based on a treaty between the EU and the USA and regulates data privacy for personal data submitted from a member state of the EU to the USA. The European Commission concluded on 12th July 2016 that the content of the privacy shield is equivalent to the data privacy rights granted by European Union law; therefore, the treaty is applicable.

Processing of the data provided in the context of the Google Maps navigation feature on our website is based on your consent (pursuant to Art 6(1)(a) GDPR).

2.4 Xing Plugins

Our page includes the Xing “Share Button” which allows you to use the functions associated with it. These functions are offered by XING AG, Gänsemarkt 43, 20354 Hamburg, Germany (“Xing”).

To prevent that mere access to our webpage causes an automatic submission of personal data to Xing, the button is greyed out in the first place. It is only activated when you press it. When activating it, a direct connection between your browser and the Xing servers is established, providing Xing with the information that you visited our website with the IP address allocated to your device.

Xing, according to its statements, does not store any personal data relating to your visit our website. Xing, according to its statements, also does not store IP addresses and does not evaluate the behaviour of users using cookies in connection with the Xing Share Button. Nonetheless, we hereby inform you that we have no knowledge of the data that may or may not be submitted to the Xing servers or the subsequent processing of this data. The data protection statement of Xing as relating to the Xing Share Button and further information is accessible at https://www.xing.com/app/share?op=data_protection. To prevent the collection and processing of data about you and your online behaviour, you must log out of the Xing platform on your browser before visiting our website.

2.5 Links to partnering web pages

You can find links on our website guiding you to other websites, such as Xing profiles, Awerian, or UNZD e.V. On clicking these links, your IP address, type of browser and version, operating system, referral URL, hostname of the device, as well as the date and time of the access are submitted to the relevant partnering website. Pleas be aware that these details may be collected and stored by the relevant websites for a period of time. You can avoid this by not clicking on links to other domains. If you consent by clicking on the link, the legal basis for the collection and processing of information is Art 6(1)(a) GDPR i.e. your consent.

2.6 Servers

Our website is hosted on the servers of Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Deutschland (https://www.hetzner.de/rechtliches/datenschutz/). Our hosting provider creates daily backups of the entirety of the data on the servers. Since the GDPR defines automatic backups as constituting data processing, we have concluded appropriate processing agreements with the named service providers.

The legal basis of the data processing in this instance is Art 6(1)(f) GDPR; we have a legitimate interest in using rented servers to host our website since the necessary technical requirements for data protection cannot be fulfilled (in an economically sensible manner) on our premises. Equally, we have a legitimate interest in regular backups.

2.7 Signing up for our newsletter „SCHMITZ KNOTH MITTEILUNGEN“

If you have consented expressly (pursuant to Art 6(1)(a) GDPR), we will process your email address to provide you with our newsletter in regular intervals. It is sufficient to provide us with your salutation, title, email address, first name, and last name in order to receive the newsletter.

It is possible to unsubscribe from our newsletter at every time, for example via a link at the end of every newsletter we provide you with or via our “Unsubscribe” webpage.

3. Sharing your data with third parties

We do not share your personal data with third parties other than in the following ways.

We only share your personal data with third parties if:

  • You have expressly consented pursuant to Art 6(1)(a) GDPR,
  • Sharing the data is necessary pursuant to Art 6(1)(f) GDPR in order to support a legal claim or defend against a legal claim and there is no reason to suspect that you have a prevailing interest in not sharing the data with third parties that is worthy of protection,
  • Sharing your data is mandated by law (pursuant to Art 6(1)(c) GDPR), or
  • It is legally permissible and necessary pursuant to Art 6(1)(b) GDPR in order to conclude a contract with you.

4. Duration of storage of your personal data

Generally, personal data will be deleted when the purpose for which the data had been collected no longer requires fulfilment. If we are mandated to retain data for a longer period time in certain cases (by German law, or European law pursuant to Art 17(3)(b) GDPR), data will not be deleted but its processing will be restricted. In such a case, data may only – but for its storage – be processed with your consent, for the establishment, exercise or defence of legal claims, to protect the rights of a third party (natural or legal person), or to protect a legitimate interest of the European Union or one of its member states.

Furthermore, you retain the right to withdraw your consent to the processing of personal data by us at any time – including for only particular pieces of data. If you withdraw your consent, we will delete the personal data it concerns immediately. Any withdrawal will not affect the legality of the processing of data that took place prior to the withdrawal.

5. Right of objection

If your personal data was processed on the basis of legitimate interests, pursuant to Art 6(1)(f) GDPR, you have the right to object (Art 21 GDPR) on grounds relating to your particular situation or if the data is processed for direct marketing purposes. In the latter case, you have a general right of objection which will be followed by us without resort to your particular situation being necessary.

If you intend to make use of your right of withdrawal or right of objection, it suffices to simply send us an email at datenschutz@schmitzknoth.de.

6. Rights of the data subject

You have the right to:

  • Obtain confirmation as to whether we process your personal data and certain other information, pursuant to Art 15 GDPR. This other information includes and is limited to (a) the purposes of the processing; (b) the categories of personal data concerned; (c) the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations; (d) where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period; (e) the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing; (f) the right to lodge a complaint with a supervisory authority; (g) where the personal data are not collected from the data subject, any available information as to their source; (h) the existence of automated decision-making, including profiling and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.

  • Have your data rectified pursuant to Art 16 GDPR in order to correct incorrect personal data or complete incomplete personal data.

  • Demand the erasure of personal data concerning you pursuant to the provisions in Art 17 GDPR unless the processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest, or for the establishment, exercise or defence of legal claims.

  • To demand the restriction of processing of your personal data pursuant to Art 18 GDPR if you contest the accuracy of the personal data, the processing is unlawful and you reject the erasure of the data, we no longer require the data for processing but require them for the establishment, exercise or defence of legal claims, or you object to processing pursuant to Art 21 GDPR;

  • Pursuant to Art 20, to receive the personal data concerning you in a structured, commonly used, and machine-readable format or to demand the transferral of the data to another controller.

  • To withdraw your consent at any time pursuant to Art 7(3) GDPR; if you withdraw your consent, we will no longer conduct the processing of personal data previously based on your consent.

  • To lodge a complaint with a supervisory authority pursuant to Art 77 GDPR. Generally, you may address this complaint to the supervisory authority responsible in the member state of your habitual residence, place of work, or of the domicile of our firm.

7. Data Security

We utilise the necessary technical and organisational security measures to secure your data against accidental or intentional manipulation, partial or complete data loss, destruction, and against access by unauthorised third parties. Our security measures are being constantly updated to keep up with technological advances.

8. Communication via email

You can find the necessary email addresses to contact us on our website. Please note that communication via email may present a security risk. Even though the law protects the content of your emails against third party access and interference, emails can be intercepted on their way from the sender to the addressee by third parties. As a guideline, you should not write in your unencrypted emails that which you would not write onto a postcard.

When communicating with us via email, your email and the personal data it contains (your name, email address, and other data contained in your message) are submitted to us. This personal data will be processed, stored, and forwarded as necessary to perform or enter into the contract between you and our firm (the legal basis of the data processing is Art 6(1)(b) GDPR) or based on your consent (Art 6(1)(a) GDPR). We may relate the personal data to third parties if necessary to satisfy a legal obligation, if necessary to protect the vital interests of you or another natural person, or if necessary for the performance of a task carried out in the public interest.

If we receive an email from you, we assume that we are authorised to reply and conduct further communication via email. If this is not in your interest, you must direct us to another form of communication in advance. Communication via encrypted emails utilising generally accepted encryption standards (e.g. PGP) is only available on your express wish and after separate confirmation.

9. Up-to-dateness of and changes to this data privacy statement

This data privacy statement is valid as of October 4th 2018.

Due to the further development of our website and changes to the services offered or due to demands made by law or administrative action it may become necessary in the future to alter this data privacy statement. The current data privacy statement is accessible at all times on https://www.schmitzknoth.de/datenschutz for your reference and for printing.