Data protection declaration according to the General Data Protection Regulation (GDPR) guidelines

I. Name and address of the person responsible

The person responsible under the General Data Protection Regulation (GDPR) and other national data protection laws of member states as well as other provisions of data protection law is:

LEONHARDT RATTUNDE
Law firm partnership with limited professional liability
Kurfürstendamm 26a 10719 Berlin

Tel.: + 49 (0)30 885 903 0 Fax: +49 (0)30 885 903 100
berlin_at_leonhardt-rattunde.de

II. Name and address of the data protection officer

The data protection officer of the person responsible can be reached at the address of the person responsible and at:
datenschutz_at_leonhardt-rattunde.de

III. General information on data processing

1. Scope of the processing of personal data

We process the personal data of our users only to the extent necessary to provide a functioning website and our content and services. The processing of personal data of our users takes place regularly only following consent of the user, either for the fulfilment and execution of a contractual relationship or on account of the legitimate interest of the responsible person or a third party. An exception applies in those cases in which prior consent cannot be obtained for factual reasons and the processing of the data is permitted by statutory provisions.

2. Purpose and legal basis for the processing of personal data

The purpose of processing personal data is either to operate the website of the responsible person or for a purpose explicitly described below.
If we obtain the consent of the data subject for the processing of personal data, Art. 6 para. 1 sentence 1 lit. a of the General Data Protection Regulation (GDPR) serves as the legal basis, e.g. within the framework of processing data provided in the contact form.
Art. 6 para. 1 sentence 1 lit. b of the GDPR serves as the legal basis for the processing of personal data required for the performance of a contract to which the data subject party. This also applies to processing operations necessary for the implementation of pre-contractual measures.
Insofar as the processing of personal data is necessary to fulfil a legal obligation to which our company is subject, Art. 6 para. 1 sentence 1 lit. c of the GDPR serves as the legal basis.
If the processing is necessary to safeguard a legitimate interest of the data controller or a third party, and if the interests, fundamental rights and fundamental freedoms of the data subject do not outweigh the first-mentioned interest, Art. 6 ( 1) sentence 1 lit. f of the GDPR serves as the legal basis for the processing.

3. Data erasure and processing time

The personal data of the data subject shall be deleted or blocked as soon as the purpose of the processing no longer applies.  Processing of data may also take place if the European or national legislator has provided for this in EU regulations, laws or other provisions to which the controller is subject. The data shall also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless further storage of the data is necessary for the conclusion or performance of a contract.

IV. Provision of the website and creation of log files

1. Description and scope of data processing

Each time you access our website, our system automatically collects data and information from the computer system of the accessing computer.

The following data will be collected:

  1. Information about the browser type and the version used
  2. The user’s operating system
  3. The user’s internet service provider
  4. The user’s anonymised IP address
  5. The date and time of access
  6. Websites from which the user’s system accesses our website
  7. Websites that are accessed by the user’s system via our website

The log files do not contain any assignable IP addresses (only anonymised) or other data that enable assignment to a user. The data are also processed in the log files of our system. Not affected are the IP addresses of the user or other data that enable the assignment of the data to a user. These  data are not processed together with other personal data of the user.

2. The legal basis for the storage of data

The legal basis for the temporary storage of data and log files is Art. 6 para. 1 sentence 1 lit. f of the GDPR.

3. Purpose of data processing

The temporary processing of the IP address by the system is necessary to enable the website to be delivered to the user's computer. For this purpose, the IP address of the user must be processed for the duration of the session.

The processing of data in the log files takes place in order to ensure the functionality of the website. The data is also used to optimise the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context.

These purposes also include our legitimate interest in data processing pursuant to Art. 6 para. 1 sentence 1 lit. f of the GDPR.

4.

The data will be deleted as soon as they are no longer necessary for the purpose of their collection. In terms of the collection of data to ensure the functioning of the website, this is the case when the respective browser session is terminated.

5. Possibility of opposition and removal

The collection of data for the provision of the website and the storage of data in log files is mandatory for the operation of the website. Consequently, the user may not object to this if he or she wishes to use the website.


V. Use of GIS (Creditor Information System)

The data controller has integrated GIS (“Gläubigerinformationssystem” – creditor information system) component on this website. GIS is a web system that provides creditors in insolvency proceedings with round-the-clock information on insolvency proceedings and allows creditors to be supported in the preparation of their claims and to electronically transmit the recorded data to the responsible insolvency administrator. GIS is a comprehensive information service for creditors.

The operating companies of GIS is the responsible party itself and STP Portal GmbH, Lorenzstraße 29, 76135 Karlsruhe, Germany.

GIS places a cookie on the information technology system of the person concerned. Setting the cookie enables the user-defined use of GIS that is necessary, for example, for the user to be able to log in using the GIS PIN. Cookies do not damage your computer and do not contain viruses. Cookies serve to make our services more user-friendly, more effective and safer. Cookies are small text files that are stored on your computer by your browser. The cookies used are so-called “session cookies”. They are automatically deleted at the end of your visit. Your browser has a number of settings regarding cookies: to inform you when cookies are set, to only allow cookies in individual cases, to accept cookies for specific cases or generally to exclude them and to activate automatic deletion of cookies when your browser is closed. If cookies are deactivated, the functionality of GIS will be limited.

Further information and the data protection regulations of STP Portal GmbH can be found at https://www.insolvenz-portal.de/datenschutz-datensicherheit. GIS is explained here https://www.insolvenz-portal.de/produkte/gis in more detail (information in German).

VI. Contact form and e-mail contact

1. Description and scope of data processing

A contact form is available on our website that can be used to contact us electronically. If a user makes use of this option, the data entered in the input mask will be transmitted to us and stored. These data are:

  1. Name
  2. Company
  3. E-mail address
  4. Other information within the scope of the request

At the time the message is sent, the following data will also be stored:

  1. The anonymous IP address of the user
  2. Date and time of registration

Your consent will be obtained for the processing of the data as part of the sending process and reference will be made to this data protection declaration.

Alternatively, you can contact us via the e-mail address provided. In this case, the personal data of the user that is transmitted with the e-mail will be stored.

The data will not be passed on to third parties in this context. The data will be processed exclusively for conducting the conversation and answering your request. 

2. Legal basis for the data processing

The legal basis for data processing if the user has given or her consent is Art. 6 para. 1 sentence 1 lit. a of the GDPR.

The legal basis for processing the data transmitted in the course of sending an e-mail is Art. 6 para. 1 sentence 1 lit. f of the GDPR. If the purpose of the e-mail contact is to conclude a contract, the additional legal basis for the processing is Art. 6 para. 1 sentence 1 lit. b of the GDPR.

3. Purpose of data processing

The processing of personal data from the input mask serves solely to process the establishment of contact. If you contact us by e-mail, replying to the request also constitutes legitimate interest in the processing of the data.

The other personal data processed during the sending process serve to prevent misuse of the contact form and to ensure the security of our information technology systems.

4. Duration of storage

The data are deleted as soon as they are no longer necessary to achieve the purpose for which they were collected. For the personal data from the input mask of the contact form and those sent by e-mail, this is the case when the respective conversation with the user has ended. The conversation ends when it can be inferred from the circumstances that the facts in question have been conclusively clarified.Should a contractual relationship come about, the data will be processed within the framework of the contractual relationship and deleted after conclusion of the contractual relationship unless there are legal obligations to store this data for a prescribed period, e.g. storage obligations that the responsible person is subject to.

5. Possibility of opposition and removal

The user has the possibility to revoke his or her consent to the processing of personal data at any time. If the user contacts us by e-mail, he or she can revoke his or her consent at any time without giving reasons and object to the storage of his or her personal data at any time. If any of these situations occur, the conversation cannot be continued.

The revocation of the consent and the objection of the storage can be addressed to the e-mail address datenschutz_at_leonhardt-rattunde.de.

In this case, all personal data stored in the course of establishing contact will be deleted unless the responsible party has to fulfil any storage obligations.

VII. Rights of the person concerned

If your personal data are  processed, you are the person concerned as defined in the GDPR and you have the following rights vis-à-vis the responsible person, which you can assert at any time in writing or in any other way against the responsible person. You are also welcome to direct such a correspondence to the email address datenschutz_at_leonhardt-rattunde.de.The rights of data subjects shall be as follows: 

1. Right to information pursuant to Art. 15 of the GDPR

You may request confirmation from the person responsible as to whether personal data relating to you are being processed.

If personal data relating to you are being processed, you can request information from the person responsible  as to what data these are, in which form, for what purpose and the manner in which they are processed.

You have the right to request information as to whether the personal data concerning you will be transferred to a third country or to an international organisation. In this context, you may request to be informed of the appropriate guarantees pursuant to Art. 46 of the GDPR in connection with the transfer.

2. Right of rectification according to Art. 16 of the GDPR

You have a right of rectification and/or completion vis-à-vis the person responsible if the personal data processed concerning you are inaccurate or incomplete. The person responsible must carry out the correction immediately.

3. Right to limitation of processing pursuant to Art. 18 of the GDPR

You may at any time request that the responsible party restrict processing under the following conditions:

  1. if you dispute the accuracy of the personal data concerning you for a period of time for which the controller can verify the accuracy of the personal data;
  2. if the processing is unlawful and you refuse to delete the personal data and instead request the restriction of the use of the personal data;
  3. if the controller no longer needs the personal data for the purposes of the processing but you need it to assert, exercise or defend legal claims, or
  4. if you have lodged an objection against the processing pursuant to Art. 21 para. 1 of the GDPR and it is not yet clear whether the legitimate reasons of the controller outweigh your reasons.

Where the processing of personal data concerning you has been restricted, such data may not be processed, with the exception of their storage, without your consent or for the purpose of asserting, exercising or defending rights or protecting the rights of another natural or legal person or for reasons of an important public interest of the European Union or of a Member State.

If the processing restriction has been restricted in accordance with the above conditions, you will be informed by the controller before the restriction is lifted.

4. Right to deletion pursuant to Art. 17 of the GDPR

You may demand that the person responsible delete the personal data concerning you immediately. If you do so, the person responsible is obliged to delete this data immediately if one of the reasons pursuant to Art. 17 para. 1 of the GDPR applies and the processing is not required pursuant to Art. 17 para. 3.

If the person responsible has made the personal data concerning you public and is obliged to delete them in accordance with Art. 17 ( 1) of the GDPR, he or she shall take appropriate measures, including of a technical nature, taking into account the available technology and the implementation costs, to inform the persons responsible for data processing who process the personal data that you, as the person concerned, have requested them to delete all links to this personal data or copies or replications of this personal data.

5.

You have the right to receive the personal data concerning you that you have provided to the responsible person in a structured, common and machine-readable format. In addition, you have the right to transfer this data to another data controller without being hindered by the data controller to whom the personal data have been provided, provided that

  1. the processing is based on a consent pursuant to Art. 6 para. 1 sentence 1 lit. a of the GDPR or Art. 9 para. 2 lit. a of the GDPR or on a contract pursuant to Art. 6 para. 1 sentence 1 lit. b of the GDPR and
  2. the processing is carried out using automated procedures.

In exercising this right, you also have the right to request that the personal data concerning you be transmitted directly by one responsible person to another responsible person, insofar as this is technically feasible. The freedoms and rights of other persons may not be affected by this.

The right to data transfer does not apply to the processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

6. Right of objection pursuant to Art. 21 of the GDPR

You have the right to object at any time for reasons arising from your particular situation to the processing of your personal data that takes place on the basis of Art. 6 para. 1 sentence 1 lit. e or f of the GDPR.

The controller will no longer process the personal data relating to you unless they can prove compelling and legitimate ground that outweigh your interests, rights and freedoms, or that the processing serves to assert, exercise or defend legal claims.

7.

You have the right to revoke your declaration of consent under data protection law at any time. The revocation of the consent does not affect the lawfulness of the processing carried out on the basis of the consent for the time period up to the revocation.

8. Right to complain to a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to complain to a supervisory authority, in particular in the Member State of your residence, place of work or place of presumed infringement, if you consider that the processing of your personal data is in breach of the GDPR.The competent authority for the person responsible is the Berlin data protection authority. 

The supervisory authority to which the complaint has been submitted shall inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy under Art. 78 of the GDPR.

Release January 2019

Sie verlassen mit dem nächsten Klick die Seite von LEONHARDT RATTUNDE und unterliegen den Datenschutzbedingungen der Drittanbieter.