If you would like to read an introduction to the topic of data protection and general information on the terms used in the General Data Protection Regulation, you will find further information on the website of the Federal Data Protection Officer, available at https://www.bfdi.bund.de/DE/Datenschutz/datenschutz-node.html (German language only).
2.1. DWF Germany Rechtsanwaltsgesellschaft mbH, Habsburgerring 2 - WESTGATE -, 50674 Cologne is the ‘controller’ and as such responsible for the processing of your personal data. You can reach us for general questions either by phone at +49 221 534098-0 or by e-mail at email@example.com. Further information may be found on our website at https://de.dwf.law/en/About-Us.
2.2. For questions on data protection or exercising your rights under data protection law (see Section 4), you may contact our data protection officer either by post at our address given above or by email at firstname.lastname@example.org.
If you visit our website without logging in, registering or otherwise filling in the input fields on the website, we process your personal data as follows:
3.1.1. For the purpose of providing our website, we process the IP address, access time, browser information, operating system, language setting, screen resolution, the page or file accessed, as well as the access status (successful or error code) for each page view of all website visitors. The processing is technically necessary to enable the use of our website (Art. 6 (1) lit. b GDPR). The data is deleted after the end of your visit to our website, unless specific data is processed for one of the following purposes.
3.1.2. For the purpose of detecting and blocking attacks on our website and the technical infrastructure (e.g. hacking, denial of service attack), we process the IP addresses, access time, accessed subpage (s), and transmitted data volume of all website visitors. This processing is necessary to fulfil our legal obligation to take protective measures against attacks (Article 6 (1) lit. c GDPR). The data is deleted seven (7) days after the end of your visit to our website, unless an attempted attack is detected. In the event of a detected attempted attack from your point of access, the data will be further processed for technical and, if necessary, legal processing.
3.1.3. Our website is operated by DWF LLP, 1 Scott Place, 2 Hardman Street, Manchester, M3 3AA, United Kingdom. The data relating to sections 3.1.1, 3.1.2 and 3.1.4.a) to 3.1.4.c) is transferred to DWF LLP and to the technical service provider Microsoft, Microsoft UK Headquarters, Microsoft Campus, Thames Valley Park, Reading, RG6 1WG as processors (Art. 28 GDPR). The transmission is technically necessary to allow the use of our website (Article 6 (1) lit. b GDPR).
We use the following cookies on our website:
a) For the purpose of accelerating the delivery of our website through the use of so-called "load balancing", i. e. distributing the web site access to multiple servers, we use the services of the company Microsoft. For this purpose, several cookies are stored on the device of each visitor of our website to recognize each visitor by means of a random pseudonym identifier for as long as the browser window is open. The cookies do not contain any further personal data. The cookies are transferred to Microsoft, s. above section 3.1.3. The processing is technically necessary to enable the use of our website (Art. 6 (1) lit. b GDPR). The cookies are deleted at the end of the session, i. e. as soon as the browser window and the browser are closed.
b) To provide a personalised presentation of our website, we store functionally necessary cookies on the devices of the website visitors. These cookies contain the following data: Language setting. The processing is technically necessary to enable the use of our website (Art. 6 (1) lit. b GDPR). These cookies are deleted after the end of the session, or otherwise allowed, blocked and deleted according to the settings of your web browser (e.g. when closing the browser window). If cookies are disabled entirely for our website, it may not be possible to fully use all functions of the website.
c) For the analysis of visitor behaviour by Google Analytics we store cookies on the device of the website visitors. Thus, the IP address (shortened and anonymised by anonymization function), from which website a data subject is forwarded to a website (so-called referrer), what subpages of the website are accessed or how often and for how long a subpage is viewed, are transferred to Google Inc., 1600 Amphitheater Pkwy, Mountain View, CA 94043-1351, USA and processed there. The processing there is mainly used for the optimisation of our website and for the cost-benefit analysis of internet advertising. Among other things, Google uses the data and information obtained to evaluate the use of our website, to compile online reports on the activities on our website for us, and to provide other services related to the use of our website. This processing is required to pursue our legitimate interests (Art. 6 (1) lit. f GDPR), to provide website visitors with a website experience that is tailored to their personal preferences and to provide product recommendations and advertising for our company and our products that are tailored to their interests. The transfer to the United States of America is based on an adequacy decision by the EU Commission (Art. 45 GDPR) due to the recipient's participation in the "EU-US Privacy Shield". The cookies are deleted at the latest after two years, or earlier in accordance with the settings of your web browser (e.g. when closing the browser window).
d) This website uses services provided by Hotjar Ltd., Level 2 St Julians Business Centre, 3, Elia Zammit Street, St Julians STJ 1000, Malta. Hotjar provides services including Heatmaps, Visitor recordings, Funnels and Form Analysis, Feedback Polls, Surveys and Recruiters. The information generated by the tracking code and cookie about your use of the website will be transmitted to and stored by Hotjar on servers in Ireland. Through the Hotjar tracking code the information collected includes your device's IP address, which is collected and stored in an anonymized format.Moreover, Hotjar collects and stores the device screen size, device type (unique device identifiers), browser information, geographic location (country only), preferred language used to display our website). Hotjar stores this information in a pseudonymized user profile. Hotjar will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage. The processing there is mainly used for the optimisation of our website and for the cost-benefit analysis of internet advertising. This processing is required to pursue our legitimate interests (Art. 6 (1) lit. f GDPR), to provide website visitors with a website experience that is tailored to their personal preferences and to provide product recommendations and advertising for our company and our products that are tailored to their interests. The cookies are deleted at the latest after 365 days, or earlier in accordance with the settings of your web browser (e.g. when closing the browser window).
e) All cookies are allowed, blocked and deleted according to the settings stored in your web browser (e.g. when closing the browser window). If cookies are disabled entirely for our website, it may not be possible to fully use all functions of the website. You may object the processing described in the above letter c) at any time in accordance with Section 4.2.3, if the conditions of Art. 21 GDPR are met. You can also prevent the storage and processing described in letter c) above through preferences in your browser, for example, by turning on the measures offered there to protect against tracking of your activities.
3.2. Processing email requests
To process all inquiries that reach us by email, we process the surname, first name, email address, and other personal data communicated in the e-mail as well as information on the content of the request. These data are transferred to our technical service provider (email hosting) QualityHosting AG, Uferweg 40-42, D-63571 Gelnhausen as a processor (Art. 28 GDPR). The processing is necessary to handle the request or inquiry (Article 6 (1) lit. b GDPR). This data is also transferred to Mimecast Ltd. UK, Citypoint, 1 Ropemaker St, London EC2Y 9AW as processor (Art. 28 GDPR) in order to ensure auditable long-term archiving for the duration of statutory retention obligations. This transmission is necessary for the fulfilment of a legal obligation (Art. 6 (1) lit. c GDPR). Depending on the content of the request, processing will be restricted to processing for the specific purpose of the request immediately after completing the processing of the requestor's request (e.g. use of our products by the customer, promotion of our services in the context of new customer acquisition). After the fulfilment of the request or inquiry as well as all legal obligations, in particular commercial and tax law retention requirements, the data is deleted.
3.3. Processing of requests by telephone
To process general or mandate-related telephone inquiries, we process names, first names, telephone numbers and other personal data communicated by the caller via telephone as well as details of the content of the telephone request. The processing is necessary to handle the request of the caller (Art. 6 (1) lit. b GDPR). Incoming calls outside business hours are redirected and the aforementioned data are transmitted to our service provider ebuero AG, Hauptstraße 8, 10827 Berlin as processor (Art. 28 DS-GVO) or are collected by them and transmitted by email to us. Depending on the content of the request, processing will be restricted to processing for the specific purpose of the request immediately after completing the processing of the requestor's request (e.g. use of our products by the customer, promotion of our services in the context of new customer acquisition). The telephone numbers of all callers, as well as data, time and duration of calls are stored in our telephone system for a maximum of about three months (limited number of records, the oldest ones are overwritten) in order to be able to give evidence of past phone calls. Inquiries directed at by telephone are usually handled internally using emails, and the data contained therein are stored and erased in accordance with our general retention policy for emails (see sect. 3.2).
3.4. Processing inquiries via social media
In order to process inquiries directed at us via our presence in the social networks Facebook, Twitter, LinkedIn, Xing or Google+, we process the personal data that you have published on the respective social network. The processing of your data is required to process your request (Art. 6 (1) lit. b GDPR). Depending on the content of the request, processing will be restricted to processing for the specific purpose of the request immediately after completing the processing of the requestor's request (e.g. use of our products by the customer, promotion of our services in the context of new customer acquisition). After the fulfilment of the request or inquiry as well as all legal obligations, in particular commercial and tax retention requirements, the data is deleted.
3.5. Advertisement to prospective clients
To advertise our company's products by telephone, letter, e-mail, and electronic messages on the platforms Twitter, Xing, and LinkedIn, we process the names, first names, mailing addresses, e-mail addresses, phone numbers, and electronic identifiers of the respective platform, the position in the company and the information available on the specific interest of the company in our products and services of the contact persons of potential clients. Insofar as we have not received this data from the (representative of a) potential customer (e.g. as a contact at a trade fair or event, via the contact form on the website or as part of a call), we collect the data about the respective platform used (Twitter, Xing or LinkedIn), as far as they are visible for everybody or have been shared with us there, as well as from public directories. This processing is required to pursue our legitimate interests (Art. 6 (1) lit. f GDPR) to advertise our services to prospective clients directly, thereby increasing sales of our services. The data is no longer processed for direct advertising if the prospective client objects and in any case only to the extent that the potential client would expect in the context of a contractual relationship without being considered a nuisance. The data is deleted, respectively the connection on the platforms Xing or LinkedIn terminated, if the contact person objects to the data processing for advertising purposes. The data is deleted manually upon decision of our sales department if, during the course of the conversation, it is made clear that the potential client has no present or future interest in our services, or if enough time has passed without response of the potential customer that a reaction can no longer be expected.
4.1. You may at any time exercise your rights as a data subject by contacting us by mail to our address mentioned in section 2.1 or by email to the e-mail address mentioned in section 2.2. Please keep in mind that we do not answer any inquiries about personal data by telephone, because generally the identity of the caller cannot be determined with sufficient certainty.
4.2. You have the following rights with respect to your personal data:
4.2.1. You may exercise your right of access (Art. 15 GDPR), the right to rectification (Art. 16 GDPR), the right to erasure (Art. 17 GDPR) and the right to restriction of processing, i. e. blocking for certain purposes, (Art. 18 GDPR) at any time, if the respective statutory prerequisites are met.
4.2.2. Your right to data portability (Art. 20 GDPR) also stipulates that, if the statutory prerequisites are met, you may demand that your personal data stored by us will be transferred to you – or insofar as technically feasible, to another controller designated by you – in a structured, commonly used and machine-readable format.
|4.2.3. You have the right to object to processing (Art. 21 GDPR) for some processing purposes, in particular advertising purposes. Insofar as we process your data based on a balancing of interests (pursuant to Art. 6 (1) lit. f GDPR), you have the right to object to this processing at any time based on grounds related to your particular situation. Such grounds may be compelling in particular, if they give special weight to your interests, which thereby outweigh our interests, for example if these reasons are not known to us and therefore could not be taken into account in the balancing of interests|
4.3. You also have the right to contact the competent data protection supervisory authority for questions or complaints regarding the processing of your personal data.