Information obligations
Information obligations under Article 13 GDPR
The protection of your personal data is particularly important to us. For this reason, we process your personal data (“data”) exclusively on the basis of legal provisions. With this data protection declaration we would like to inform you comprehensively about the processing of your data at our firm and the data protection rights to which you are entitled under Article 13 of the European General Data Protection Regulation (GDPR).
1. WHO IS THE DATA CONTROLLER AND WHO CAN BE CONTACTED?
The person in charge is:
HUPE | GANTENBERG Rechtsanwälte Partnerschaft mbB
Brienner Str. 25
80333 München
Tel: +49 (0)89 890 555 6-0
E-Mail: info@hgp-legal.de
The privacy protection officer is:
Matthias Haßler (LL.M.)
Projekt 29 GmbH & Co. KG
Ostengasse 14
93047 Regensburg
E-Mail: m.hassler@projekt29.de
Tel.: 0941-2986930
2. WHAT DATA ARE PROCESSED AND FROM WHAT SOURCES DO THEY COME?
We process the data you send us as part of contract initiation or processing, on the basis of consent, or in connection with your application to or employment with our firm.
Personal data include:
IMaster/contact information, which for customers includes, for example, first and last name, address, contact details (e-mail address, phone number, fax number), bank details.
For applicants and employees, these are, for example, full name, address, contact details (e-mail address, phone number, fax number), date of birth, CV details and references, bank details, religious affiliation, photographs.
For business partners, these are, for example, the name of the legal representative, company, commercial registry number, VAT number, company number, address, contact details (e-mail address, phone number, fax number), and bank details.
In addition, we also process the following other personal data:
- Information on the type and content of contract data, order data, sales data and receipts, customer and consultation documents
- Information from electronic communication with us (e.g., IP address, log-in data),
- other data that we have received from you as part of our business relationship (e.g., during meetings with clients),
- Data that we generate ourselves from master/contact information and other data.
3. FOR WHAT PURPOSES AND ON WHAT LEGAL BASIS ARE THE DATA PROCESSED?
We process your data in accordance with the provisions of the General Data Protection Regulation (GDPR) and the Federal Data Protection Act 2018 as amended:
- for the fulfillment of (pre)contractual obligations (art. 6 para 1lit.b GDPR):
- The processing of your data is done for contract processing online or in one of our branches, for contract processing of your staff in our company. Data are processed especially for business start-up and execution of contracts with you.
- For the fulfillment of legal obligations (Art. 6 par. 1 lett. c GDPR):
- The processing of your data is necessary to fulfill various legal obligations, such as those under the German Commercial Code or the German Tax Code.
- To safeguard legitimate interests (Art. 6 par. 1 lett. f GDPR):
- Based on a weighing of interests, data processing may take place beyond the actual fulfillment of the contract to protect our legitimate interests or those of third parties. Data processing for the protection of legitimate interests occurs, for example, in the following cases:
- Measures for business management
- Maintenance of a corporate database
- In the context of judicial proceedings
- Sending non-promotional information and press releases.
- Within the scope of your consent (Art. 6 para. 1 lit. a GDPR):
If you have given us consent to process your data, for example, to publish photos.
4. PROCESSING OF PERSONAL DATA FOR ADVERTISING PURPOSES
You can object at any time to the use of your personal data for advertising purposes, either as a whole or for individual measures, without incurring any costs beyond those of transmission according to the basic rates.
Pursuant to Section 7 (3) UWG, we are authorized to use the e-mail address you provided at the time of contracting for direct advertising of similar products or services owned by us. You will receive these product recommendations from us regardless of whether you have subscribed to a newsletter. If you do not wish to receive such recommendations from us by e-mail, you may object at any time to the use of your address for this purpose, without incurring any costs beyond those of transmission according to the basic rates. A message in text form is sufficient for this purpose. Of course, there is always an unsubscribe link in every e-mail.
5. WHO RECEIVES MY DATA?
If we use a service provider for order processing, we still remain responsible for the protection of your data. All processors are contractually obligated to treat your data confidentially and process it only in the context of providing the service. Our appointed processors will receive your data if they need it to fulfill their respective service. These are, for example, IT service providers we need for the operation and security of our computer system, as well as publishers of advertisements and addresses for our advertising campaigns.
Your data is processed in our customer database.
In case of legal obligations and within the framework of judicial proceedings, authorities and courts, as well as external auditors, may be recipients of your data. In addition, insurance companies, banks, credit agencies and service providers may be recipients of your data for the purpose of contract initiation and execution.
6. HOW LONG WILL MY DATA BE KEPT?
We process your data until the end of the business relationship or until the expiration of statutory retention periods (e.g., the German Commercial Code, the German Tax Code, or the Working Time Act); also, until the end of any legal disputes in which the data are required as evidence.
7. IS PERSONAL DATA TRANSFERRED TO A THIRD COUNTRY?
In principle, we do not transfer any data to a third country. In individual cases, data are transferred only on the basis of an adequacy decision by the European Commission, standard contractual clauses, appropriate safeguards or your explicit consent.
8. WHAT DATA PROTECTION RIGHTS DO I HAVE?
You have the right to information, correction, deletion or restriction of processing of your stored data, the right to object to processing, as well as the right to data portability and to lodge a complaint in accordance with the requirements of the Data Protection Act.
Right to information:
You can request information about whether and to what extent we process your data.
Right of rectification:
If your data is processed incompletely or incorrectly, you can request that it be corrected or completed at any time.
Right to cancellation:
You can request deletion of your data if it is processed unlawfully or if the processing disproportionately interferes with your legitimate protection interests. Note that there may be reasons that prevent immediate deletion, for example in the case of statutory retention obligations. Regardless of whether you exercise your right to erasure, we will delete your data immediately and completely, provided there are no legal or statutory retention obligations to the contrary
Right to restriction of data processing:
You can request the restriction of the processing of your data if you
- you challenge the accuracy of the data, for a period that allows us to verify it
- the processing of the data is illegal, but objects to the deletion of the data and instead requests the restriction of its use
- We no longer need the data for the intended purpose, but you still need them for the assertion or defense of legal claims, or
- You object to data processing.
Right to data transferability:
You may request the transmission of data provided to us in a structured, commonly used, machine-readable format and the transmission of such data to another data controller without any hindrance from us, provided that
- We process such data on the basis of your revocable consent or for the performance of a contract between us, and
- the processing is carried out using automated procedures.
If it is technically possible, you can request that the data be transferred directly to another data controller.
Right of opposition:
If we process your data on the basis of a legitimate interest, you may object to such processing at any time; this also applies to profiling based on these provisions. In that case, we will no longer process your data, unless we can prove the existence of compelling legitimate grounds for processing that override your interests, rights and freedoms or that the processing serves the establishment, exercise or defense of legal claims. You can object to the processing of your data for direct advertising purposes at any time, without having to give reasons.
Right to file a complaint:
If you believe that our processing of personal data violates German or European data protection law, please contact us to clarify any concerns. Of course, you will also have the right to contact the supervisory authority responsible for you, the respective state data protection supervisory office. Should you wish to assert any of these rights against us, please contact our data protection officer. In case of doubt, we may request additional information to confirm your identity.
9. AM I OBLIGED TO PROVIDE MY DATA?
The processing of your data is necessary for the conclusion or fulfillment of the contract you have entered into with us. If such data were not provided to us, we would generally have to refuse to conclude the contract or we would no longer be able to fulfill an existing contract and would therefore have to terminate it. However, there is no obligation to give consent to the processing of data that is not relevant or legally necessary for the fulfillment of the contract.