rp law schaden Rechtsanwälte Ihre Experten

The secure, economical, and transparent handling of your personal data is always a top priority for us, regardless of your role as a permanent contractual partner or as an interested party. Therefore, we only process personal data to the extent necessary. If there is no direct legal basis for the necessary processing, we will obtain the consent of the data subject.

This privacy policy serves to describe the type, purpose and scope of the personal data we process and provides data subjects with information about their rights.

Please also note that you can generally use our website without providing any personal data. You can also contact us via other means of communication (by phone, mail, or email).

I. When you visit this website

1. Definitions (see Art. 4 GDPR)

a. Processing

The processing of personal data refers to a wide range of applications. This primarily includes the collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, use, disclosure by transmission, dissemination or otherwise making available, alignment or linking, restriction, erasure, or destruction of personal data.

The restriction of the agreement is the marking of stored personal data with the aim of limiting their future processing.

b. Controller or person responsible for processing

This is any natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of processing personal data. Where the purposes and means of such processing are specified by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.

c. Processor

Processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

d. Personal data

This is all information relating to an identified or identifiable person ("data subject"). A natural person is identifiable if he or she can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.

The identified or identifiable person is affected if his or her data is processed by the controller (“we”) and/or by the persons commissioned by him or her (contract data processors).

e. Profiling

Profiling is any form of automated processing of personal data in which those data are used to evaluate certain personal aspects relating to a natural person. In particular, this includes analyses and/or predictions concerning aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements.

f. Pseudonymization

This describes the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that this additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.

g. Recipient

Recipient is a natural or legal person, public authority, agency or other body to which personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be considered recipients.

h. Third

Third party is a natural or legal person, public authority, institution or other body.

Third parties are not data subjects, the controller, the data processor and persons who are authorized to process personal data under the responsibility of the controller or the data processor.

i. Consent

Consent is an expression of the data subject's wishes. It is given voluntarily, for a specific case, in an informed and unambiguous manner. Consent may take the form of a statement or other unambiguous affirmative action by which the data subject signifies agreement to the processing of personal data concerning him or her.

2. Contact details of the controller

rp law Rechtsanwaltsgesellschaft mbH

Managing Directors: Attorney Hellmut Damlachi, Attorney Christian Heitmann

Rennbahnstr. 72-74,

60528 Frankfurt am Main

Phone: 49 69 – 8700658 – 0

Fax: 49 69 – 8700658 – 99

E-Mail: info@rp-law.de

3. Cookies

Our website uses cookies. When you visit a website, cookies are stored as text files on the user's device for the duration of the visit. The next time you visit the website, text files are retrieved to recognize the user and their settings. This serves the controller's interest in making interaction with the website easier for users and in continuously adapting the website to user needs through changes and optimizations.

Cookies can contain information about the settings selected by the user or data collected independently by the website. Cookies primarily enable the determination of the frequency of use, the number of users, and the behavior during use itself.

The data subject can always prevent the setting of cookies and thus object to their storage. This can be done by making the appropriate settings in the Internet browser used. Furthermore, cookies saved in the past can be deleted at any time via the Internet browser.

4. Analyse-/Tracking- Tools

The tracking measures listed below and used by us are carried out on the basis of Art. 6 (1) (f) GDPR. With the tracking measures used, we want to ensure a needs-based design and the continuous optimization of our website. We also use the tracking measures to statistically record the use of our website and to evaluate it for the purpose of optimizing our offering for you. These interests are considered legitimate within the meaning of the aforementioned provision.

The respective data processing purposes and data categories can be found in the corresponding tracking tools.

a) Google Analytics1

For the purpose of tailoring our website to meet your needs and continuously optimizing it, we use Google Analytics, a web analysis service provided by Google Inc. (https://www.google.de/intl/de/about/) (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; hereinafter referred to as "Google"). In this context, pseudonymized user profiles are created and cookies (see section 4) are used. The information generated by the cookie about your use of this website, such as

Browser-Typ/-Version,
operating system used,
Referrer URL (the previously visited page),
Hostname of the accessing computer (IP address),
Time of server request,

are transmitted to a Google server in the USA and stored there. This information is used to evaluate your use of the website, to compile reports on website activity and to provide other services related to website activity and internet usage for the purposes of market research and the needs-based design of these websites. This information may also be transferred to third parties if required to do so by law or if third parties process this data on Google's behalf. Under no circumstances will your IP address be merged with other data held by Google. IP addresses are anonymized so that assignment is not possible (IP masking).

You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website.

You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by downloading and installing a browser add-on (https://tools.google.com/dlpage/gaoptout?hl=de).

As an alternative to the browser add-on, especially for browsers on mobile devices, you can also prevent Google Analytics from collecting data by clicking this link. This will set an opt-out cookie that prevents your data from being collected when you visit this website in the future. The opt-out cookie is only valid in this browser and only for our website and is stored on your device. If you delete the cookies in this browser, you must set the opt-out cookie again.

Further information on data protection in connection with Google Analytics can be found in the Google Analytics Help (https://support.google.com/analytics/answer/6004245?hl=de).

Data protection authorities require the conclusion of a data processing agreement for the permissible use of Google Analytics. A corresponding template is available from Google at http://www.google.com/analytics/terms/de.pdf.

b) Google Adwords Conversion Tracking

We also use Google Conversion Tracking to statistically record the use of our website and evaluate it for the purpose of optimizing our website for you. Google Adwords places a cookie (see section 4) on your computer if you accessed our website via a Google ad.

These cookies expire after 30 days and are not used for personal identification. If the user visits certain pages of the AdWords customer's website and the cookie has not yet expired, Google and the customer can recognize that the user clicked on the ad and was redirected to that page.

Each AdWords customer receives a different cookie. Cookies cannot therefore be tracked across AdWords customers' websites. The information collected using the conversion cookie is used to compile conversion statistics for AdWords customers who have opted for conversion tracking. AdWords customers learn the total number of users who clicked on their ad and were redirected to a page with a conversion tracking tag. However, they do not receive any information that can be used to personally identify users.

If you do not wish to participate in the tracking process, you can also refuse the setting of a cookie required for this purpose – for example, by setting your browser to generally deactivate the automatic setting of cookies. You can also deactivate cookies for conversion tracking by setting your browser to block cookies from the domain "www.googleadservices.com." Google's privacy policy on conversion tracking can be found here (https://services.google.com/sitestats/de.html).

c) Google Fonts

Our website uses external fonts called "Google Fonts." Google Fonts is a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. GDPR. In doing so, your browser also transmits personal data to Google LLC in the USA. The legal basis for data processing is Art. 6 (1) (a) GDPR. Further information about data processing by Google can be found here: https://www.google.com/policies/privacy/

d) Matomo

We use the open-source software Matomo to analyze and statistically evaluate website usage. Cookies are used for this purpose (see section 4). The information generated by the cookie about website usage is transferred to our servers and compiled into pseudonymous user profiles. This information is used to evaluate website usage and to enable a needs-based design of our website. This information is not shared with third parties.

Under no circumstances will the IP address be associated with other user data. IP addresses are anonymized so that assignment is not possible (IP masking).

Your visit to this website is currently being tracked by Matomo Web Analytics. Click here (https://matamo.org/docs/privacy/) to prevent your visit from being tracked.

5. Social Media Plug-ins

Based on Art. 6 (1) (f) GDPR, we use social plug-ins from the social networks Facebook, Twitter, and Instagram on our website to raise awareness of our firm. The underlying advertising purpose is considered a legitimate interest within the meaning of the GDPR. Responsibility for ensuring compliance with data protection regulations rests with the respective providers. We integrate these plug-ins using the so-called two-click method to best protect visitors to our website.

a) Facebook

Our website uses social media plugins from Facebook to personalize its use. For this purpose, we use the "LIKE" or "SHARE" button. This is a service provided by Facebook.

When you visit a page of our website that contains such a plugin, your browser establishes a direct connection to the Facebook servers. The content of the plugin is transmitted directly from Facebook to your browser, which then integrates it into the website.

By integrating the plug-in, Facebook receives the information that your browser has accessed the corresponding page of our website, even if you do not have a Facebook account or are not currently logged into Facebook. This information (including your IP address) is transmitted from your browser directly to a Facebook server in the USA and stored there.

If you are logged in to Facebook, Facebook can directly associate your visit to our website with your Facebook account. If you interact with the plug-ins, for example, by clicking the "LIKE" or "SHARE" button, the corresponding information is also transmitted directly to a Facebook server and stored there. The information is also published on Facebook and displayed to your Facebook friends.

Facebook may use this information for the purposes of advertising, market research, and tailoring Facebook pages to meet your needs. For this purpose, Facebook creates usage, interest, and relationship profiles, e.g., to evaluate your use of our website with regard to the advertisements displayed to you on Facebook, to inform other Facebook users about your activities on our website, and to provide other services related to the use of Facebook.

If you do not want Facebook to assign the data collected via our website to your Facebook account, you must log out of Facebook before visiting our website.

For information on the purpose and scope of data collection and the further processing and use of data by Facebook, as well as your rights and setting options for protecting your privacy, please refer to Facebook's privacy policy (https://www.facebook.com/about/privacy/).

b) Twitter

Our website incorporates plug-ins from the short message network of Twitter Inc. (Twitter). You can recognize the Twitter plug-in (tweet button) by the Twitter logo on our site. An overview of tweet buttons can be found here (https://about.twitter.com/resources/buttons).

When you visit a page on our website that contains such a plugin, a direct connection is established between your browser and the Twitter server. Twitter thus receives the information that you have visited our page using your IP address. If you click the Twitter "tweet button" while logged into your Twitter account, you can link the content of our pages to your Twitter profile. This allows Twitter to associate your visit to our pages with your user account. We would like to point out that, as the provider of the pages, we have no knowledge of the content of the transmitted data or how Twitter uses it.

If you do not want Twitter to be able to associate your visit to our website, please log out of your Twitter account.

For more information, please see Twitter’s privacy policy (https://twitter.com/privacy).

c) Instagram

Our website also uses so-called social plugins (“plugins”) from Instagram, which is operated by Instagram LLC, 1601 Willow Road, Menlo Park, CA 94025, USA (“Instagram”).

The plugins are marked with an Instagram logo, for example in the form of an “Instagram camera”.

When you visit a page on our website that contains such a plugin, your browser establishes a direct connection to Instagram's servers. The content of the plugin is transmitted directly from Instagram to your browser and embedded into the page. Through this integration, Instagram receives the information that your browser has accessed the corresponding page of our website, even if you don't have an Instagram profile or are not currently logged into Instagram.

This information (including your IP address) is transmitted directly from your browser to an Instagram server in the USA and stored there. If you are logged in to Instagram, Instagram can directly associate your visit to our website with your Instagram account. If you interact with the plug-ins, for example, by clicking the "Instagram" button, this information is also transmitted directly to an Instagram server and stored there.

The information will also be published on your Instagram account and displayed to your contacts there.

If you do not want Instagram to directly assign the data collected via our website to your Instagram account, you must log out of Instagram before visiting our website.

For further information, please see Instagram’s privacy policy (https://help.instagram.com/155833707900388).

6. Rights of the data subject

In addition to exercising the right to lodge a complaint with the competent supervisory authority, data subjects may always contact the controller or the controller's data protection officer for the purpose of asserting the following rights.

a. Right to information

The data subject may request confirmation from the controller as to whether or not personal data concerning them is being processed. This right also includes information that no personal data is being processed. The data subject may contact the controller's data protection officer or an employee of the controller at any time. The controller will provide the data subject with a copy of their personal data. A fee may be charged for additional copies. Electronic requests will be accompanied by the transmission of an electronic copy unless the data subject specifies otherwise. Copies will only be provided if the data subject can prove that they are entitled to request the personal data (e.g., by presenting an ID card with redacted information). The right to information relates to the following information:

Processing purposes
Categories of personal data
Recipients or categories of recipients, in particular recipients in third countries
Planned storage period or criteria for determining the storage period
Existence of a right to: rectification, erasure, restriction of processing or objection
Existence of a right of complaint to a supervisory authority
All available information about the origin of the data if personal data is not collected directly
Information about appropriate safeguards when data is transferred to third countries
Meaningful information about the logic involved and the scope and intended effects of such processing for the data subject if automated decision-making is carried out: Automated decision-making takes place when the decision within the framework of automated processing has legal effects concerning a data subject (e.g. conclusion of a contract) or significantly affects the data subject in another way.

b. Right to rectification

If the data of a data subject is incorrect or no longer up to date, the data subject has the right to have the data corrected.

c. Right to erasure (“right to be forgotten”)

The controller is obliged to delete the personal data of a data subject who requests the deletion of his or her personal data under the following conditions:

Loss of purpose: The data is no longer necessary for the purpose of its processing.
Loss of legal basis: The data subject withdraws their consent and there is no other legal basis for the processing of personal data (see Art. 6 (1) (a) GDPR and Art. 9 (2) (a) GDPR).
Objection: The data subject objects to the processing of his or her personal data and there is no overriding legitimate ground for further processing that outweighs the rights and freedoms of the data subject (see Art. 21(1) or (2) GDPR).
Unlawfulness: The personal data have been processed unlawfully (e.g. by carrying out unlawful attacks on information technology systems)
More specific law: A legal obligation (Union or Member State law) requires the erasure of personal data.

If the controller has made personal data subject to erasure public, it must also take appropriate measures, taking into account the state of the art and any costs, to inform other controllers of the erasure request.

The controller is not obliged to delete data under the following conditions:

Exercise of the right to freedom of expression and information
Fulfillment of a legal obligation
Reasons of public interest in the area of public health
Reasons of public interest in the form of archiving purposes, scientific or historical research purposes or statistical purposes
Assertion, exercise or defense of legal claims

d. Right to restriction of processing (“blocking”)

The data subject may request the restriction of processing of his or her personal data under the following conditions:

The accuracy of the data of the data subject is contested and the controller has not yet been able to verify this.
The processing is unlawful and the data subject opposes the erasure of the data but requests the restriction of processing
The controller no longer needs the data for the purposes of the processing, but the data subject needs the data to assert, exercise or defend legal claims.
It is still unclear which interests (those of the controller or those of the data subject) prevail in the context of an objection raised by the data subject.

Data processing can only take place under the following conditions in the event of a restriction of processing:

Consent of the data subject
Exercise, defense and assertion of legal claims
Protection of the rights of a natural or legal person
Reasons of important public interest of the Union or of a Member State

In these cases, the controller must inform the data subject before lifting the restriction.

e. Right to data portability

The data subject may request from the controller to receive the personal data that he or she has made available in a structured, commonly used and machine-readable format and, where technically feasible, to transmit the data to another controller without hindrance from the controller.

The right to data portability only applies if

the processing is based on consent or a contract and
using automated procedures.

Exceptionally, the right to data portability does not apply if the processing is carried out to perform a task which

is in the public interest or
in the exercise of official authority vested in the controller.

f. Right to object

If the processing is based on a purpose carried out in the public interest or in the exercise of delegated official authority or on the protection of the legitimate interests of the controller, the data subject may also object to the processing.

The controller cannot grant the objection if

there are compelling legitimate grounds which outweigh the interests of the data subject or
processing is necessary for the exercise, defense and assertion of claims.

Furthermore, if personal data is used to address the data subject for advertising purposes, processing must be stopped immediately upon objection.

g. Automated decisions in individual cases

The data subject has the right not to be subject to automated decisions (e.g. online credit application) that produce legal effects or otherwise significantly affect the data subject.

The application may include the following concerns:

Human intervention: A person from the controller intervenes in the automated process.
Opportunity to present a point of view
Contesting an automated decision

h. Right to withdraw consent under data protection law

The consent given by the data subject can be revoked at any time. The revocation can be given electronically and applies to further future data processing.

7. Use of Google Analytics

This website uses Google Analytics, a web analytics service provided by Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA). A data processing agreement exists between Google and the controller pursuant to Art. 28 GDPR. Google Analytics collects, gathers, and evaluates data relating to the behavior of each visitor. This is done using a cookie (see section 4), which is stored on the visitor's device.

For example, personal information about the so-called "referrer" (website from which the visitor reaches the controller's website), access to the subpages of the controller's website, the number and duration of visits to the respective subpages, the location of access to a website, or the IP address of the data subject are stored. This data is generally transmitted by Google to servers in the United States of America and stored there each time the controller's website is accessed. Google does not share this data with third parties and does not combine IP address data with other data.

The purpose of using Google Analytics is to analyze and evaluate visitor traffic on the controller's website. For this purpose, Google creates so-called online reports that summarize the activities performed on the website. Furthermore, Google processes information to provide the controller with services related to website and internet usage.

The controller uses the "anonymizeIP" function for the use of Google Analytics. This function allows the collected IP address data to be anonymized before transmission, thus limiting the identifiability of the data subject, as long as access to the website takes place within a member state of the European Union or a state party to the Agreement on the European Economic Area.

The data subject can always prevent the setting of a cookie required for the use of Google Analytics by following the procedure described in section 4. Furthermore, the data processing can be effectively objected to at any time by installing a browser add-on that prevents any transmission of site visitor data to Google Analytics. The add-on can be downloaded via this link and can be reinstalled and reactivated at any time: https://tools.google.com/dlpage/gaoptout

Further information on Google's privacy policy: https://policies.google.com/privacy?hl=de&gl=de

https://www.google.com/analytics/terms/de.html

More information about Google Analytics:

https://www.google.com/intl/de_de/analytics/(11.) Legal basis for processing operations

Processing operations based on consent for a specific processing purpose have Art. 6 (1) (a) GDPR as the legal basis.

Processing operations that serve the fulfillment of a contract to which the data subject is a party or that are necessary to fulfill pre-contractual obligations towards the data subject (e.g. inquiries about our services) have Art. 6 (1) (b) GDPR as the legal basis.

Processing operations that are carried out due to a legal obligation have Art. 6 (1) (c) GDPR as the legal basis.

Furthermore, processing may be carried out on the basis of Art. 6 (1) (d) GDPR if this serves the vital interests of the data subject or is intended to protect other natural persons.

Furthermore, all further processing operations are based on Art. 6 (1) (f) GDPR, insofar as they serve to safeguard a legitimate interest of the company and do not outweigh the interests, fundamental rights and freedoms of the data subject.

8. Using Jetpack for WordPress

The controller has integrated Jetpack on this website. This application provides an overview of site visitors and, through interactive functions (e.g., the "Share button"), increases visitor numbers. Jetpack can also reduce the loading time of a website. Furthermore, Jetpack has security options specifically designed to protect against so-called "brute force attacks." However, the controller has decided not to use all functions of the Jetpack plugin. Activated settings are explained below:

a. Subscriptions

Processed data: (when initiating the process) subscriber's email address, username of the following commenters, (when re-subscribing) basic server data, including the subscriber's HTTP request header, IP address, URI (Uniform Resource Identifier, a string of characters used to identify resources (such as email addresses)) specified for page access.

This data is used to prevent and monitor abuse and spam.

Tracked Activity: Cookies are set for a duration of 347 days to remember the subscriber's choices if they have an active subscription.

b. WordPress Stats

Processed data: IP address, WordPress.com user ID (if logged in), WordPress.com username (if logged in), user agent, visiting URL, referrer URL, timestamp of the event, browser language, country code.

The website owner does not have access to this information through this feature. For example, a website owner can see that a particular post has 285 views, but they cannot see which specific users/accounts viewed that post.

Statistics logs (including visitor IP addresses and WordPress.com usernames (if any)) are retained by Automattic for 28 days and are used solely for the purpose of enabling this feature.

Activity tracked: Post and page views, videos (if videos are hosted by WordPress.com), outbound link clicks, referring URLs and search engine terms, and country. When this module is enabled, Jetpack also tracks performance on each page that contains the JavaScript file used to track statistics. This is solely for aggregate performance tracking across Jetpack websites to ensure that the plugin and code are not causing performance issues. This includes tracking page load times and resource load times (image files, JavaScript files, CSS files, etc.). The site owner has the ability to enforce this feature to honor visitors' Do Not Track (DNT) preferences. By default, DNT is currently not honored.

9. Legitimate interest in processing

The legitimate interest of the controller in the processing is the conduct of business activities for the purpose of the well-being of the controller's employees and shareholders.

10. Duration of storage of personal data

Personal data is stored by the controller in accordance with statutory retention periods. After expiration of this period, this data is routinely deleted unless it is no longer required for the fulfillment or initiation of a contract.

11. Legal or contractual provisions for the provision of personal data, obligation to provide personal data

The provision of personal data may be required by law (e.g. tax regulations) or may result from contractual provisions (e.g. information about the contractual partner).

On the contractual side, the provision of certain personal data by the data subject may be essential in order to conclude the contract.

(After contacting the data subject, the data protection officer will inform him or her in each individual case whether the provision of personal data is required by law or contract and what consequences non-provision of the data would have.

12. Existence of automated decision-making

The controller does not use automated decision-making or profiling.

13. Online presence in social media

The controller maintains a presence within social networks in order to inform customers, interested parties and users of these networks about offers and to communicate with them.

The use of social networks may result in personal data being processed outside the European Union (EU), which may, among other things, complicate legal enforcement. However, US providers are obligated to comply with EU data protection standards under the EU-US Privacy Shield.

The data of the data subject is processed during use for the purposes of market research and advertising. The operator of the social network uses a cookie for this purpose (see section 4) and, if necessary, processes information from the respective user profiles of the network in order to analyze the usage behavior of the data subject and, on this basis, to create user profiles that enable the placement of personalized advertising within and outside the network.

The controller processes the data based on a legitimate interest in effective communication with and information of customers, interested parties, and users of the social network. Furthermore, the operator of the social network may process the personal data of the data subject based on the consent given by the data subject.

The controller points out that the most effective way to assert data subject rights is with the operator of the social network. The operator of the social network has individual access to the data of the network's users and therefore, for example, has better options for providing information about personal data. The controller can nevertheless be contacted if the data subject needs assistance in asserting their rights with the operator of the social network. Furthermore, the controller refers to the data protection information and the options for objecting with the operators of the social networks:

a) Facebook, Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Irland