Data protection notice.

1. General

BROCK MÜLLER ZIEGENBEIN, Rechtsanwälte Partnerschaft mbB – Notare, Schwedenkai 1, 24103 Kiel, Germany, is the controller, as defined by the European General Data Protection Regulation (GDPR), responsible for data processing on this website. We observe your personality rights. We know the importance of personal data that we receive from you as users of our website. We respect the protection of your personal data and will collect, store, and process all data received exclusively in accordance with the relevant data protection laws within the framework of our business relationship. 

2. Definitions

All information that relates to an identified or identifiable natural person is considered personal data. A natural person is considered identifiable if they can be identified directly or indirectly, in particular by means of assignment to an identifier such as a name, an ID number, location data, an online ID, or one or several particular characteristics that are the expression of the physical, psychological, genetic, mental, economic, cultural or social identity of this natural person. 

3. Legal basis of processing

If we obtain your consent to perform personal data processing, point a) of the first sentence of Article 6 (1) of the General Data Protection Regulation (GDPR) shall serve as the legal basis for this.

The processing of personal data which are required for performance of the contract concluded with you, is based on point b) of the first sentence of Article 6 (1) GDPR. This shall also apply to processing which is required to implement pre-contractual measures.

If processing of personal data is required to fulfil a legal obligation for which our company is responsible, this shall be performed pursuant to point c) of the first sentence of Article 6 (1) GDPR.

If processing is required for the purposes of our legitimate interest or that of a third party, and your interests, fundamental rights and freedoms do not override the legitimate interest, point f) of the first sentence of Article 6 (1) GDPR shall act as a legal basis for the processing. The legitimate interest of our company lies predominantly in rendering the services we owe and/or continuous optimisation of our services and representations.

4. Data erasure and the duration of storage

Your personal data will be erased, or its processing will be blocked as soon as the purpose of storage no longer applies. Storage may continue beyond this, if this has been provided for by the European national legislator in EU regulations, laws, or other specifications. The blocking of processing or erasure of the data take place only when a storage period specified by the stated norms expires, unless it is necessary to store the data for longer for the purpose of contract conclusion or contract fulfilment.

5. Collection of personal data

In principle, we do not collect or use any personal data when you visit our website. We only do so in as far as is necessary for the provision of a functional website as well as our content and services. The collection and use of personal data concerning our users generally takes place only after they have given their consent. An alternative provision applies in such cases where advance collection of consent is not possible for justified reasons and the processing of data is permitted by legal specifications. 
In the following, we would like to inform you of the nature, scope and purpose of our data handling in the framework of this website:

5.1 Server log files

Each time our website is accessed, the user access data required for utilisation and billing for usage are stored on our server in a log file, which your browser automatically transfers to us.

These comprise:

  • the browser type/version
  • the operating system used
  • the protocol used via which the client accesses the page
  • the date and time of the server request
  • the IP address of the computer that issues requests to the website;
  • the website from which access took place (referrer URL)
  • the files accessed;

The log file is stored for the following purposes:

  • evaluation of file retrieval for statistical purposes;
  • system security and website stability
  • review for counter-contractual or other unlawful use, provided that there are actual indications of this. 

The legal basis for this data processing is point f) of the first sentence of Article 6 (1) GDPR. Our legitimate interest arises from the data collection purposes stated above. In no case do we use the collected data for the purpose of drawing inferences about your person. We do not associate these data with other data sources.

5.2 Required cookies

On accessing our website, “cookies” are stored on the user’s computer. Cookies are small text files in a file directory provided for them on the computer. These files are used to identify the user’s computer for the duration of the session. These cookies cannot create any manipulations on the respective end device operated by the user, and can be manually deleted at any time; the easiest way to do is this is via the browser.

You can individually set how cookies are handled using your internet browser, so that they are refused or are only accepted after confirmation. The cookies, in this case ‘session cookies’ serve the purpose of expanding the function of our online offering as well as making its use as convenient as possible for you. Please note that refusing cookies will mean that not all of the components of our application are able to function flawlessly.

The processing of data with cookies is necessary for the stated purposes, to preserve our legitimate interests, and where applicable those of third parties, in accordance with point f) of the first sentence of Article 6 (1) GDPR.

5.3 Usage data

We collect and use personal data concerning you on the basis of point b) of the first sentence of Article 6 (1) GDPR in as far as this is necessary to enable the use of our online offering (usage data).

5.4 Data in the context of you making contact

If you send us queries using the contact form, your information from the form or via the provided email address for making contact, including the contact data you have stated there, will be stored by us solely for the purposes of processing your respective query and for the event of subsequent questions. We do not disclose these data to third parties without your consent. The corresponding data usage takes place on the basis of point b) of the first sentence of Article 6 (1) GDPR in the framework of the processing of your matter.

5.5 Tracking procedure

Tracking tools are used on the basis of point a) of the first sentence of Article 6 (1) GDPR and based on your consent, which can be revoked at any time. We use these tools to guarantee needs-appropriate design and ongoing optimisation of our website (through statistical evaluations).

Usage of Google Maps

We use the Google Maps map function from Google LLC (“Google”), 1600 Amphitheater Parkway, Mountainview, California 94043, USA, on this website. This enables us to display interactive maps directly in the website and makes it easier for you to use the website.

When you visit the website, Google receives the information that you have accessed the corresponding sub-page of our website. In addition, the data stated above (5.1) are transferred. This takes place regardless of whether Google makes a user account available via which you are logged in, or whether there is no user account. If you are logged into Google, your data will be assigned directly to your account. If you do not want data to be assigned to your Google profile, you must log out before activating the button. Google stores your data as usage profiles and uses them for the purposes of advertising, market research, and/or custom user-oriented design of its website. An evaluation of this type takes place in particular (even for users who are not logged in) for the provision of custom user-oriented advertising and to inform other users of the social network about your activities on our website. You have a right to object to the formation of these user profiles; to exercise this right, you must contact Google.

Further information on the purpose and scope of data collection and processing by the plug-in provider is available in the provider’s data protection statements. There, you can also find additional information on your rights in this respect, and settings options for the protection of your privacy: https://policies.google.com/privacy.

Fonts
Google Web Fonts

For uniform presentation, this website uses font types referred to as Web Fonts, which are provided by Google. When you access a website, your browser loads the required Web Fonts to your browser cache, in order to correctly display texts and fonts.

For this purpose, the browser you use must connect with Google servers. In this way, Google becomes aware that our website has been accessed via your IP address. Google Web Fonts are used in the interest of uniform and appealing presentation of our online offerings. This represents a legitimate interest in the sense of point a) of Article 6 (1) GDPR.

If your browser does not support Web Fonts, a standard font will be used by your computer.

Additional information about Google Web Fonts is available at https://developers.google.com/fonts/faq and in the Google Privacy Policy: https://www.google.com/policies/privacy/.

5.7 Usage of cookiebot

Our website uses the “Cookiebot” cookie banner. This is a web service from Cybot A/S, Havnegade 39, 1058 Copenhagen, Denmark (hereinafter referred to as “Cybot”).

We use these data to guarantee the full functionality of our website, and to inform the user about the use of cookies on our website, and to collect and log the user’s consent.

The following data are transferred to Cybot on an automatic basis:

  • the user’s IP address, anonymised;
  • the date and time of agreement;
  • the user agent for the end user’s browser;
  • the website from which access took place (referrer URL);
  • anonymous, random, and encrypted key;
  • the user-approved cookies (cookie status) which serve as proof of consent.

A key that is automatically created by Cybot for the management/proof of issued consent and the approval status are also stored in the end user’s browser as a “CookieConsent” cookie. This means the website can automatically read and follow the end user’s approval for all subsequent page requests and future end user sessions for up to 12 months.

The legal basis for this data processing is point c) of Article 6 (1) GDPR. We are only able to comply with the legal specifications with a corresponding mechanism for issuing and managing consent.

You can prevent the collection and processing of your data by Cybot; to do so, deactivate the execution of script codes in your browser settings, or install the script blocker in your browser.

Further information on the handling of data processing by Cybot is available in the Privacy Policy at: https://www.cookiebot.com/en/privacy-policy/ 

6. Your rights

In as far as we process your personal data on our website, you are a “data subject” as defined by the GDPR. You have the following rights in your dealings with us:

6.1 Right to access

You can demand confirmation from us as to whether we process personal data concerning you. If processing of this type takes place, you may demand access to the following information from us:

  • the purposes for which the personal data are processed;
  • the categories of personal data that are processed;
  • the recipients and/or categories of recipients to whom your personal data have been disclosed or are still disclosed;
  • the planned duration of storage of your personal data or, if specific information in this respect is not possible, criteria for the definition of the duration of storage;
  • the existence of a right to lodge a complaint with a supervisory authority;
  • all available information on the origin of the data, if the personal data have not been collected from you;
  • the existence of automated decision-making, including profiling in accordance with articles 22 (1) and (4) GDPR and – at least in these cases – meaningful information about the logic involved, as well as the scope and targeted effects for you of processing of this type.

In addition, you are also entitled to demand information as to whether your personal data are transferred to a third country or an international organisation. In this context, you may demand that you are instructed in the suitable guarantees in accordance with Article 46 GDPR in the context of the transfer.

6.2 Right to rectification

In your dealings with us, you have a right to the rectification and/or completion of your personal data, in so far as your personal data are incorrect or incomplete. If this is the case, we shall perform rectification immediately.

6.3 Right to restriction of processing

Subject to the following requirements, you have the right to demand the restriction of the processing of your personal data if:

  • you dispute the accuracy of your personal data for a duration that enables us to review the accuracy of the data;
  • processing is unlawful and you refuse the erasure of your personal data and instead demand the restriction of use;
  • we no longer need your personal data for the purposes of processing, but you need it for the establishment, exercise, or defence of legal claims, or
  • you have lodged an objection to processing in accordance with Article 21 (1) GDPR and it has not yet been finally determined whether our legitimate grounds outweigh your reasons.

If you have demanded the restriction of the processing of your personal data, these data – apart from their storage – may only be processed with your consent, or for the establishment, exercise, or defence of legal claims, or for the protection of the rights of another natural or legal person, or for reasons of important public interest to the EU or a member state. You will be informed by us before the restriction is lifted.

6.4 Right to erasure

You may demand that we immediately erase your personal data. We are obliged to immediately erase these data if one of the following reasons applies:

  • Your personal data are no longer needed for the purposes for which they were collected or processed in some other way.
  • You revoke potentially existing consent on which processing is based in accordance with point a) of the first sentence of Article 6 (1) GDPR, and there is no other legal basis for further processing.
  • You object to the processing in accordance with Article 21 (1) GDPR, and there are no other legitimate reasons for processing that take precedence.
  • You object to the processing for the purposes of direct marketing in accordance with Article 21 (2) GDPR.
  • Your personal data are processed unlawfully.
  • The erasure of your personal data is necessary for the settlement of a legal obligation to which we are subject in accordance with the law of the EU or of member states.
  • Your personal data have been collected in relation to information society services offered in accordance with Article 8 (1) GDPR.

If we have made your personal data public and if we are obliged to erase such data in accordance with Article 17 (1) GDPR we shall – taking into account the available technology and the costs of implementation – undertake appropriate measures to inform the controller(s) responsible for data processing that you have demanded that the party/those parties erase all links to these personal data, as well as copies and replications thereof.

You are not entitled to erasure if processing is necessary

  • for the exercising of the right to free expression of opinion and information;
  • for the fulfilment of a legal obligation that requires processing in accordance with a law of the EU or member states to which we are subject, or for the fulfilment of a responsibility that is in the public interest or which takes place in the exercising of public authority that has been transferred to us;
  • for reasons of public interest in the area of public health in accordance with points h) and i) of Article 9 (2) as well as Article 9 (3) GDPR;
  • for archiving purposes that are in the public interest, scientific or historical research purposes, or for statistical purposes in accordance with Article 89 (1) GDPR in as far as the right stated in (1) is not expected to make the achievement of the objectives of this processing impossible or to seriously restrict it, or
  • the establishment, exercise, or defence of legal claims.

6.5 Right to be informed

If you have asserted to us your right to rectification, erasure or restriction of processing, we are obliged to notify all recipients to whom your personal data have been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves to be impossible or is associated with disproportionate effort.

You have the right to be informed of these recipients by us.

6.6 Right to data portability

You have the right to receive your personal data that you may have provided to us in a structured, commonly used and machine-readable format. In addition, you have the right to have these data transferred by us to another controller without hindrance, provided that

  • processing is based on consent in accordance with point a) of the first sentence of Article 6 (1) GDPR, or point a) of Article 9 (2) GDPR, or on a contract in accordance with point b) of the first sentence of Article 6 (1) GPDR and
  • processing takes place with the aid of automated procedures.

In addition in this respect, you have the right to the transfer of your personal data directly from us to another controller where technically feasible. The rights and freedoms of others must not be restricted by this.

The right to data portability does not apply for the processing of personal data that is necessary for the fulfilment of a responsibility in the public interest or in the exercising of public authority that has been transferred to us.

In the framework of our website offering, we currently do not assume processing of data subject to the rights to data portability.

6.7 Right to object

You have the right to lodge an objection at any time to the processing of your personal data that takes place on the basis of point e) or f) of the first sentence of Article 6 (1) GDPR for reasons that arise from your particular situation; this also applies to profiling based on these provisions.

We will then no longer process your personal data unless we can demonstrate compelling legitimate grounds for processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.

Where your personal data are processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing; this also includes profiling to the extent that it is related to such direct marketing.

If you object to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes.

In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you may exercise your right to object by automated procedures using technical specifications.

6.8 Right to revocation of the declaration of consent under data protection law

You have the right to revoke your declaration of consent under data protection law at any time. The revocation of consent does not affect the legality of processing that took place on the basis of consent up until the point of withdrawal.

Renew or change your cookie-related consent here

6.9 Automated individual decision-making including profiling

You have the right to not be subject to a decision based solely on automated processing – including profiling – that produces legal effects concerning you, or similarly significantly affects you. We do not perform processing of this type.

6.10 Right to lodge complaints with a supervisory authority

Irrespective of any further rights to lodge complaints, you are entitled to lodge complaints with a supervisory authority, in particular in the member state of your place of habitual residence, place of work, or place of the alleged infringement, if you consider the processing of your personal data breaches the GDPR. 

7. Responsibility for linked content

On our website, we may also use links to websites from other providers. This data protection statement does not apply to these. If the collection, processing, or use of personal data is performed during the use of websites from these other providers, please note the information on data protection given by the respective provider. We are not responsible for their handling of data protection.

8. Disclosure of personal data to third parties

Your personal data are stored exclusively on our servers and/or on servers used on our behalf. Access to the service and the use of the data is only possible for a group of employees / group of service providers who are appropriately authorised, and is also limited only to those data that are necessary for the fulfilment of the relevant responsibility.

Your data will not be transferred to third parties without your consent. Transfer to third countries (countries outside the European Economic Area – EEA) does not take place unless otherwise stated in this data protection statement, and is also not intended in future.

9. Data security

For the protection of your personal data, we have implemented technical and organisational measures to ensure that your data are protected against accidental or intentional loss, destruction, or manipulation, as well as access by unauthorised persons. Our protective measures are reviewed at regular intervals and, where necessary, adapted to keep them in line with technical progress.

10. Data Protection Officer

If you have any questions with respect to the processing of your personal data beyond this information, you can reach our Data Protection Officer by email at info(at)compolicy.de or by phone at +49 431 908948-0.

11. Amendments to the data protection statement

We reserve the right to amend this data protection statement at any time as needed and in view of the date on which the respectively applicable data protection specifications are changed. 

Issued: September 2020