FREY Rechtsanwälte Partnerschaft (hereinafter referred to as “we”) takes the protection of your personal data (hereinafter also referred to as “data”) very seriously. With the following data protection information, we would therefore like to inform you about the manner and extent of data processing (collection, processing and use) on our website https://frey.eu and when using our services offered there. This information is available to you at any time at https://frey.eu/legal/datenschutz/.
Directly responsible for data processing regarding the use of our website as well as the services offered there and responsible person in the sense of the EU General Data Protection Regulation (GDPR) is:
FREY Rechtsanwälte Partnerschaft mbB
Agrippinawerft 22
50678 Köln
Telephone: +49 221 420 748 00
info@frey.eu
1. What is personal data?
The subject of data protection is personal data. Personal data is any information relating to an identified or identifiable natural person (“data subject”) (Art. 4 No. 1 GDPR). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
In addition, so-called special personal data are included in the scope of protection of data privacy. These are data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, as well as the processing of genetic data, biometric data uniquely identifying a natural person, health data or data concerning a natural person’s sex life or sexual orientation concerning racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, health or sex life (Art. 9 (1) GDPR).
Health data is personal data relating to the physical or mental health of a natural person, including the provision of health services, and revealing information about his or her state of health (Art. 4 No. 15 GDPR).
2. What data do we collect, for what purpose and what happens to your data?
2.1. Data that we process when you visit our website
Operation of the website
When you visit our website, the following data is always collected and processed, i.e. also when you simply visit our website without logging in or using our individual services, without drawing any conclusions about your person:
Directly by us:
- the Internet page previously visited by you (so-called referrer URL);
- the individual pages of our website that you accessed;
- the date and time of access to our website;
- the Internet protocol address (IP address) of the accessing device;
- the type of device you are using to access our website (e.g. computer, cell phone, etc.);
- the browser and operating system from which you access our website, including the respective version number and the language set there.
This information is required in order to:
- deliver the contents of our Internet site correctly;
- optimize the content of our website and its application, e.g. to adapt the content for viewing on a mobile device;
- to ensure the long-term functionality of our information technology systems and the technology of our website, as well as
- to provide law enforcement authorities with the information necessary for prosecution in the event of a cyber attack.
After the end of the respective Internet session, the collected data will be anonymized by us and subsequently evaluated statistically and further with the aim of increasing the data protection and data security of our enterprise, and ultimately ensuring an optimal level of protection for the personal data we process. To this extent, the processing of your data is carried out in our legitimate interest and is based on Art. 6 (1) (f) GDPR.
Cookies
Our website uses so-called cookies. These are small text files that are stored on your computer and saved by your browser. Cookies are used to store various information beyond the current Internet session, i.e. regardless of whether you close the browser window or leave our website. When you visit our website again, your browser can access the information stored on your device and forward it to the server of our website. The information can therefore be read by us at a later time.
The cookies we use serve to store your preferred settings on this website and to assist you in finding the information you require about our range of services (hereinafter referred to as “preference objects”). Without the use of Preference Objects, we would not be able to provide the aforementioned functionality.
The information stored by us in the Preference Objects and retrieved from there does not contain any reference to your person. Preference objects are automatically deleted after 30 days, as far as cookies are concerned.
Deactivating and deleting cookies
In most Internet browsers, you will find information under the menu item “Help” on how you can technically prevent cookies and web storage objects from being allowed and on the setting that will inform you when your browser places a new cookie or web storage object. Please note that some functions of our website may no longer be available if cookies and web storage objects are disabled.
Google Analytics
We use the web analysis service Google Analytics of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter referred to as “Google”), which creates pseudonymized usage profiles using the session objects mentioned in section 2. This enables us to collect information about the clicking and surfing behavior when using our services.
The following data is processed in this context:
- IP address and geo-location based on IP address;
- Device, operating system/browser including settings (such as resolution);
- Screen size;
- Usage behavior, including scrolling and clicking behavior.
As part of the related data processing, data is transferred to a Google server in the USA and processed and stored there.
In addition to the options for deactivating session objects described in section 2, you can prevent the data processing associated with the Google Analytics service by installing the browser add-on provided by Google for this purpose on the https://tools.google.com/dlpage/gaoptout?hl=de page or by setting an “opt-out” cookie. The “opt-out” cookie only applies to the browser with which you use the above setting option. Since it is stored on your terminal device, you must make the setting again when you delete cookies in your browser.
Further information on data processing by Google can be found in Google’s privacy policy. These can be found at the Internet address https://policies.google.com/. Answers from Google on questions of data protection can also be found on the website https://support.google.com/analytics/answer/6004245?hl=de.
2.2. Data that we process when you contact us
If you contact us via the contact options offered on the website, in addition to the date and time of your inquiry, we process data that you provide to us voluntarily. This includes your title, your (academic) title, your name, your (mobile) phone number, your e-mail address and other information that you provide voluntarily. We use this data to process your contact request. The processing of your data is insofar based on your request and is based on Art. 6 (1) (b) GDPR.
If the inquiry is made within the framework of our contractual relationship, including its initiation, the data transmitted or collected during the inquiry will be stored for the duration of our contractual relationship. Otherwise, it will only be stored for as long as is necessary to answer your inquiry. However, storage beyond this is possible in the cases mentioned in Section 4.
2.3. Data that we process when you provide us with your contact details, e.g. by handing us business cards
If you provide us with your contact details, e.g. by handing over a business card, on the occasion of a personal meeting, we will enter your details such as your title, your (academic) title, your name, your (mobile) telephone number, your e-mail address and other details that you provide voluntarily into an address database with business contacts. We use this data to keep in touch with you. The data processing in this regard is carried out with your consent declared by communicating the contact data (implied) is based on Art. 6 (1) (b) GDPR or is in our aforementioned legitimate interest and is thus based on Art. 6 (1) (f) GDPR.
We offer you the possibility to order the sending of news (hereinafter referred to as “newsletter”).
2.4. Data that we process when you order our newsletter
The sending of the newsletter requires that you have a valid e-mail address and have registered to receive the newsletter via the corresponding form on our website or have declared your interest in receiving the newsletter in another way (for example, by e-mail or in the course of a telephone call). For legal reasons, a confirmation e-mail will be sent to the e-mail address you entered for the first time in the form on the website for receiving the newsletter using the “double opt-in” method. The same applies if you have expressed your interest in our newsletter by other means. This confirmation e-mail serves to check whether you, as the owner of the e-mail address, authorize the receipt of the newsletter. The registration will only become effective when you have clicked on the link in the confirmation e-mail or have confirmed your interest to us by e-mail in response to this confirmation e-mail. Both when you register for our newsletter on our website and when you call up the confirmation link, your respective Internet protocol address (IP address) is stored together with the current date and time. This data is stored to ensure the provision of our services and to prevent their misuse. If necessary, this data makes it possible to clarify criminal offences committed and to enforce the private rights of third parties, in particular to provide proof of your subscription to our newsletter. In this respect, the storage of this data is necessary for our protection, is thus in our legitimate interest and is based on Art. 6 (1) (f) GDPR.
Assuming your consent, we process your data as follows:
The personal data collected in the context of a registration to receive the newsletter will be used to send the newsletter. Furthermore, you may be informed by e-mail if this is necessary for the operation of the newsletter service or a related registration (e.g. changes to the news offering or changes in technical conditions).
You can unsubscribe from the newsletter at any time without giving reasons. For this purpose, you will find a corresponding link at the end of each newsletter e-mail. Furthermore, you can also unsubscribe from the newsletter at any time directly on our website or by sending a corresponding e-mail to news@frey.eu.
Use of the “MailChimp” dispatch service provider
The newsletter is sent using “MailChimp”, a newsletter sending platform of the US provider Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA.
The email addresses of our newsletter recipients, as well as their other data described in the context of these notes, are stored on MailChimp’s servers in the USA. MailChimp uses this information to send and evaluate the newsletter on our behalf. Furthermore, according to its own information, MailChimp may use this data to optimize or improve its own services, e.g. to technically optimize the dispatch and display of the newsletters or for economic purposes to determine from which countries the recipients come. However, MailChimp does not use the data of our newsletter recipients to address them itself or to pass them on to third parties.
We trust in the reliability and IT and data security of MailChimp. To ensure a high standard of data protection,, we have concluded a “Data Processing Agreement” with MailChimp. This is a contract in which MailChimp undertakes to protect the data of our users, to process it on our behalf in accordance with its data protection provisions and, in particular, not to pass it on to third parties. You can view MailChimp’s privacy policy here.
By registering for our newsletter service, you consent to receiving the newsletter and to the processing of this data in accordance with the above. In this respect, the data processing is based on Art. 6 (1) (a) GDPR.
The data collected as part of the newsletter order will be stored until you unsubscribe from the newsletter. Storage beyond this is possible in the cases mentioned in point 4.
3. How do we handle your data?
When processing data, it is our goal to always achieve the highest possible level of security within the scope of the respective purpose of use. Although absolute protection cannot be guaranteed, we have therefore taken security precautions to protect your data.
This includes, for example, that we only ever transmit your data in encrypted form. For this purpose, we use the SSL (Secure Socket Layer) coding system, which is intended to prevent third parties from intercepting the data streams and viewing your data in plain text. You can recognize the use of the SSL coding system by the “https://” in the address line of your browser as well as in common browsers by the fact that a corresponding lock symbol appears next to the address line. This gives you certainty that your data will be transmitted to us securely.
4. How long do we keep your data?
We process and store personal data for the period necessary to achieve the stated purpose (see point 2).
After the purpose for which the personal data was transmitted to us has been fulfilled, or if you wish your personal data to be deleted, we will delete this data unless we are legally entitled (e.g. for evidence purposes in the context of the processing of our contractual relationship) or obliged (e.g. for tax reasons) to retain it. This storage period may be longer than was necessary for the original purpose (regular storage period). In the case of the storage of billing documents, for example, we are obliged to store them for a period of 10 years (Section 147 (3) of the German Fiscal Code).
If the original purpose has been achieved or has ceased to apply, we will not use the personal data for further processing. We will then finally delete the data once the authorization no longer applies or the statutory retention obligations have expired.
5. Do we pass on your data to third parties?
Your data will be passed on to third parties in the following cases:
- You have given us your express consent to do so (Art. 6 (1) (a) DSGVO),
- the disclosure is necessary for the assertion, exercise or defense of legal claims and there is no reason to assume that you have an overriding interest worthy of protection in the non-disclosure of your data (Art. 6 (1) (f) DSGVO),
- if there is a legal obligation for the disclosure (Art. 6 (1) (c) DSGVO, as well as
- if this is legally permissible and necessary for the processing of contractual relationships with you (Art. 6 (1) (b) DSGVO.
6. What rights do you have?
With regard to the use of your data, you have the rights set out below. You can assert these rights against us as the responsible party. You are welcome to contact our data protection officer directly for this purpose.
6.1. Right to information
You have the right to obtain from us at any time, free of charge, information about the personal data stored about you and a copy of this information. Furthermore, you have the right to information about the following:
- the purposes of processing
- the categories of personal data that are processed
- the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular in the case of recipients in third countries or international organizations
- if possible, the planned duration for which the personal data will be stored or, if this is not possible, the criteria for determining this duration
- the existence of a right to obtain the rectification or erasure of personal data concerning him or her, or to obtain the restriction of processing by the controller, or a right to object to such processing
- the existence of a right of appeal to a supervisory authority
- if the personal data are not collected from the data subject: Any available information about the origin of the data
- The existence of automated decision-making, including profiling, pursuant to Article 22 (1) and (4) GDPR and, at least in these cases, meaningful information about the logic involved and the scope and intended effects of such processing for the data subject.
- Furthermore, you have the right to be informed whether personal data have been transferred to a third country or to an international organization. If this is the case, you also have the right to obtain information about the appropriate safeguards in connection with the transfer.
Furthermore, you have the right to be informed whether personal data have been transferred to a third country or to an international organization. If this is the case, you also have the right to obtain information about the appropriate safeguards in connection with the transfer.
If you would like to exercise this right to information, you can contact our data protection officer or another member of our staff at any time.
Your right to information is essentially based on Art. 15 GDPR.
6.2. Right to correction of incorrect and completion of incomplete data
You have the right to request that inaccurate personal data concerning you be corrected without delay. Furthermore, you have the right, taking into account the purposes of the processing, to request the completion of incomplete personal data – also by means of a supplementary declaration.
If you would like to exercise this right of rectification, you can contact our data protection officer or another member of our staff at any time.
Your right to correct incorrect and supplement incomplete data is based on Art. 16 GDPR.
6.3. Right to data deletion (right to be forgotten).
You have the right to request that we erase the personal data concerning you without undue delay, provided that one of the following reasons applies and to the extent that the processing is not necessary:
- The personal data was collected or otherwise processed for such purposes for which it is no longer necessary.
- You withdraw your consent on which the processing was based pursuant to Art. 6 (1) (a) GDPR or Art. 9 (2) (a) GDPR and there is no other legal basis for the processing.
- You object to the processing pursuant to Art. 21 (1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21 (2) GDPR.
- The personal data has been processed unlawfully.
- We are obliged to erase your personal data in order to comply with a legal obligation under Union or Member State law.
- The personal data was collected in relation to information society services offered pursuant to Article 8 (1) GDPR.
If one of the above reasons applies and you wish to arrange for the deletion of personal data stored by us, you can contact our data protection officer or another member of our staff at any time. Our data protection officer or our employee will arrange for the deletion request to be complied with immediately.
Your right to data deletion is based on Art. 17 GDPR.
6.4. Right to restriction of processing
You have the right to demand that we restrict processing if one of the following conditions is met:
- The accuracy of the personal data is disputed by you for a period of time that allows us to verify the accuracy of the personal data.
- The processing is unlawful and you object to the erasure of the personal data and request instead the restriction of the use of the personal data.
- We no longer need the personal data for the purposes of processing, but you need it to assert, exercise or defend legal claims.
- You have objected to the processing pursuant to Article 21 (1) GDPR and it is not yet clear whether the legitimate grounds of our company override your rights.
If one of the above conditions is met and you wish to request the restriction of personal data stored by us, you can contact our data protection officer or another member of our staff at any time. Our data protection officer or another employee will arrange the restriction of the processing.
Your right to restriction of processing is based on Art. 18 GDPR.
6.5. Right to data portability
You have the right to receive the personal data concerning you, which has been provided to us by you, in a structured, common and machine-readable format. This includes and you have the right to transfer this data to another controller without hindrance from us, provided that (i) the processing is based on consent pursuant to Art. 6 (1) (a) GDPR or Art. 9 (2) (a) GDPR or on a contract pursuant to Art. 6 (1) (b) GDPR and (ii) the processing is carried out with the aid of automated procedures, unless the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us.
Furthermore, when exercising your right to data portability, you have the right to obtain that the personal data be transferred directly from one controller to another controller to the extent that this is technically feasible and provided that this does not adversely affect the rights and freedoms of other individuals (Article 20 (1) GDPR).
Your right to data portability in this regard is based on Art. 20 GDPR.
6.6. Right to object
You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Art. 6 (1) (e) or (f) GDPR. This also applies to profiling based on these provisions.
We will no longer process the personal data in the event of the objection, unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the assertion, exercise or defense of legal claims.
If we process personal data for the purpose of direct marketing, you have the right to object at any time to the processing of personal data for such marketing. This also applies to profiling, insofar as it is associated with such direct advertising. If you object to us processing for direct marketing purposes, we will no longer process the personal data for these purposes.
In addition, you have the right, on grounds relating to your particular situation, to object to processing of personal data concerning you which is carried out by us for scientific or historical research purposes, or for statistical purposes pursuant to Article 89 (1) GDPR, unless such processing is necessary for the performance of a task carried out in the public interest.
To exercise the right to object, you may contact our data protection officer or another member of our staff directly. You are also free to exercise your right to object in connection with the use of information society services, notwithstanding Directive 2002/58/EC, by means of automated procedures using technical specifications.
Your right to object is based on Art. 21 GDPR.
6.7. Automated decisions in individual cases including profiling.
You have the right not to be subject to a decision based solely on automated processing – including profiling – which produces legal effects concerning you or similarly significantly affects you, unless the decision is necessary for the conclusion or performance of a contract between you and us, or is permitted by Union or Member State law to which we are subject, and that law contains adequate measures to safeguard your rights and freedoms and legitimate interests, or is made with your explicit consent.
If the decision is necessary for the conclusion or performance of a contract between you and us, or if it is made with your explicit consent, we will take reasonable steps to safeguard your rights and freedoms and legitimate interests, including at least the right to obtain the intervention of a person from our company, to express your point of view and to contest the decision.
If you wish to assert rights relating to automated decisions, you may contact our data protection officer or another member of our staff at any time.
These rights are based on Art. 22 GDPR.
6.8. Right to revoke consent under data protection law.
You have the right to revoke consent to the processing of personal data in whole or in part at any time.
The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.
If you wish to exercise your right to revoke consent, you can contact our data protection officer or another member of our staff at any time. You will find the contact details above this privacy notice, immediately before the summary.
Your right to revoke consent granted under data protection law is based on Art. 7 (3) GDPR.
6.9. Right of complaint to the supervisory authority
You have the right to file a complaint with the supervisory authority. This right is based on Art. 56 (2) GDPR.
7. Changes to this privacy policy
The use of collected data is always subject to the privacy policy that is current at the time the data is collected.
We reserve the right to change the data protection declaration in order to adapt it to a changed factual and legal situation. In this case, we will publish the new and then current version of this data protection declaration on our website. We will draw attention to any changes to this data protection declaration at the appropriate place. This applies in particular if we intend to use data that has already been collected for purposes other than those for which it was originally collected. If the use of your personal data is based on your consent, we will always use your data only to the extent to which you have consented, irrespective of any changes to this data protection declaration in the meantime. If necessary, we will ask you in this case for renewed consent in accordance with an intended change in the use of the data.