Data Privacy Statement

The controller within the meaning of Article 4(7) GDPR is:

PETERSEN HARDRAHT PRUGGMAYER Rechtsanwälte Steuerberater Partnerschaft mit beschränkter Berufshaftung – Lawyers, Tax Consultants, Partnership with Limited Professional Liability; Merkurhaus, Petersstrasse 50, 04109 Leipzig, Germany, email: info(at)phplaw.de, Phone: +49 (0) 341 3558210, Fax: +49 (0)341 35582130.

The data protection officer appointed by PETERSEN HARDRAHT PRUGGMAYER, Mr Sebastian Heinemann, can be reached by post at the above address or by email at datenschutz(at)phplaw.de.

Part C of this Data Privacy Statement applies to the processing of personal data when using our website, www.petersenhardrahtpruggmayer.de. It does not cover the websites of other providers to which there are links on our website.

1. Log files

When you visit our website, the browser used on your device automatically sends information to our website’s server. This information is stored temporarily in a so-called “log file”. The following information is collected without any action on your part and will be stored until automatically deleted:

• IP address of the requesting computer
• Date and time of the visit,
• Name and URL of the downloaded file
• Website from which the site was accessed (referrer URL)
• Type and version of the browser used and the operating system of your device
• Quantity of data sent
• Name of your access provider

This data will never be associated with data relating to you from other sources.

We process the above stored data for the following purposes:

• To ensure that there are no problems in establishing a connection with the website
• To ensure that our website is convenient to use
• To evaluate system security and stability
• For administrative purposes
• For statistics
• To detect and monitor spam, viruses and attacks on our server, and
• To evaluate and improve the content of our website

This data will not be used for any other purpose. We will never use it to identify you as an individual.

The legal basis for this data processing is point (f) of Article 6(1) GDPR. Our legitimate interest is based on the purposes of the data collection listed above.

Recorded data will be deleted as soon as it is no longer needed for the purposes stated above.

2. Cookies

We use cookies on our website. These are small files that your browser automatically creates when you visit our website and that are stored on your device (PC, laptop, tablet, smartphone, etc.). A cookie contains a characteristic string that acts as a unique identifier for your browser when you visit our website again. However, it does not provide us with any direct knowledge of your identity. Cookies cause no damage to your device and do not contain any viruses, Trojan horses or other malicious software.

As the user, you have complete control over the use of cookies. By changing the settings in your browser, you can disable the transfer of cookies at any time or restrict it so that a message always appears before a new cookie is created. Cookies that have already been saved can be deleted at any time. This can also be done automatically. If you disable cookies for our website, you may not be able to use all features in their full scope.

We only use cookies that are technically necessary. Their purpose is to make it possible and easier to use our website. Some of the website’s features cannot be offered without the use of cookies. For these features to function, the user’s browser must be recognised even after switching websites. The user data collected by technically necessary cookies will not be used to create user profiles.

We require the technically necessary cookies only to apply your choice of language settings. The following data will be stored and transmitted to this end:

• Your choice of language settings

The legal basis for the processing of personal data where we use technically necessary cookies is point (f) of Article 6(1) GDPR. Our legitimate interest in processing your personal data as required under this provision is also based on the above purposes.

The technically necessary cookies that we use are automatically deleted no later than one year after visiting our site.

3. Matomo (formerly Piwik) analysis tool

For analysis purposes, we use the open-source Matomo Analytics software provided by InnoCraft Ltd., 150 Willis St, 6011 Wellington, New Zealand, on our website. This also uses cookies. The information about the use of the website generated by the cookie is sent to our server, where it is summarised in pseudonymised user profiles.

Matomo generates a user ID and a session ID that are saved as cookies in the user’s browser. However, the final bytes of your IP address are automatically pseudonymised in the process. The same applies to the Matomo geolocation feature. This means that only pseudonymised data is stored and processed from the outset. We cannot use this information to identify you, and it is not associated with any other data on you as an individual.

We use Matomo in order to ensure that the design of our website is fit for purpose and to continually optimise it. We also use Matomo in order to record use of our website statistically and to evaluate it.

The legal basis for the use of Matomo is point (f) of Article 6(1) GDPR. Our legitimate interest in processing your personal data as required under this provision is also based on the above purposes.

When using this feature, you may need to disable Matomo in the same way each time you visit our website. You will not be able to use this function if you have disabled all cookies in your browser, but neither will a tracking cookie be set from the outset.

The use of Matomo on our website also allows the use of the Do Not Track feature in current web browsers. If you have selected this setting in your browser, you will not need to manually disable tracking by Matomo each time you visit our website. In all other respects, the general information in Point 2 on cookies applies to your options for deleting such cookies.

4. XING and LinkedIn

We do not use plug-ins for social media networks on our website. The corresponding buttons for XING and LinkedIn merely serve as links to third-party websites. The Data Privacy Statements for these websites apply to their use.

5. Google Maps

We use Google Maps on our website. This enables us to display interactive maps to you directly on our website and allows you to use the map function for your convenience, for example to produce directions. The legal basis for embedding Google Maps is point (f) of Article (6)(1) GDPR.

When you visit our website, Google receives the information that you have accessed the corresponding page of our website. In addition, the data specified in Point 2 of this statement is transmitted. This occurs regardless of whether or not you have a user account with Google and are logged into it. If you are logged into Google, your data will be directly associated with your account. If you do not want to be associated with your Google profile, you must log out before activating the button. Google stores your data as usage profiles and uses it for the purposes of advertising, market research and/or the needs-based design of its website. Such an evaluation is conducted in particular (even if users are not logged in) in order to support needs-based advertising and to inform other Google users about your activities on our website. You have the right to object to the creation of these user profiles; however, you must contact Google in order to exercise this right.

You can find further information about the scope and purpose of data collection and processing, as well as about data protection, data and security in the Privacy Policy of the controller of the data processing – Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA – in the Google Maps Terms of Service and at privacy.google.com. These policies also contain further information on your rights in this context and the settings to protect your privacy. You can also submit a Google Maps API privacy request by using this form.

Google also processes your personal data in the United States and has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.

We provide you with various options for personal communication, for instance if you are interested in our services or wish to contact us regarding a collaboration.

1. Email addresses

If you contact us by email, we will store the information that you provide (at a minimum your email address and where applicable your name, phone number and any other information that you have provided voluntarily) in order to reply to your request.

Data is processed for the purpose of making contact in accordance with point (a) of Article 6(1) GDPR on the basis of your freely granted consent.

We will delete the data generated in connection with this as soon as its storage is no longer required in order to process your request, or we will restrict its processing if there is a statutory duty to retain it.

2. Events

Our website contains a form that we provide for you to express interest in the events we stage. The following information is mandatory for this:

• Name of the event
• Surname, first name
• Company name
• Email address
• Phone number

You can voluntarily add additional information or questions in the additional “Your message” field.

All this data will be used solely for the preparation and hosting of the event that you have enquired about.

If you declare that you would also like to be notified of future events, your personal data including your email address will be used for the purpose of informing you about events that you advised us are of interest to you.

Data is processed for the above purposes in accordance with point (b) of Article 6(1) GDPR for the performance of a contract and also in accordance with point (a) of Article 6(1) GDPR on the basis of your freely granted consent.

Your data will be deleted without delay as soon as the event has been held and completed. If you have declared that you also wish to be notified of future events, we will delete your data immediately after you withdraw your consent or after you object to this use of your data.

3. Transmission of information

We would also like to use some of your data (title, first name, last name, business or home address, email address, telephone and fax numbers) to inform you about our legal and tax services and interesting legal developments and to invite you to specialist and other events that we hold. We mainly use email and post for this purpose, where applicable also telephone or fax, on the basis of your express consent and depending on the communication channel that you selected when registering for an event or within the scope of our legitimate interest.

The legal basis for this is point (a) of Article 6(1) GDPR where you have granted your explicit consent, or in all other cases, our legitimate interest in the transmission of information under point (f) of Article 6(1) GDPR.

You can object to or withdraw the consent you have granted to the use of your data for this purpose at any time and without any special conditions apply. This objection or withdrawal can apply to all use or only in part, for example to a particular form of contact. To exercise this right, all you need to do is send an email to info@phplaw.de or use the link provided in our email for this purpose.

If you object or withdraw your consent, we will immediately delete your data or restrict its use in accordance with your request with effect for the future. We may store the fact that you have objected or withdrawn your consent to ensure that you will no longer be contacted.

4. Job applications

We will also process your personal data if you contact us regarding a possible collaboration with us, in particular in the context of a job application. In this case, we will collect and store the following information:

• Title, first name, last name
• Place of birth
• Date of birth
• Nationality
• Email address
• Home address
• Phone number (landline and/or mobile) and fax number
• Information on your professional qualifications and school education
• Information on your further professional development, and
• Other information that you send to us in connection with your application

This is necessary for us to be able to reach a decision on establishing a contractual or employment relationship with you, and it occurs in particular in order to record and review your application, to conduct research, including with the aid of career-related information that you have made publicly available on social media, to conduct job interviews and to notify you of our decision. There is no automated decision-making within the meaning of Article 22 GDPR.

The legal basis for this is Article 88 GDPR and Section 26(1) BDSG [Federal Data Protection Act] and, if you have consented to further storage for possible future consideration of your application, point (a) of Article 6(1) GDPR.

In addition, we may process your personal data if this is necessary for the defence of legal claims asserted against us arising from the application process. The legal basis for this is point (f) of Article 6(1) GDPR. The burden of proof in proceedings under the General Equal Treatment Act (AGG) constitutes an example of a legitimate interest.

We will store your data for up to 6 months after a rejection or until you withdraw your consent if you have given your consent to further storage for possible future consideration. If applications are accepted, we will store your data in your human resources file until 3 years after the termination of the collaboration.

When our website is visited, we use the widely used SSL (secure socket layer) protocol in conjunction with the highest level of encryption supported by your browser. As a rule, this will be 256-bit encryption. If your browser does not support 256-bit encryption, we will use 128-bit v3 technology instead. You can see whether an individual page of our website is transmitted in encrypted form by looking for the key or locked padlock symbol in your browser’s status bar.

We also provide encrypted email communication as an option. This requires a separate contractual agreement. Data is processed in this context in accordance with point (a) of Article 6(1) GDPR on the basis of your freely granted consent and in accordance with point (b) of Article 6(1) GDPR in order to perform a contract.

For suitable projects, we provide a virtual data room protected by individual access details as a cloud-based storage solution (data room) on the basis of a separate contractual agreement with interested users. To this end, we collaborate with bg-edv.systeme GmbH & Co. KG, Passauer Str. 7, 90408 Nuremberg (email: info@bg-edv.com, tel.: +49 (0)911/9801085) within the framework of a processing agreement that meets the requirements of Articles 28 and 29 GDPR. Data is processed in the data room exclusively on servers in data centres in Germany using SSL encryption during the data transfer (uploading and downloading of data). The SSL certificates are issued by the certificate provider DigiCert Inc., 2801 North Thanksgiving Way #500, Lehi, UT 84043, USA (www.digicert.com). Daily backups are created of the stored data, and these are deleted after 7 days. If personal data is collected in the course of use of the data room (for example the first name, last name, email address and address of the user), this occurs exclusively for the purpose of processing the project and with the consent of the user (point (a) of Article 6(1) GDPR) or in order to perform the contract (point (b) of Article 6(1) GDPR).

In addition, we make use of appropriate technical and organisational security measures to protect your data against accidental or intentional manipulation, partial or complete loss or destruction, and against unauthorised third-party access. Our security measures are continuously enhanced in line with technological advances.

We only disclose your personal data to third parties if:

• You have granted your express consent to this in accordance with point (a) of Article 6(1) GDPR
• It is necessary for the performance of a contract with you in accordance with point (b) of Article 6(1) GDPR or in order to take steps following your request prior to entering into a contract
• There is a legal obligation to disclose the data under point (c) of Article 6(1) GDPR, or
• Disclosure is necessary in order to establish, exercise or defend legal claims in accordance with point (f) of Article 6(1) GDPR and there are no grounds for believing that you have an overriding legitimate interest in the non-disclosure of your data

If we have been engaged as your lawyer, the performance of a contract in accordance with point (b) of Article 6(1) GDPR includes, without limitation, the disclosure to adversaries in proceedings and their representatives (in particular lawyers) as well as to courts and other authorities for the purposes of correspondence and for the establishment and defence of your rights. The recipients may use data disclosed in this context exclusively for the purposes mentioned directly above.

There will be no disclosure of your personal data to third parties for other purposes.

Lawyer-client privilege remains unaffected. If the data is subject to lawyer-client privilege, it will only be disclosed to third parties in consultation with you.

You have the following rights:

• To withdraw a consent that you have granted us at any time in accordance with Article 7(3) GDPR. This has the consequence that we may not continue to process data based on this consent
• To obtain access to personal data processed by us in accordance with Article 15 GDPR. In particular, you can request information on the purposes of the processing, the categories of personal data, the categories of recipients to whom your data has been or will be disclosed, the envisaged period for which your personal data will be stored, the existence of a right to rectification, erasure and restriction of the processing and to object, the existence of a right to complain, the source of your data where it has not been collected by us, and the existence of automated decision-making, including profiling, and, if applicable, meaningful information about its characteristics
• To demand the correction or completion of inaccurate personal data stored by us without undue delay in accordance with Article 16 GDPR
• To demand the erasure of your personal data stored by us in accordance with Article 17 GDPR where the processing is not necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defence of legal claims
• To have the processing of your personal data restricted in accordance with Article 18 GDPR, where you contest the accuracy of the data, or where the processing is unlawful, but you oppose its erasure, or we no longer need the data, but you require it in order to establish, exercise or defend legal claims, or you have objected to the processing in accordance with Article 21 GDPR
• To receive the personal data that you have provided to us in a structured, commonly used and machine-readable format or to have this data transmitted to another controller in accordance with Article 20 GDPR
• To lodge a complaint with a supervisory authority in accordance with Article 77 GDPR. As a general rule, you can contact the supervisory authority in your usual place of residence, your place of work or for the registered office of our firm

If your personal data is processed on the basis of legitimate interests in accordance with point (f) of Article 6(1) GDPR, you also have the right under Article 21 GDPR to object to the processing of your personal data where there are grounds relating to your particular situation or where the objection relates to direct marketing. In the latter case, you have a general right to object that we will implement without you needing to specify a particular situation. In all other cases, our legitimate reasons for the processing will be weighed up against your interests, rights and freedoms, and may prevail. Our processing of your data will continue to be lawful despite your objection if it is being used to establish, exercise or defend legal claims.

To exercise your right to object or to withdraw a consent you have granted, all you need to do is send an email to info@phplaw.de.