Just so you know where your data will end up
I. Name and address of the data controller
The controller within the meaning of the General Data Protection Regulation (GDPR) and other national data protection laws of the Member States as well as other data protection provisions is:
Dr. Daniel Michel
Südliche Hauptstraße 25
Telephone: +49 8022 6647330
Fax: +49 8022 6647332
II. General information on data processing
1. SCOPE OF PROCESSING OF PERSONAL DATA
Personal data of users of this website will only be processed where necessary to provide a functional website as well as content and services. This takes place only after the user’s consent or in cases in which it is not possible or necessary to obtain prior consent for actual or legal reasons, only to the extent the processing of the data is permitted by statutory provisions. The same applies to the processing of personal data within the scope of a client-lawyer relationship or a contact or correspondence by electronic communication (e.g., e-mail) or mail.
2. LEGAL BASIS FOR THE PROCESSING OF PERSONAL DATA
Where consent is obtained from the data subject for the processing of personal data, Article 6(1)(a) EU General Data Protection Regulation (GDPR) serves as the legal basis. Currently there is no use of data that requires such prior consent for merely informational use of the website.
Article 6(1)(b) GDPR serves as the legal basis for the processing of personal data necessary for the performance of a contract (such as a client-lawyer relationship) to which the data subject is party. This also applies to processing operations in order to take steps at the request of the data subject prior to entering into a contract (such as initiating a client-lawyer relationship).
Where processing of personal data is necessary for compliance with a legal obligation to which DM DATALAWCOUNSEL is subject, Article 6(1)(c) GDPR serves as legal basis.
Where processing is necessary in order to protect the legitimate interests pursued by DM DATALAWCOUNSEL or by a third party and such interests are not overridden by the interests or fundamental rights and freedoms of the data subject, Article 6(1)(f) GDPR serves as legal basis for processing. This is the case in particular for the storage of log files in accordance with section III (see there for details).
3. DATA ERASURE AND STORAGE DURATION
The personal data of the data subject will be erased or blocked as soon as the purpose of the storage no longer applies. In addition, the data may be stored if the European or national legislator has provided for this in EU Directives, laws or other regulations to which the data controller is subject. The data will also be blocked or erased if a storage period stipulated by the aforementioned statutory provisions expires, unless further storage of the data is necessary for the conclusion or performance of a contract.
III. Provision of the website and creation of log files
1. DESCRIPTION AND SCOPE OF DATA PROCESSING
Each time the website is accessed, the system automatically collects data and information from the accessing computer’s system. The following data are collected:
information about the browser type and version used,
- the user’s operating system (system configuration),
- the IP address of the device with which the user accesses the website or a service,
- the referring website, and
- date and time of access.
The data are also stored in server’s log files. These data are not stored together with other personal data of the user. STRATO AG, with its registered office and servers located in Germany, acts as processor for hosting the website.
2. LEGAL BASIS FOR DATA PROCESSING
Legal basis for the temporary storage of the data and the log files, as far as personal data are concerned, is Article 6(1)(f) GDPR.
3. PURPOSE OF DATA PROCESSING
The temporary storage of the IP address by the system is necessary to enable presentation of the website to the user’s computer. For this purpose, the user’s IP address must be stored for the duration of the session.
The data are stored in log files to ensure website functionality and to analyse user behaviour from the aforementioned data. In this way, the data are used to optimise the website and to ensure the security of the information technology systems. An evaluation of the data for marketing purposes does not take place in this context. These purposes also include the legitimate interest in data processing in accordance with Article 6(1)(f) GDPR.
4. DURATION OF STORAGE
The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. In the case of data collected for the purpose of providing the website, this will occur no later than six weeks after the data have been collected. If the IP address is stored in log files, this will occur after seven days at the latest; additional storage time is possible. In this case, users’ IP addresses will be deleted or anonymised so that it is no longer possible to assign individuals.
5. POSSIBILITY OF OBJECTION AND REMOVAL
The collection of data for providing the website and the storage of data in log files is mandatory for website operation. Consequently, there is no possibility for users to object.
IV. CONTACT FORM AND E-MAIL ACCOUNT
Contact form and e-mail contact
1. DESCRIPTION AND SCOPE OF DATA PROCESSING
A contact form is available on this website which may be used for electronic contact. When using this option, the data entered in the relevant fields will be transmitted to DM DATALAWCOUNSEL as an e-mail and will be stored there. These data are:
- first and last name,
- e-mail address,
- subject and
- if applicable, other data transmitted by the user.
Other data (such as the user’s IP address) are not stored when the contact form is used.
Alternatively, the e-mail address provided on the website may be used to establish contact. In this case, the user’s personal data transmitted with the e-mail (in addition to the aforementioned data, such as telephone number, etc.) will also be stored. The same applies to e-mails sent within the scope of an existing client-lawyer relationship or other communication.
The data will exclusively be used for processing the communication. Eichenlaub-EDV GmbH, with its registered office and servers located in Germany, acts as processor for hosting the e-mail server.
2. LEGAL BASIS FOR DATA PROCESSING
Legal basis for the processing of the data transmitted when using the contact form or when establishing contact by e-mail, is Article 6(1)(f) GDPR. If the e-mail contact aims at concluding a contract (such as a client-lawyer relationship), or if the e-mail or other correspondence serves to implement it, Article 6(1)(b) GDPR serves as the additional legal basis for processing the personal data transmitted.
3. PURPOSE OF DATA PROCESSING
The processing of personal data from the input fields or e-mail or other correspondence serves solely to process the correspondence, such as to respond to enquiries or otherwise to enable and carry out communication within the scope of an existing contractual relationship (such as a client-lawyer relationship). This also constitutes the necessary legitimate interests in processing the data.
4. DURATION OF STORAGE
The data will be erased as soon as they are no longer required to achieve the purpose for which they were collected. If legal storage obligations exist, processing may only be restricted. The personal data from the input fields of the contact form and those sent by e-mail or other correspondence are no longer required once the respective communication with the user has ended. The communication has terminated when it can be inferred from the circumstances that the relevant facts have been conclusively clarified.
5. POSSIBILITY OF OBJECTION AND ELIMINATION
Users may object to the storage of their personal data at any time by notifying firstname.lastname@example.org. In such event, the communication may not be continued, and all personal data stored in the course of establishing contact will be deleted.
V. Rights of data subjects
If your personal data are processed, you are a data subject within the meaning of the GDPR and you are entitled to the following rights in relation to the data controller (DM DATALAWCOUNSEL):
1. RIGHT TO INFORMATION
You may request confirmation from the data controller as to whether we are processing your personal data. In the event of such processing, you may request the controller to provide you with the following information:
- the purposes of the processing for which the personal data are intended;
- the categories of personal data processed;
- the recipients or categories of recipients of the personal data;
- the period for which the personal data will be stored, or if that is not possible, the criteria used to determine that period;
- the existence of the right to request from the controller access to and rectification or erasure of personal data or restriction of processing concerning you or to object to processing;
- the right to lodge a complaint with a supervisory authority;
- any available information on the source from which the personal data originate, if the personal data have not been obtained from the data subject;
- the existence of automated decision-making, including profiling, in accordance with Article 22(1) and (4) GDPR.
You have the right to request information as to whether your personal data will be transferred to a third country or international organisation. In this context, you may request to be informed of the appropriate safeguards under Article 46 GDPR in connection with the transfer.
2. RIGHT TO RECTIFICATION
You have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning you. You also have the right to have incomplete personal data completed.
3. RIGHT TO RESTRICTION OF PROCESSING
Under the following conditions, you may request that the processing of your personal data be restricted:
- if the accuracy of the personal data is contested by you, for a period enabling the controller to verify the accuracy of the personal data;
- the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;
- the controller no longer needs the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defence of legal claims, or
- if you have objected to processing pursuant to Article 21(1) GDPR pending the verification whether the legitimate grounds of the controller override those of you.
Where processing of your personal data has been restricted, such personal data may only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State, with the exception of their storage. If you have obtained restriction of processing in accordance with the above conditions, you will be informed by the controller before the restriction of processing is lifted.
4. RIGHT TO ERASURE
- Duty to erase
You have the right to obtain from the controller the erasure of personal data concerning you without undue delay and the data controller has the obligation to erase personal data without undue delay where one of the following grounds applies:
- the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
- you withdraw consent on which the processing is based according to Article 6(1)(a) or Article 9(2)(a) GDPR and where there is no other legal ground for the processing;
- you object to the processing pursuant to Article 21(1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Article 21(2) GDPR;
- the personal data have been unlawfully processed;
- the personal data have to be erased for compliance with a legal obligation in Union law or Member State law to which the controller is subject.
The right to erasure does not apply to the extent that processing is necessary, such as
- for exercising the right of freedom of expression and information;
- for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
- for the establishment, exercise or defence of legal claims.
5. RIGHT TO DATA PORTABILITY
You have the right to receive the personal data concerning you, which you have provided to the controller, in a structured, commonly used and machine-readable format. In addition, you have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where
- the processing is based on consent pursuant to Article 6(1)(a) GDPR or Article 9(2)(a) GDPR or on a contract pursuant to Article 6(1)(b) GDPR and
- the processing is carried out by automated means.
In exercising this right, you also have the right to have the personal data transmitted directly from one controller to another, where technically feasible. The right may not adversely affect the rights and freedoms of others.
The right to data portability does not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
6. RIGHT TO OBJECT
You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on Article 6(1)(e) or (f) GDPR.
The controller will no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.
Where personal data are processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing.
Where you object to processing for direct marketing purposes, the personal data will no longer be processed for such purposes.
In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you may exercise your right to object by automated means using technical specifications.
7. RIGHT TO WITHDRAW CONSENT UNDER DATA PROTECTION LAW
You have the right to withdraw your consent under data protection law at any time. The withdrawal of your consent will not affect the lawfulness of processing based on your consent before its withdrawal.
8. RIGHT TO APPEAL TO A SUPERVISORY AUTHORITY
Without prejudice to any other administrative or judicial remedy, you will have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of presumed infringement, if you consider that your rights under the GDPR are infringed.
The supervisory authority with which the complaint was lodged will inform the data subject of the progress and the outcome of the complaint, including the option of a judicial remedy under Article 78 GDPR.
Last updated 24 May 2018