Privacy policy
Fordern Sie direkt Hilfe von Rechtsanwältin im Markenrecht Anne-Kathrin Renz aus Saarbrücken an.
Protection of your personal data is important to us.
In the following, we would like to inform you that we ask for personal data from you and store it electronically. Your data will be stored and processed in accordance with the applicable provisions of the national data protection laws, as well as the General Data Protection Regulation (GDPR).
Controller within the provision of aforementioned regulations is:
Rechtsanwältin Anne-Kathrin Renz
Altenkesseler Straße 17
Innovationscampus // Building C1
66115 Saarbrücken
Tel: 0049 681-95 81 05 88
Fax: 0049 681-95 81 05 89
Mail: info@renz-recht.de
General provisions
1. Definitions
In order to improve the legibility and comprehensibility of our privacy policy, we would like to inform you about the general provisions used by the GDRP.
Personal data
Personal data means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Data subject
The data subject is an identified or identifiable natural person, whose personal data is processed by the person responsible.
Processing
Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Restriction of processing
Restriction of processing means the marking of stored personal data with the aim of limiting their processing in the future.
Profiling
Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or movements.
Pseudonymization
Pseudonymization means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.
Controller
Controller means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
Processor
Processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
Recipient
Recipient means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing.
Third party
Third party means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data.
Consent
Consent of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
2. Type and extent of data collection
Data is collected and processed when you access our website or retrieve a file stored on our website. As a rule, this does not take place unless it’s necessary to provide a functional website or its contents and services. Furthermore, personal data is regularly collected and used only after appropriate consent. An exception applies in cases where obtaining prior consent is not possible for practical reasons and the processing of the data is permitted by legal provisions.
a. Legal basis for the processing of personal data
If personal data is processed for fulfilling the contracts entered into with us, Art. 6 Para 1 lit. b GDRP serves as a legal basis. This also applies to processing operations, which are necessary to carry out pre-contractual actions.
If we obtain consent of the concerned person for processing operations of personal data, Art. 6 Para 1 lit. a GDRP serves as a legal basis.
If processing of personal data is required to fulfill a legal obligation, which our company is subject to, Art. 6 Para 1 lit. c GDRP serves as a legal basis.
In case vital interests of the concerned person or any other natural person require the processing of personal data, Art. 6 Para 1 lit. d GDRP serves as a legal basis.
If processing of data is required to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and fundamental freedoms of the concerned person do not outweigh the above-mentioned interest, then Art. 6 Para 1 lit. f GDRP serves as a legal basis for the processing.
b. Data deletion and duration of storage
The personal data collected by us is deleted as soon as the purpose for storing the data ends.
Data is stored if there is a law, a Union regulation or other provisions authorizing such storage.
Furthermore, data is deleted when the retention period prescribed by the norms mentioned expires, unless there is a necessity for storing data further for concluding a contract or for the fulfillment of a contract.
II. Data collection at the website
1. Logfiles
a. Description and scope of data processing
When you access our website
- Browser type/-version
- Operating system used
- Referrer URL (website visited previously), as well as pages retrieved on our website
- IP address
- Date and time of the server request
- Internet Service Provider
are logged.
b. Legal basis of data processing
Legal basis for storing data and the log files is Art. 6 Para 1 lit. f GDRP.
c. Purpose of data processing
Storing data in log files ensures that our website is functioning properly. It further helps in optimization and security of our systems. Therein also lies our legitimate interest in the processing of data according to Art. 6 Para 1 lit. f GDRP. In accordance with this use, we do not evaluate data for marketing purposes.
d. Duration of storage
The data stored by us is deleted as soon as we do not need it anymore for achieving the purpose for which it was collected. This happens at the latest after seven days. Storing data longer than that is possible. In this case, the users’ IP addresses are deleted or anonymized, in order to make identifying the user impossible.
e. Possibility of opting out and elimination
Recording the data mentioned is absolutely necessary for the operation of the website. As a result, there is no option for the user to object to it.
2. Cookies
a. Description and scope of data processing
Our website uses cookies. Cookies are text files that are saved on the user’s computer system when retrieving our website. Cookies contain a string, which enables identification of the visitor’s browser when our website is retrieved again. We use technically necessary cookies, which help in making our services more user-friendly, more effective and more secure.
The following data, for example, is stored and transmitted in the cookies:
- Items in the shopping cart
- Login information
- Language settings
The data obtained from this is pseudonymized by us. Therefore, it is not possible to link data back to the visitor. Furthermore, this data is not stored together with other personal data.
You can set your browser in such a way that you are informed about the setting of cookies and individually decide on their acceptance or refuse the acceptance of cookies for specific cases or in general. If you do not accept cookies, the functionality of our website may be limited.
Over and above that, we use cookies, which allow us to analyze the surfing habits of visitors to our website (so-called analysis cookies). The following data, for example, is stored and transmitted in the analysis cookies:
- Page visits
- Use of the website functions
- Language settings
When retrieving our website, the user is informed about the use of cookies and the user’s consent is obtained for processing the personal data used.
b. Legal basis of data processing
The legal basis for the processing of personal data by using cookies is Art. 6 Para 1 lit. f GDRP. The legal basis for the processing of personal data by using cookies for analysis purposes is Art. 6 Para 1 lit. a GDRP if the user has consented to using cookies.
c. Purpose of data processing
Technically necessary cookies serve to simplify the use of websites. Some functions of the website or the online shop cannot be provided without the use of cookies. For these functions it is necessary that a browser returning to our website can be correctly identified. The user data collected by technically necessary cookies is not used for creating user profiles. Analysis cookies are used for improving the quality of our website and its contents. Through the analysis cookies we learn how our website is used and they enable us to continuously improve our services.
d. Duration of storage, opt-out option and elimination
Cookies are saved on the user’s computer and are transmitted by it. That is why users also have full control over the use of cookies. You can deactivate or restrict the transfer of cookies by changing the settings in your Internet browser. Cookies that are already saved can be deleted at any time. This can also happen automatically. Deactivating cookies for our website may result in the loss of some of the functions of our website.
3. Contact form and email
a. Description and scope of data processing
Visitors to our website are provided with a contact form for fast, electronic contact. The data entered in the input screen is transmitted to and stored by us. In addition, the IP address of the user as well as the date and time of transmission are stored at the time of sending. Alternatively, contact is possible via the email address provided. In this case, the user’s personal data transmitted via email is stored. Data is never transferred to third parties. The data is only used for processing the request.
b. Legal basis of data processing
The legal basis for processing the data, if the user has consented to it, is Art. 6 Para 1 lit. a GDRP.
The legal basis for processing the data, which is transmitted while sending an email, is Art. 6 Para 1 lit. f GDRP. If contact via email aims to conclude a contract, then additional legal basis for the processing is Art. 6 Para 1 lit. b GDRP.
c. Purpose of data processing
Processing of personal data serves the sole purpose of processing contact. In case of contact via email, this also includes the required legitimate interest in the processing of the data. Other personal data processed in the sending process serves the purpose of preventing misuse of the contact form and to ensure the security of our information technology systems.
d. Duration of storage
The data is deleted as soon as we do not need it for achieving the purpose for which it was collected. For personal data from the input screen of the contact form and that which has been sent via email, this is the case when the respective conversation with the user has ended. The conversation ends when it is clear from the circumstances that the relevant facts have been finally clarified.
The additional personal data collected during the sending process is deleted at the latest after a period of seven days.
e. Option to revoke consent and elimination
At any given time, the user has the option to revoke his consent to the processing of personal data. For this purpose, the user can contact the person responsible via the contact options provided on the website. If the user contacts us by email, then he/she may object to the storage of his personal data at any time. The conversation cannot continue in such a case.
4. Comment function
a. Description and scope of data processing
Visitors to our website are provided with the possibility to comment on blog entries. The data entered in the input screen is transmitted to and stored by us. In addition, the IP address of the user as well as the date and time of transmission are stored at the time of sending. Data is never transferred to third parties. The data is only used for processing the request.
b. Legal basis of data processing
The legal basis for processing the data, if the user has consented to it, is Art. 6 Para 1 lit. a GDRP, otherwise Art. 6 Para 1 lit. f GDRP.
c. Purpose of data processing
Processing of personal data is used to prevent misuse of the comment function and to ensure the security of our information technology systems.
d. Duration of storage
The data is deleted as soon as we do not need it for achieving the purpose for which it was collected. This is the case at the latest once the comment or the subpage the comment was made on, is deleted.
e. Option to revoke consent and elimination
At any given time, the user has the option to revoke his consent to the processing of personal data. For this purpose, the user can contact the person responsible via the contact options provided on the website.
III. Date collection for analysis purposes
1. Matomo (formerly Piwik)
a. Description and scope of data processing
The website uses the web analysis serviceMatomo (Piwik). The provider is InnoCraft Ltd., 150 Willis St , 6011 Wellington, New Zealand. Matomo uses analysis cookies in order to retrieve the following information.
- Two Bytes of the IP-address of the user’s system
- The website visited by the user
- Referrer URL (website visited previously)
- Subpages visited by the user
- The time spent on the website
- The frequency of the visits
The software exclusively runs on the website of the controller. The storage of personal data is conducted on the website. Data is not transmitted to third parties.
b. Legal basis of data processing
The legal basis for processing of personal data of the user is Art. 6 Para 1 lit. a GDRP.
c. Purpose of data processing
The processing of personal data of the users enables us to analyze the surfing behavior of our users. By analyzing the data obtained, we are able to compile information about the use of the individual components of our website. This helps us to improve our website and its user-friendliness. The anonymization of the IP address sufficiently takes into account the interest of users in protecting their personal data.
d. Duration of storage
The data is deleted as soon as we do not need it for achieving the purpose for which it was collected. This is the case after 6 months at the latetst.
More information can be retrieved under: https://matomo.org/docs/privacy/.
e. Possibility of opting out and elimination
Cookies are stored on the user’s computer and are transmitted by it. That is why users also have full control over the use of cookies. You can deactivate or restrict the transfer of cookies by changing the settings in your Internet browser. Cookies that are already stored can be deleted at any time. This can also happen automatically. Deactivating cookies for our website may result in the loss of some of the functions of our website.
In addition, you can opt-out by using the following link.
When clicking on the link, an opt-out cookie will be placed on your device. If the cookies is deleted, it must be replaced to avoid tracking.
IV. Rights of the data subjects
1. Information and access to personal data
Data subjects have the right to be provided with a confirmation if personal data is processed by a controller.
If personal data is collected, data subjects shall be provided with the following information:
- purposes of the processing
- the categories of personal data concerned;
- the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in
- third countries or international organizations;
- where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
- the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing;
- the right to lodge a complaint with a supervisory authority;
where the personal data are not collected from the data subject, any available information as to their source; - the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
- Where personal data are transferred to a third country or to an international organization, the data subject shall have the right to be informed of the appropriate safeguards pursuant to Article 46 relating to the transfer.
Where the provision of such information proves impossible or would involve a disproportionate effort, in particular for processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes, the access to data processed can be restricted
2. Right to rectification
The data subject has the right to obtain from the controller the rectification of inaccurate personal data concerning him or her. The controller has to inform the data subject without undue delay. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
Where the provision of such information proves impossible or would involve a disproportionate effort, in particular for processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes, the right to rectification can be restricted
3. Right to restriction of processing
The data subject shall have the right to obtain from the controller restriction of processing where one of the following applies:
- the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data;
- the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;
- the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defense of legal claims;
- the data subject has objected to processing pursuant to Article 21(1) pending the verification whether the legitimate grounds of the controller override those of the data subject.
- the personal data have been collected in relation to the offer of information society services referred to in Article 8(1) GDRP
- the data subject withdraws consent on which the processing is based according to point (a) of Article 6(1) GDRP, or point (a) of Article 9(2) GDRP, and there is no other legal ground for the processing;
Where processing has been restricted, such personal data shall, with the exception of storage, only be processed with the data subject’s consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.
A data subject who has obtained restriction of processing pursuant to paragraph 1 shall be informed by the controller before the restriction of processing is lifted.
Where the provision of such information proves impossible or would involve a disproportionate effort, in particular for processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes, the right to restriction of processing can be restricted
4.Right to erasure (“right to be forgotten”)
A.Obligation to erasure
The data subject has the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:
- the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
- the data subject withdraws consent on which the processing is based according to point (a) of Article 6(1), or point (a) of Article 9(2), and where there is no other legal ground for the processing;
- the data subject objects to the processing pursuant to Article 21(1) and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2);
- the personal data have been unlawfully processed;
- the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject;
- the personal data have been collected in relation to the offer of information society services referred to in Article 8(1).
B.Information to third parties
Where the controller has made the personal data public and is obliged to erase personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that the data subject has requested the erasure by such controllers of any links to, or copy or replication of, those personal data.
C.Exceptions
The right to erase shall not apply, if the processing is necessary
- for exercising the right of freedom of expression and information;
- for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller
- for reasons of public interest in the area of public health in accordance with points (h) and (i) of Article 9(2) as well as Article 9(3) GDRP
- for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) in so far as the right referred to in paragraph a is likely to render impossible or seriously impair the achievement of the objectives of that processing
- for the establishment, exercise or defense of legal claims.
5. Notification obligation
The controller shall communicate any rectification or erasure of personal data or restriction of processing carried out in accordance with Articles 16, 17(1) and 18 to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort. The controller shall inform the data subject about those recipients if the data subject requests it.
6. Right to data portability
The data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where:
- the processing is based on consent pursuant to point (a) of Article 6(1) or point (a) of Article 9(2) or on a contract pursuant to point (b) of Article 6(1); and
- the processing is carried out by automated means.
In exercising his or her right to data portability pursuant to paragraph 1, the data subject shall have the right to have the personal data transmitted directly from one controller to another, where technically feasible.
That right shall not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
7. Right to object
The data subject shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on points (e) or (f) of Article 6(1), including profiling based on those provisions.
The controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defense of legal claims.
Where personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning him or her for such marketing, which includes profiling to the extent that it is related to such direct marketing.
Where the data subject objects to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes.
In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, the data subject may exercise his or her right to object by automated means using technical specifications.
Where personal data are processed for scientific or historical research purposes or statistical purposes pursuant to Article 89(1), the data subject, on grounds relating to his or her particular situation, shall have the right to object to processing of personal data concerning him or her, unless the processing is necessary for the performance of a task carried out for reasons of public interest.
8. Right to withdraw the data subjects consent
The data subject shall have the right to withdraw his or her consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
9. Automated individual decision-making, including profiling
The data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her.
This shall not apply if the decision
- is necessary for entering into, or performance of, a contract between the data subject and a data controller;
- is authorized by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests; or
- is based on the data subject’s explicit consent.
In the cases referred to in points (a) and (c) of paragraph 2, the data controller shall implement suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express his or her point of view and to contest the decision.
Decisions shall not be based on special categories of personal data referred to in Article 9(1), unless suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests are in place.
10. Right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, every data subject shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of his or her habitual residence, place of work or place of the alleged infringement if the data subject considers that the processing of personal data relating to him or her infringes the GDPR.
The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Article 78 GDPR.