Data Protection

Data Protection Policy

We, Grüter Rechtsanwälte PartGmbB and Grüter Hamm Münster PartGmbB, thank you for visiting our website. The secure handling of your data is exceptionally important to us. We would therefore like to comprehensively inform you about how we use your data when you visit our website.
 

Controller 

Duisburg:

Grüter Rechtsanwälte PartGmbB
Stresemannstrasse 20–22
47051 Duisburg
T +49 (0) 203 . 3 05 09-0
F +49 (0) 203 . 3 05 09-200
Email: direkt@grueter.de
Website: www.grueter.de
VAT ID no.: DE119575213 
 

Münster/Hamm:

Grüter Hamm Münster PartGmbB
Hesslerstrasse 40
59065 Hamm
Postbox 2293
T +49 (0) 23 81 . 16 08-0
F +49 (0) 23 81 . 16 08-200
E-Mail: direkt@grueter.de
Website: www.grueter.de
VAT ID no.: DE119575213 

About us: https://grueter.de/en/imprint/

Name and address of the data protection officer

Liebert IT-Solutions GmbH & Co. KG
Drosteallee 18 
46354 Suedlohn 
T (+49) 2862 - 580123 
F (+49) 2862 – 580124
E-Mail: Info@Liebert-IT.de
Web: https://www.Liebert-IT.de
Managing Director: Stefan Liebert 
USt.-ID: DE 225350621 
Commercial register: Coesfeld HRA 3042

Definitions 

Our Data Protection Policy is based on the terminology used by European legislators and regulators in adopting the General Data Protection Regulation (GDPR). Our Data Protection Policy should be easily legible and comprehensible to both the general public as well as to our clients and business partners. In order to ensure this, we would like to explain the terminology used in this document.

We use the following terms in this Data Protection Policy, among others:

Personal data 

Personal data encompass all information that refers to an identified or identifiable natural person (referred to in the following as "data subject"). An identifiable natural person is deemed to be one who can be identified, either directly or indirectly, especially by means of allocating an identifier such as a name, an identification number, location data, an online identifier or one or more specific characteristic(s) which are an expression of the physical, physiological, genetic, mental, economic, cultural or social identity of this natural person.

Data subject 

A data subject is any identified or identifiable natural person whose personal data are processed by the data controller.

Processing 

Processing is any operation performed with or without the assistance of an automated process or any series of operations connected to personal data, such as collection, recording, organization, arrangement, saving, modification or changing, reading, retrieval, use, publication by means of transmission, dissemination or any other form of provision, comparison or linking, restriction, deletion or destruction.

Restriction of the processing

Restriction of the processing is the marking of saved personal data with the objective of restricting their future processing.

Profiling

Profiling is any type of automated processing of personal data which consists of these personal data being used to evaluate specific personal aspects concerning a natural person, especially in order to analyze or predict aspects related to this person’s job performance, economic status, health, personal preferences, interests, reliability, behavior, place of residence or relocation. 

Pseudonymization

Pseudonymization is the processing of personal data so that these personal data can no longer be associated with a specific data subject without consulting additional information, provided that this additional information is saved separately and is subject to technical and organizational measures that ensure that the personal data are not associated with an identified or identifiable natural person. 

Controller or data controller

The controller or data controller is the natural or legal person, authority, institution or other entity that decides, either individually or together with others, about the purpose and means of the processing of personal data. If the purposes and means of this processing are specified by Union Law or the Law of the Member States, the controller or the specific criteria of its designation can be specified by Union Law or the Law of the Member States.

Processor 

The processor is a natural or legal person, authority, institution or other entity that processes personal data on behalf of the controller.

Recipient 

The recipient is a natural or legal person, authority, institution or other entity to whom personal data are disclosed, regardless of whether or not these are considered to be a third party. However, authorities who might receive personal data within the scope of a specific investigation mandate in accordance with Union Law or the Law of the Member States are not considered recipients.

Third party 

A third party is a natural or legal person, authority, institution or other entity except for the data subject, the controller, the processor and the persons who are authorized to process personal data under the direct responsibility of the controller or the processor. 

Consent

Consent is any voluntary, informed and unequivocal expression of will by the data subject for the specific case in the form of a statement or another clearly confirming action with which the data subject manifests their consent to the processing of the respective personal data.

Data collection

Every time a data subject or automated system accesses our website, it collects a range of general data and information. These general data and information are saved in the server's log files. The following can be collected: 

a) The browser types and versions used, 

b) The operating system used by the system accessing the website,

c) The website from which an accessing system lands on our website (so-called referrer),

d) The sub-websites that are driven to our website through an accessing system, 

e) The date and time of the website access, 

f) An Internet protocol address (IP address), 

g) The Internet service provider (ISP) of the accessing system,

h) Other similar data and information serving the purpose of danger prevention in case of attacks on our IT systems.

We do not draw conclusions about the data subject when using the general data and information. Rather, this information is needed in order to 

a) Correctly provide the content of our website, 

b) Optimize the contents of our website, 

c) Guarantee the continuous functioning of our IT systems and the technology of our website as well as 

d) Provide law enforcement with the necessary information for criminal prosecution in the event of a cyber-attack.

We therefore analyze these anonymously collected data and information for statistical reasons as well as with the objective of increasing our data protection and data security, in order to ultimately ensure an optimal level of protection for the personal data we process. The anonymous data of the server log files are saved separately from all personal data provided by a data subject.

Legal or contractual regulations for the provision of personal data; necessity for the contract conclusion; obligation on the part of the data subject to provide the personal data; possible consequences of non-provision. 

We inform you that the provision of personal data is in part legally mandated (e.g. tax regulations) or can stem from contractual provisions (e.g. information about a contractual partner). On occasion, it may be necessary for a data subject to provide us with personal data, which we subsequently need to process, for the purposes of concluding a contract. For example, the data subject is obligated to provide us with personal data when we conclude a contract with them. If the data subject does not provide us with the personal data, we cannot conclude the contract with them. Prior to providing us with personal data, the data subject must contact our data protection officer. Our data protection officer then explains to the data subject whether provision of the personal data is legally or contractually mandated or is required for concluding the contract, whether there is an obligation to provide the personal data and what the consequences are for not providing the personal data.

SSL and TLS encryption

For security reasons and for protecting the transmission of confidential content, such as orders or queries you send to us in our role as a website operator, this site uses SSL or TLS encryption. You can recognize an encrypted connection when your browser's address line changes from "http://" to "https://" and by the lock icon displayed in your browser address bar.

When SSL or TLS encryption is enabled, the data you send us cannot be read by third parties.

Contact options through the website

Due to legal regulations, our website contains information that enables rapid electronic contact with us as well as immediate communication with our points of contacts, which also entails a generic electronic mail address (email address). If a data subject establishes contact by email with the data controller, the personal data transmitted by the data subject are automatically saved. Such personal data voluntarily transmitted by a data subject to the controller are saved for the purposes of processing or contacting the data subject. These personal data are not forwarded to third parties. 

 

Use of cookies 

We use so-called cookies on various pages in order to make our website appealing and enable the use of certain functions. Cookies are small text files that are stored on your end device. Some of the cookies we use are deleted after the end of the browser session, i.e. after you close your browser (called session cookies). Other cookies will remain on your end device and enable us to recognize your browser at your next visit (persistent cookies). You can configure your browser so that you are informed about the placement of cookies and can decide on a case-by-case basis about whether or not to accept them or generally refuse cookies for specific cases or in general. The functionality of our website may be limited if you do not accept cookies.

Cookie settings

Use of Google (Universal) Analytics for web analysis 

This website uses Google (Universal) Analytics, a web analysis service by Google Inc. (www.google.de). Google (Universal) Analytics uses methods that make it possible to analyze how you use the website, such as "cookies," for example. As a rule, the information collected about your use of this website is transmitted to a Google server in the USA and saved there. Activating IP anonymization on this website shortens the IP address prior to transmission within the member countries of the European Union or to other member states of the Agreement on the European Economic Area. The complete IP address is only transmitted to a Google server in the USA and shortened there in exceptional cases. The anonymized IP address transmitted by your browser within the scope of Google Analytics is not combined with other Google data. 

You can prevent Google from collecting the data generated by the cookie related to your use of the website (incl. your IP address) as well as the processing of these data by Google by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de  

Alternatively, to the browser plugin, you can click on this link in order to prevent Google Analytics from collecting data on this website in the future. An opt-out cookie will then be stored on your end device. If you delete your cookies, you will have to click on this link again.

Cookie settings

Notification of changes

Changes in legislation or changes to our internal processes may necessitate a modification of this Data Protection Policy. In the event of such a change, we will inform you of this at the latest six weeks prior to it taking effect. In general, you have a right of revocation (clause 6) regarding your provided consent. Please note that (provided that you do not make use of your right of revocation) the respective current version of the Data Protection Policy is the valid version.

.

Updating/deletion of your personal data

You have the option, at any time, to check, change or delete the personal data provided to us. 

You also have the right, at any time, to revoke any consent you have given with effect for the future. The saved personal data will be deleted if you revoke your consent to the data saving. 

The data controller will process and save personal data pertaining to the data subject only for the time required to achieve the purpose of the saving of the data or – provided that this has been set forth by European legislators and regulators or another legislator in laws or regulations – which is subject to the data controller.

If the purpose for saving the data is eliminated or if a retention period mandated by European legislators and regulators or another competent legislator expires, the personal data will be routinely blocked or deleted in accordance with statutory provisions. 

Rights of the data subject

Each data subject has the right, granted by European legislators and regulators, to request a confirmation from the data controller as to whether the respective personal data are processed. If a data subject makes use of this right of confirmation, the data subject can contact our data protection officer or another employee of the data controller about this at any time.

Every data subject affected by the processing of their personal data has the right granted by European legislators and regulators to receive, at any time, free information about their saved personal data and a copy of this information from the data controller. Furthermore, the European legislators and regulators permit the data subject to ask for information about the following:

the processing purposes, 

the categories of personal data that are processed, 

the recipients or categories of recipients to whom the personal data were disclosed or will be disclosed, especially with respect to recipients in third countries or international organizations, 

if possible, the planned duration for which the personal data will be saved or, if this is not possible, the criteria for specifying this duration, the existence of a right to correct or delete the personal data pertaining to the data subject or to restrict the processing by the controller or a right of objection against this processing, 

the existence of a right to file an objection with a supervisory authority, 

if the personal data are not collected from the data subject: all available information about the source of data, 

the existence of an automated decision-making process including profiling pursuant to Art. 22(1) and (4) of the GDPR and – at least in these cases – conclusive information about the logic involved as well as the scope and the intended effects of such processing for the data subject. 

Furthermore, the data subject has a right to information about whether personal data were transmitted to a third country or an international organization. If this is the case, the data subject also has the right to receive information about the suitable guarantees in connection with the transmission.

Should a data subject make use of this right to information, they can, at any time, contact our data protection officer or another employee of the data controller. 

Every data subject affected by the processing of their personal data has the right, granted by European legislators and regulators, to request the immediate correction of incorrect personal data pertaining to them. The data subject also has the right to request, taking into consideration the purposes of the processing, the completion of incomplete personal data – including by means of an additional explanation.

If a data subject makes use of this right of rectification, the data subject can contact our data protection officer or another employee of the data controller about this at any time. 

Every data subject affected by the processing of their personal data has the right, granted by European legislators and regulators, to request from the controller the immediate deletion of personal data pertaining to them, provided that one of the following reasons applies and provided that the processing is not necessary:

The personal data were collected for such purposes or processed in such a manner for which they are no longer necessary. 

The data subject revokes their consent on which the processing was based pursuant to Art. 6(1)(a) of the GDPR or Art. 9 (2)(a) of the GDPR, and another legal basis for the processing is lacking. 

The data subject objects to the processing pursuant to Art. 21(1) of the GDPR and there are no overriding justified reasons for the processing, or the data subject objects to the processing pursuant to Art. 21(2) of the GDPR. 

The personal data were processed unlawfully. 

The deletion of the personal data is required to fulfill a legal obligation pursuant to Union Law or the Law of the Member States to which the controller is subject. 

The personal data were collected in relation to services offered by the information society pursuant to Art. 8(1) of the GDPR. 

If one of the above-mentioned reasons applies and a data subject wishes to initiate the deletion of personal data that we have saved about them, the data subject can contact our data protection officer or another employee of the data processor at any time for this. Our data protection officer or another employee will ensure that the deletion request is complied with without delay. 

If we disclose personal data and if we as the controller are obligated to delete the personal data pursuant to Art. 17(1) of the GDPR, then we will undertake suitable measures, taking into consideration the available technology and implementation costs, including those of a technical nature, to inform other data controllers who process the disclosed personal data that the data subject has requested that these other data controllers delete all links to these personal data and to copies or replications of these personal data, provided that the processing is not necessary. Our data protection officer or another employee will initiate the necessary measures in individual cases.

Every data subject affected by the processing of their personal data has the right, granted by European legislators and regulators, to request from the controller the restriction of the processing if one of the following prerequisites exists:

The accuracy of the personal data is disputed by the data subject, and this for a duration that enables the controller to check the accuracy of the personal data. 

The processing is unlawful, the data subject refuses deletion of the personal data and instead requests that use of the personal data be restricted. 

The controller no longer needs the personal data for the purposes of the processing, but the data subject needs the data in order to assert, exercise or defend their legal claims. 

The data subject has objected to the processing pursuant to Art. 21(1) of the GDPR and it is as yet unclear whether the justified reasons on the part of the controller outweigh those of the data subject. 

If one of the above-mentioned prerequisites applies and a data subject wishes to request the restriction of personal data that we have saved about them, the data subject can contact our data protection officer or another employee of the data controller at any time for this. Our data protection officer or another employee will initiate the data processing restriction.

Every data subject affected by the processing of their personal data has the right, granted by European legislators and regulators, to receive the personal data pertaining to them that were provided by them to a controller, in a structured, common and machine-readable format. The data subject also has the right to transmit these data to another controller without being impeded by the controller to which the personal data were provided, provided that the processing is based on consent pursuant to Art. 6(1)(a) of the GDPR or Art. 9(2)(a) of the GDPR or on a contract pursuant to Art. 6(1)(b) of the GDPR and the processing is done with the aid of an automated process, provided that the processing is not necessary for performing a task that is in the public interest or takes place in the exercise of official authority, which was transferred to the controller.

Furthermore, when exercising their right to data portability pursuant to Art. 20(1) of the GDPR, the data subject has the right to effectuate that the personal data are directly transmitted from one controller to another controller, provided that this is technically feasible and provided that the rights and freedoms of other persons are not impaired by this.

To exercise their right to data portability, the data subject can contact the data protection officer appointed by us or another employee at any time. 

Every data subject affected by the processing of their personal data has the right, granted by European legislators and regulators, to object to the processing of personal data pertaining to them which takes place based on Art. 6(1)(e) or (f) of the GDPR, at any time for reasons stemming from their exceptional situation. This also applies to profiling based on these provisions. 

In the event of an objection, we will no longer process the personal data, unless we can prove compelling legal grounds for the processing which outweigh the interests, rights and freedoms of the data subject, or the processing serves the assertion, exercise or defense of legal claims.

Additionally, the data subject has the right, for reasons stemming from their exceptional situation, to object to the respective processing of their personal data for scientific or historical research purposes pursuant to Art. 89(1) of the GDPR, unless such processing is necessary in order to fulfill a task in the public interest.

To exercise their right to objection, the data subject can directly contact our data protection officer or another employee. The data subject is also free, in connection with the use of the information society's services and regardless of Directive 2002/58/EC, to exercise their right to objection by means of an automated process for which technical specifications are used. Every data subject affected by the processing of their personal data has the right, granted by European legislators and regulators, to not be subjected to a decision solely based on automated processing – including profiling – which produces legal implications towards them or which similarly considerably adversely affects them, if the decision 

a) is not necessary for concluding or fulfilling a contract between the data subject and the controller, or 

b) is permissible based on the regulations of the Union or the Member States to which the controller is subject and these regulations entail appropriate measures for safeguarding the rights and freedoms as well as the legitimate interests of the data subject or

c) takes place with the express consent of the data subject.

If the decision

a) is necessary for concluding or fulfilling a contract between the data subject and the controller, or

b) takes place with the express consent of the data subject,

we will take appropriate measures to safeguard the rights and freedoms as well as the legitimate interests of the data subject, which entails at least the right to obtain human intervention on the part of the controller, to state their own stance and to appeal the decision.

If the data subject wants to exercise their rights with regard to automated decisions, they can contact our data protection officer or another employee of the data controller about this at any time. Every data subject affected by the processing of their personal data has the right, granted by European legislators and regulators, to revoke their consent to the processing of personal data at any time.

If the data subject wants to exercise their right to revoke consent, they can contact our data protection officer or another employee of the data controller about this at any time. 

Legal basis of the processing

Art. 6(1)(a) of the GDPR serves as the legal basis for processing processes, for which we obtain consent for a specific processing purpose. If processing personal data is necessary to fulfill a contract whose contractual party is the data subject, such as is the case with processing processes required for a service or a service in return,  for example, then the processing will be based on Art. 6(1)(b) of the GDPR. The same applies to such processing processes necessary for the implementation of pre-contractual measures, for example in cases of inquiries about our services.

If we are subject to a legal obligation necessitating processing of personal data, such as for the fulfillment of tax obligations, then the processing will be based on Art. 6(I)(c) of the GDPR. In rare cases, the processing of personal data might become necessary in order to protect vital interests of the data subject of another natural person. This would be the case, for example, if a visitor to our firm were to become injured and subsequently his name, age, health insurance information or other vital information had to be forwarded to a doctor, hospital or other third party. In this case, the processing would be based on Art. 6(1)(d) of the GDPR. Finally, processing processes could be based on Art. 6(f) of the GDPR. The processing processes that are based on this legal basis are those not covered by any of the previously mentioned legal bases, if the processing is necessary to safeguard our legitimate interests or those of a third party, provided that the interests, fundamental rights and fundamental freedoms of the data subject do not prevail. We are permitted such processing processes in particular because they have been specifically mentioned by European legislators. The legislators even voiced the opinion that a legitimate interest could be assumed if the data subject is a client of the controller (Recital 47(2) of the GDPR). 

Legitimate interests in the processing that are pursued by the controller or a third party

If the processing of personal data is based on Art. 6(1)(f) of the GDPR, then our legitimate interest is performing our business activities for the benefit of all our employees’ well-being.

The controller or their contact for questions about the collection, processing or use of your personal data, for information, correction, blocking or deletion of data as well as revocation of provided consent or objection to a specific data usage, please directly contact 

Liebert IT-Solutions GmbH & Co. KG
Drosteallee 18 
46354 Suedlohn 
Tel.: (+49) 2862 - 580123 
Fax: (+49) 2862 – 580124
E-Mail: Info@Liebert-IT.de
Web: https://www.Liebert-IT.de
Managing Director: Stefan Liebert 
USt.-ID: DE 225350621 
Commercial register: Coesfeld HRA 3042

Information on data protection in accordance with Art. 13, 14 and 21 of the European General Data Protection Regulation (GDPR) and Sections 32, 33 of the German Federal Data Protection Act (BDSG):

You can find the privacy policy of our notaries here.