Data Privacy Statement
Partnership Company with limited liability
Stresemannstraße 20 – 22
We, GRÜTER Attorneys Partnership Company with limited liability, thank you for visiting our website. As a law firm and notary’s office the safe dealings with your data is particularly im-portant for us. Hence, we would like to inform you herewith in detail about the use of your data during your visit of our website.
Person responsible for the processing
Partnership Company with limited liability
Stresemannstraße 20 – 22
Phone: +49 203 30 50 9-0
Fax: +49 203 30 50 9-200
Terms and definitions
Our Data Privacy Statement bases on the terms and definitions, which have been used by the European Directive and Regulatory Authority through the enactment of the General Data Pro-tection Regulation (DSGVO). Our Data Privacy Statement shall be simply readable and com-prehensible for the public as well as for our customers and business partners. In order to en-sure this, we would like to explain the terms and definitions used in advance.
We use in our Data Privacy Statement inter alia the following terms and definitions:
• Personal data
Personal data means any information relating to an identified or identifiable natural person (hereinafter “Data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more fac-tors specific to the physical, psychological, genetic, mental, economic, cultural or social identity of that natural person.
• Data subject
Data subject means an identified or identifiable natural person, whose personal data are processed for the processing by the controller.
Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collec-tion, recording, organization, structuring, storage, adaption or alteration, retrieval, con-sultation, use, disclosure by transmission, dissemination or otherwise making availa-ble, alignment or combination, restriction, erasure or destruction.
• Restriction of processing
Restriction of processing means the marking of stored personal data with the aim of limiting their processing in the future.
Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze and predict aspects concerning that natural person’s perfor-mance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or movements.
Pseudonymization means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.
• Controller or for the processing responsible person
Controller or for the processing responsible person means the natural or legal person, public authority, agency or other body, which alone or jointly with others, determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or member state law, the controller or the specific criteria for its nomination may be provided for by Union or member state law.
Processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
Recipient means a natural or legal person, public authority, agency or another body to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or member state law shall not be regarded as recipients.
• Third party
Third party means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data.
Consent of the data subject means any freely given, specific, informed and unambigu-ous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
Recording of data
Our website records with any call up of the website by a data subject or an automated pro-cessing system a set of general data and information. These general data and information will be stored in the logfiles of the server. The following general data and information could be rec-orded:
a) browser types and versions used,
b) the system software used by the assessing system,
c) the website, from which the assessing system enters our website (so-called referrer),
d) sub-webpages, which have entered our website through an assessing system,
e) the date and the time of the access of our website,
f) an IP address,
g) the internet service provider of the assessing system and
h) any other similar data and information which serve for the hazard control in case of attack of our information technology systems.
While using these general data and information, we will not draw conclusions from the data subject. Rather, these information are needed to
a) deliver the contents of our website correctly,
b) optimize the contents of our website,
c) ensure the permanent functionality of our information technology systems and the technology of our website as well as
d) provide the information necessary for the prosecution by the law enforcement agencies in case of a cyber attack.
These data and information being collected anonymous will be evaluated by us for statistical reasons as well as with the aim to increase our data protection and data security in order to ultimately secure an optimal level of protection for the personal data being processed by us. The anonymous data of the server logfiles will be stored separately from all personal data be-ing specified by the data subject.
Statutory or stipulated provisions for the supply of personal data; necessity for the con-tract conclusion; obligation of the data subject to provide the personal data; potential consequences in case of non-provisioning
We herewith explain to you that the provisioning of personal data is partially prescribed by law (for example tax regulations) or follows from stipulated provisions (for example details regard-ing the contractual partner). From time to time it can be necessary for a contract conclusion that the data subject makes personal data available to us, which have to be processed by us subsequently. The data subject is for instance obliged to provide us personal data, if we con-clude a contract with that natural person. A non-provisioning of personal data would lead to the consequence that the contract with the data subject could not be concluded. Before providing personal data, the person concerned shall contact our data protection officer. Our data protec-tion officer will explain to the data subject on individual cases, whether the provision of per-sonal data is statutory or contractually prescribed or necessary for the contract conclusion, whether an obligation is existing to provide personal data and the legal consequences in case of a non-provisioning of personal data.
Contact information how to contact us through our Website
By virtue of legal provisions our homepage contains information, which facilitate a prompt electronic personal contact with us as well as a direct communication with our contact per-sons, which also include a general address of the so-called electronic mail (E-Mail address). In case a data subject contacts the person responsible for the processing through E-Mail, the personal data being transmitted by the data subject will be automatically stored. Such person-al data being transmitted on a voluntary basis by the data subject to the person responsible for the processing will be stored for the purpose of processing or the contacting of the data sub-ject. A dissemination of these personal data to third parties will not take place.
In order to make the visit to our website attractive and to enable the use of certain functions, we use so-called cookies on various pages. These are small text files that are stored on your end device. Some of the cookies we use are deleted after the end of the browser session, i.e. after closing your browser (so-called session cookies). Other cookies remain on your end de-vice and allow us to recognize your browser on your next visit (persistent cookies). You can set your browser so that you can be informed about the setting of cookies and individually de-cide on their acceptance or exclude the acceptance of cookies for specific cases or in general. Failure to accept cookies may limit the functionality of our website.
Use of Google (Universal) Analytics for web analytics
This website uses Google (Universal) Analytics, a web analytics service provided by Google Inc. (www.google.com). Google (Universal) Analytics uses methods that allow you to analyze the use of the website, such as so-called “cookies”, text files that are stored on your computer. The generated information about your use of this website is usually transmitted to a Google server in the USA and stored there. By activating IP anonymization on this website, the IP address will be shortened prior to transmission within the member states of the European Un-ion or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be sent to a Google server in the US and shortened there. The anonymized IP address provided by Google Analytics within the scope of Google Analytics will not be merged with other data provided by Google.
You can prevent the collection of the data (including your IP address) generated by the cookie and related to your use of the website from Google as well as the processing of these data by Google by downloading and installing the browser plug-in available under the following link: https://tools.google.com/dlpage/gaoptout?hl=en
As an alternative to the browser plug-in, you can click on this link to prevent the collection by Google Analytics on this website in the future. An opt-out cookie is stored on your end device. If you delete your cookies, you must click the link again.
Click on the button below to stop the tracking by Google Analytics.
This site uses the mapping service Google Maps via an API. Provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
To use the features of Google Maps, it is necessary to save your IP address. This information is usually transmitted to and stored on a Google server in the United States. The provider of this webpage has no influence on this data transfer.
The use of Google Maps is for the sake of an appealing presentation of our online offers and an easy traceability of the places we have indicated on the website. This constitutes a legiti-mate interest within the meaning of Art. 6 para. 1 lit. f DSGVO.
For more information on how to handle user data, please refer to Google’s Privacy Declara-tion: https://www.google.com/intl/en/policies/privacy/.
Facebook plug-ins (Like & Share button)
On our webpages plug-ins of the social network Facebook, provider Facebook Inc., 1 Hacker Way, Menlo Park, California 94025, USA, are integrated. The Facebook plugins can be recog-nized by the Facebook logo or the “Like-Button” (“Like”) on our website. An overview of the Facebook plug-ins can be found here: https://developers.facebook.com/docs/plugins/.
If you visit our webpages, we a direct connection between your browser and the Facebook server will be established via the plug-in. Facebook receives the information that you have visited our website with your IP address. If you click on the Facebook “Like-Button” while you are logged into your Facebook account, you can link the contents of our pages to your Face-book profile. As a result, Facebook can assign the visit to our pages to your user account. We point out that we as the provider of the pages are not aware of the content of the data transmit-ted and their use by Facebook. For more information, please refer to the Facebook Privacy Declaration at: https://www.facebook.com/privacy/explanation.
If you do not wish Facebook to associate your visit to our pages with your Facebook user ac-count, please log out of your Facebook user account.
The use of Facebook plug-ins is based on Art. 6 para. 1 lit. f DSGVO. The website operator has a legitimate interest in the widest possible visibility in the social media.
Our website uses functions of the network XING. Provider is the XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany.
Each time you visit one of our sites that contains XING features, it will connect to the servers of XING. A storage of personal data is not done to our knowledge. In particular, no IP ad-dresses are stored nor the usage behavior is evaluated.
The use of the XING plug-in is based on Art. 6 para. 1 lit. f DSGVO. The website operator has a legitimate interest in the widest possible visibility in the social media.
Further information on data protection and the XING Share button can be found in XING’s data protection declaration at: https://www.xing.com/app/share?op=data_protection.
Notice of changes
Changes to the law or changes to our internal processes may require an adjustment to this Data Protection Statement. In the event of such a change, we will notify you of this no later than six weeks prior to an entry into force. You are entitled to a right of withdrawal (paragraph 6) regarding your granted consent. Please note that (unless you use your right of withdrawal) the current version of the Data Protection Statement is the valid one.
Update / deletion of your personal data
You have the opportunity at any time to review, change or delete the personal data provided to us by sending us an e-mail to email@example.com.
Likewise, you have the right to revoke at any time once granted consents with effect for the future. The deletion of stored personal data occurs when you revoke your consent to storage.
The controller or the person responsible for the processing shall process and store the per-sonal data of the data subject only for the period necessary to achieve the purpose of the stor-age or, as provided for by law of the European Directive and Regulatory Authority or any other legislative body, which the controller is subject to.
If the purpose of the storage is omitted or if a storage period prescribed by the European Di-rective and Regulatory Authority or any other relevant legislative body expires, the personal data will be blocked or deleted routinely and in accordance with the statutory provisions.
Rights of data subjects
Each data subject has the right granted by the European Directive and Regulatory Authority to require the controller or the person responsible for the processing to confirm whether personal data in question is being processed. If an affected person wishes to make use of this confirma-tion right, they can contact our data protection officer or another employee of the controller at any time.
Any person affected by the processing of personal data shall have the right granted by the European Directive and Regulatory Authority at any time to obtain from the controller data concerning the personal data stored therein and a copy of such information free of charge. Furthermore, the European Directive and Regulatory Authority has granted the data subject the following information:
• the processing purposes,
• the categories of personal data being processed,
• the recipients or categories of recipients to whom the personal data have been dis-closed or are still being disclosed, in particular to beneficiaries in third countries or in-ternational organizations,
• if possible, the intended duration for which the personal data will be stored or, if this is not possible, the criteria for determining that duration,
• the existence of a right to correction or deletion of the personal data relating to it or to a restriction of processing by the controller or a person responsible for the processing or a right to object to such processing,
• the existence of a right of appeal to a supervisory authority,
• if the personal data are not collected from the data subject: all available information about the source of the data,
• the existence of automated decision-making including profiling in accordance with Arti-cle 22 para. 1 and 4 DSGVO and, at least in these cases, significant information about the logic involved as well as the scope and intended impact of such processing on the individual concerned.
Furthermore, the data subject has a right of access as to whether personal data has been transmitted to a third country or to an international organization. If that is the case, then the data subject has also the right to obtain information about the appropriate guarantees in con-nection with the transfer.
If an affected person wishes to exercise this right to information, he or she can contact our data protection officer or another employee of the controller at any time.
Any natural person affected by the processing of personal data has the right granted by the European Directive and Regulatory Authority to demand the immediate correction of incorrect personal data concerning him or her. Furthermore, the data subject has the right, subject to the purposes of the processing, to request the completion of incomplete personal data, including by means of a supplementary declaration.
If an affected person wishes to exercise this right of correction, he or she can contact our data protection officer or another member of the data controller at any time.
Any person affected by the processing of personal data has the right granted by the European Directive and Regulatory Authority to require the controller or the person responsible for the processing to immediately delete the personal data concerning him or her, provided that one of the following causes apply and as long as the processing is not required:
• The personal data have been collected for such purposes or processed in any other way for which they are no longer necessary.
• The data subject revokes his or her consent, to which the processing pursuant to Arti-cle 6 para. 1 lit. a DSGVO or Article 9 para. 2 lit. a DSGVO was based, and there is no other legal basis for the processing existing.
• In accordance with Article 21 para. 1 DSGVO, the data subject submits an objection to the processing and there are no prior legitimate reasons for the processing, or the per-son concerned objects to the processing pursuant to Article 21 para. 2 DSGVO.
• The personal data were processed unlawfully.
• The deletion of personal data is necessary to fulfill a legal obligation under Union or national law, to which the controller or the person responsible for the processing is sub-ject.
• The personal data were collected in relation to services offered by the information so-ciety pursuant to Article 8 para. 1 DSGVO.
If one of the above reasons is applicable and an affected person wishes to arrange for the deletion of personal data held by us, he or she may, at any time, contact our data protection officer or another member of the data controller’s team. Our data protection officer or another employee will arrange that the deletion request be fulfilled immediately.
If personal data have been made public by us and if we as the controller are obliged to delete personal data pursuant to Article 17 para. 1 DSGVO, we will take appropriate measures, in-cluding technical ones, taking into account the available technology and the implementation costs, to inform other data controllers processing the published personal data that the data subject has requested that these other data controllers delete all links to such personal data or copies or replications of such personal data, unless the processing is required. Our data pro-tection officer or another employee will arrange the necessary action in individual cases.
Any person concerned by the processing of personal data has the right granted by the Euro-pean Directive and Regulatory Authority to require the controller to restrict the processing if one of the following conditions is met:
• The accuracy of the personal data is contested by the person concerned, for a period of time that enables the person responsible for the processing to check the accuracy of the personal data.
• The processing is unlawful. However, the data subject refuses to delete the personal data and instead requests the restriction of the use of personal data.
• The controller no longer needs the personal data for processing purposes, but the data subject requires them to assert, exercise or defend his or her legal claims.
• The data subject has objected to the processing pursuant to Article 21 para.1 DSGVO and it is not yet clear, whether the legitimate reasons of the person responsible for the processing outweigh those of the data subject.
If one of the above conditions is met and an affected person wishes to request the restriction of personal data stored by us, he or she may at any time contact our data protection officer or another person in charge of the data processing. Our data protection officer or another em-ployee will cause the restriction of processing.
Any person affected by the processing of personal data shall have the right granted by the European Directive and Regulatory Authority to receive personal data provided by the data subject to a controller in a structured, common and machine-readable format. He or she also has the right to transfer this data to another person without hindrance by the person responsi-ble for receiving the personal data, provided that the processing is based on the consent pur-suant to Article 6 para. 1 lit. a DSGVO or Article 9 para. 2 lit. a DSGVO or on a contract pur-suant to Article 6 para. 1 lit. b DSGVO and the processing is carried out by automated means, unless the processing is necessary for the performance of a task of public interest or in the exercise of official authority delegated to the controller.
Furthermore, in exercising their right to data portability under Article 20 para. 1 of the DSGVO, the data subject has the right to cause that the personal data are transmitted directly from one controller to another, provided that this is technically feasible and does not affect the rights and freedoms of others.
To assert the right to data portability, the data subject may at any time contact our data protec-tion officer or another employee appointed by us.
Any person affected by the processing of personal data shall have the right granted by the European Directive and Regulatory Authority at any time, for reasons arising from its particular situation, to object against the processing of personal data pertaining to it under Article 6 para. 1 lit. e or lit. f DSGVO. This also applies to a profiling based on these provisions.
In the event of an objection, we will no longer process personal data, unless we can demon-strate imperative legitimate grounds for processing that outweigh the interests, rights and free-doms of the data subject, or unless the processing is for the purpose of asserting, exercising or defending legal claims.
In addition, the data subject has the right, for reasons that arise from their particular situation, to object against the processing of personal data relating to them, which we carry out for sci-entific or historical research purposes or for statistical purposes pursuant to Article 89 para. 1 DSGVO, unless such processing is necessary to fulfill a public interest task.
In order to exercise the right of objection, the data subject can directly contact our data protec-tion officer or another employee. The affected person is also free, in the context of the use of information society services, notwithstanding Directive 2002/58 / EC, to exercise its right of objection by means of automated procedures using technical specifications. Any person af-fected by the processing of personal data shall have the right granted by the European Di-rective and Regulatory Authority not to be subject to a decision based solely on automated processing, including profiling, which has a legal effect on him or her or which seriously im-pairs him or her in a similar way, if the decision
a) is not required for the conclusion or performance of a contract between the data sub-ject and the controller; or
b) is authorized by Union or Member State legislation to which the controller is subject and where such legislation contains appropriate measures to safeguard the rights and freedoms as well as the legitimate interests of the data subject; or
c) complies with the expressed consent of the data subject.
If the decision is
a) necessary for the conclusion or performance of a contract between the data subject and the controller; or
b) takes place with the expressed consent of the data subject,
we shall take reasonable measures to safeguard the rights and freedoms as well as the legiti-mate interests of the data subject, including at least the right to obtain the intervention of a person by the controller, to state his or her own position and to contest the decision.
If the data subject wishes to enforce automated decision-making rights, he or she may contact our data protection officer or another member of the data controller’s team at any time. Any person affected by the processing of personal data has the right granted by the European Di-rective and Regulatory Authority to revoke consent to the processing of personal data at any time.
If the data subject wishes to assert his or her right to withdraw consent, he or she may at any time contact our data protection officer or another member of the data controller’s team.
Legal basis of processing
Article 6 para. 1 lit. a DSGVO serves as the legal basis for processing operations where we obtain consent for a particular processing purpose. If the processing of personal data is re-quired to fulfill a contract of which the data subject is a party, as the case may be, for example in processing operations necessary for a service or consideration, the processing is based on Article 6 para. 1 lit. b DSGVO. The same applies to processing operations that are necessary to carry out pre-contractual measures, for example in cases of inquiries about our services.
If we are subject to a legal obligation which requires the processing of personal data, such as the fulfillment of tax obligations, the processing is based on Article 6 para. 1 lit. c DSGVO. In rare cases, the processing of personal data may be required to protect the vital interests of the data subject or another natural person. This would be the case, for example, if a visitor to our firm were injured and his name, age, health insurance or other vital information would have to be passed on to a doctor, hospital or other third party. Then processing would be based on Article 6 para. 1 lit. d DSGVO. Ultimately, processing operations could be based on Art. 6 pa-ra. 1 lit. f DSGVO, pursuant to which processing operations that are not covered by any of the above-mentioned legal bases are permitted, if processing is necessary to safeguard our legit-imate interests or those of a third party, unless the interests, fundamental rights and funda-mental freedoms of the person concerned prevail. Such processing operations are particularly permitted to us, because they have been specifically mentioned by the European legislator. In that regard, the European legislator has considered that a legitimate interest could be as-sumed if the data subject is a customer of the controller (recital 47, second sentence, DSGVO).
Legitimate interests in the processing that are being pursued by the controller or a third party
Is the processing of personal data based on Art. 6 (1) lit. f DSGVO, our legitimate interest is to carry out our business for the benefit of all our employees.
The person responsible or your contact person
If you have any questions regarding the collection, processing or use of your personal data, information, correction, blocking or deletion of data as well as revocation of granted consent or objection to a certain use of data, please contact directly
Dr. Sebastian van den Bergh
GRÜTER Attorneys Partnership Company with limited liability
Phone: +49 203 30509-173
Fax: +49 203 30509-273