1. Person responsible
The controller for the collection, processing and use of your personal data within the meaning of Art. 4 No. 7 GDPR is
Geißler Rechtsanwalts GmbH & Co. KG
If you wish to object to the collection, processing or use of your data by us in accordance with these data protection provisions as a whole or for individual measures, you can address your objection to the controller.
2. General purposes of processing
We use personal data for the purpose of operating the website.
3. What data we use and why
3.1 Hosting
The hosting services we use serve to provide the following services: Infrastructure and platform services, computing capacity, storage space and database services, security services and technical maintenance services that we use for the purpose of operating the website.
In doing so, we, or our hosting provider, process inventory data, contact data, content data, contract data, usage data, meta and communication data of customers, interested parties and visitors to this website on the basis of our legitimate interests in the efficient and secure provision of our website in accordance with Art. 6 para. 1 sentence 1 lit. f) GDPR in conjunction with. Art.
3.2 Access data
We collect information about you when you use this website. We automatically collect information about your usage behaviour and your interaction with us and register data about your computer or mobile device. We collect, store and use data about every access to our website (so-called server log files). The access data includes
– Name and URL of the retrieved file
– Date and time of access
– Amount of data transferred
– Notification of successful retrieval (HTTP response code)
– Browser type and browser version
– Operating system
– Referrer URL (i.e. the previously visited page)
– Websites that are accessed by the user’s system via our website
– Internet service provider of the user
– IP address and the requesting provider
We use this log data without attribution to your person or other profiling for statistical evaluations for the purpose of the operation, security and optimisation of our website, but also to anonymously record the number of visitors to our website (traffic) and the extent and type of use of our website and services, as well as for billing purposes to measure the number of clicks received from cooperation partners. Based on this information, we can provide personalised and location-based content and analyse data traffic, search for and rectify errors and improve our service.
This is also our legitimate interest pursuant to Art. 6 para. 1 sentence 1 lit. f) GDPR.
We reserve the right to check the log data retrospectively if there is a justified suspicion of unlawful use based on concrete evidence. We store IP addresses in the log files for a limited period of time if this is necessary for security purposes or for the provision or billing of a service, e.g. if you use one of our offers. After cancelling the order process or after receipt of payment, we delete the IP address if it is no longer required for security purposes. We also store IP addresses if we have a concrete suspicion of a criminal offence in connection with the use of our website. We also store the date of your last visit as part of your account (e.g. when registering, logging in, clicking on links, etc.).
Log files are deleted after 6 months at the latest, unless there are special reasons for longer storage (suspicion of misuse, statutory retention periods, etc.).
Processor for the processing of data in connection with this website: gn2 GmbH, Hahnweg 61A, 96450 Coburg, Germany.
3.3 Cookies
We use a cookie consent tool from Borlabs (https://de.borlabs.io/borlabs-cookie/)
To give you comprehensive control over the use of cookies on our website, we use a cookie consent tool. This tool helps us to obtain and manage your consent to the storage of cookies and the processing of your personal data in accordance with legal requirements.
What are cookies?
Cookies are small text files that are stored on your end device and can store
information about your use of our website. This information can be used to recognise you on future visits and improve your user experience.
Types of cookies
We use the following types of cookies:
– Essential cookies: These are necessary for our website to function properly. Without these cookies, certain functions cannot be provided.
– Functional cookies: These enable us to offer you enhanced functions and personalisation.
– Performance cookies: These collect information about how visitors use our website in order to improve its performance.
– Marketing cookies: These are used to show you relevant content and adverts.
Your consent
When you visit our website for the first time, a banner informs you about the use of
cookies and asks for your consent. You can accept or reject the use of certain cookies. Your selection will be stored in a cookie on your end device so that your preferences are taken into account on future visits.
Managing and revoking your consent
You can change your cookie settings or withdraw your consent at any time via the
cookie consent tool on our website. You can also manage and delete cookies via your browser settings. Please note that disabling cookies may limit the functionality of our website.
Third-party cookies
Our cookie consent tool also allows you to manage third-party cookies that are
integrated on our website. Information about these third-party providers and their privacy practices can be found in the relevant sections of this privacy policy.
Legal basis
The processing of your personal data through the use of cookies is carried out in
accordance with Art. 6 para. 1 lit. a GDPR on the basis of your consent and in accordance with Art. 6 para. 1 lit. f GDPR on the basis of our legitimate interests in the optimisation and economic operation of our website.
Contact Us
If you have any questions or concerns regarding the use of cookies on our website,
you can contact us at any time using the contact details provided in our legal notice.
3.4 Email contact
If you contact us (e.g. by email), we will process your data to process your enquiry and in the event that follow-up questions arise.
If the data processing is carried out to implement pre-contractual measures that are carried out in response to your enquiry or, if you are already our customer, to implement the contract, the legal basis for this data processing is Art. 6 para. 1 sentence 1 lit. b) GDPR.
We only process other personal data if you consent to this (Art. 6 para. 1 sentence 1 lit. a) GDPR) or if we have a legitimate interest in processing your data (Art. 6 para. 1 sentence 1 lit. f) GDPR). A legitimate interest lies, for example, in responding to your email.
3.5 Applications
In the case of an application, we need your name, address, e-mail and telephone number in order to contact you. We also require a cover letter and a CV as a pdf file. The provision of further personal data is voluntary. Data processing for the purpose of deciding on the establishment of an employment, training or internship relationship is carried out in accordance with Art. 6 para. 1 sentence 1 lit. b) GDPR on the basis of the information voluntarily provided.
Application documents will be stored for a period of 6 months after completion of the application procedure, taking into account the objection periods of the General Equal Treatment Act (AGG), and then deleted. Further storage of the application documents for a period of up to two years will only take place if you have given your prior consent to data storage.
4. Storage period
Unless specifically stated, we only store personal data for as long as is necessary to fulfil the purposes pursued.
In some cases, the legislator provides for the storage of personal data, for example in tax or commercial law. In these cases, the data will only be stored by us for these legal purposes, but will not be processed in any other way and will be deleted after the statutory retention period has expired.
5. Your rights as a data subject affected by data processing
Under the applicable laws, you have various rights with regard to your personal data. If you wish to assert these rights, please send your enquiry by email or post, clearly identifying yourself, to the address given in the legal notice.
Below you will find an overview of your rights.
5.1 Right to confirmation and information
You have the right to clear information about the processing of your personal data.
You have the right to obtain confirmation from us at any time as to whether personal data concerning you is being processed. If this is the case, you have the right to request information from us free of charge about the personal data stored about you, together with a copy of this data. You also have the right to the following information:
– the purposes of the processing;
– the categories of personal data that are processed
– the recipients or categories of recipients to whom the personal data have been or
will be disclosed, in particular recipients in third countries or international organisations
– where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period
– the existence of a right to rectification or erasure of personal data concerning you or to restriction of processing by the controller or a right to object to such processing
– the existence of a right to lodge a complaint with a supervisory authority
– if the personal data is not collected from you, all available information about the origin of the data
– the existence of automated decision-making including profiling in accordance with 22 (1) and (4) GDPR and – at least in these cases – meaningful information about the logic involved and the scope and intended effects of such processing for you.
If personal data is transferred to a third country or to an international organisation, you have the right to be informed of the appropriate safeguards pursuant to Art. 46 GDPR in connection with the transfer.
5.2 Right to rectification
You have the right to obtain from us the rectification and, where applicable, completion of personal data concerning you.
You have the right to obtain from us without undue delay the rectification of inaccurate personal data concerning you. Taking into account the purposes of the processing, you have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
5.3 Right to erasure (‘right to be forgotten’)
In a number of cases, we are obliged to erase personal data concerning you.
In accordance with Art. 17 para. 1 GDPR, you have the right to demand that we delete personal data concerning you immediately and we are obliged to delete personal data immediately if one of the following reasons applies:
– The personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed.
– You revoke your consent on which the processing was based pursuant to Art. 6
para. 1 sentence 1 lit. a) GDPR or Art. 9 para. 2 lit. a) GDPR and there is no other legal basis for the processing.
– You object to the processing pursuant to Art. 21 (1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21 (2) GDPR.
– The personal data was processed unlawfully.
– The deletion of personal data is necessary to fulfil a legal obligation under Union law or the law of the Member States to which we are subject.
– The personal data have been collected in relation to the offer of information society services referred to in Art. 8(1) GDPR.
If we have made the personal data public and we are obliged to erase it in accordance with Art. 17 (1) GDPR, we shall take reasonable steps, including technical measures, taking into account the available technology and the implementation costs, to inform data controllers who process the personal data that you have requested them to erase all links to this personal data or copies or replications of this personal data.
5.4 Right to restriction of processing
In a number of cases, you are entitled to request that we restrict the processing of your personal data.
You have the right to obtain from us restriction of processing where one of the following applies:
– the accuracy of the personal data is contested by you, for a period enabling us to verify the accuracy of the personal data
– the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead
– we no longer need the personal data for the purposes of the processing, but you require the data for the establishment, exercise or defence of legal claims, or
– you have objected to processing pursuant to Art. 21 (1) GDPR pending the verification whether the legitimate grounds of our company override yours.
5.5 Right to data portability
You have the right to receive, transmit or have us transmit personal data concerning you in machine-readable form.
You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and you have the right to transmit those data to another controller without hindrance from us, where
– the processing is based on consent pursuant to Art. 6 para. 1 sentence 1 lit. a) GDPR or Art. 9 para. 2 lit. a) GDPR or on a contract pursuant to Art. 6 para. 1 sentence 1 lit. b) GDPR and
– the processing is carried out by automated means.
When exercising your right to data portability in accordance with paragraph 1, you have the right to obtain that the personal data be transferred directly by us to another controller, insofar as this is technically feasible.
5.6 Right to object
You have the right to object to the lawful processing of your personal data by us if this is based on your particular situation and our interests in the processing do not outweigh yours.
You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on point (e) or (f) of Article 6(1) GDPR, including profiling based on those provisions. We will no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the establishment, exercise or defence of legal claims.
If we process personal data for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing.
You have the right to object, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out for scientific or historical research purposes or for statistical purposes in accordance with Art. 89 (1) GDPR, unless the processing is necessary for the performance of a task carried out in the public interest.
5.7 Automated decisions including profiling
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.
Automated decision-making based on the personal data collected does not take place.
5.8 Right to withdraw consent under data protection law
You have the right to withdraw your consent to the processing of personal data at any time.
5.9 Right to lodge a complaint with a supervisory authority
You have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you is unlawful.
6. Data security
We make every effort to ensure the security of your data within the framework of the applicable data protection laws and technical possibilities.
Your personal data is transmitted to us in encrypted form. This applies to your orders and also to the customer login. We use the SSL (Secure Socket Layer) coding system, but would like to point out that data transmission over the Internet (e.g. when communicating by e-mail) may be subject to security vulnerabilities. Complete protection of data against access by third parties is not possible.
To secure your data, we maintain technical and organisational security measures in accordance with Art. 32 GDPR, which we constantly adapt to the state of the art.
We also do not guarantee that our service will be available at certain times; disruptions, interruptions or failures cannot be ruled out. The servers we use are carefully backed up on a regular basis.
7. Transfer of data to third parties, no data transfer to non-EU countries
In principle, we only use your personal data within our company.
If and to the extent that we involve third parties in the fulfilment of contracts (such as logistics service providers), they will only receive personal data to the extent that the transfer is necessary for the corresponding service.
In the event that we outsource certain parts of data processing (‘order processing’), we contractually oblige order processors to use personal data only in accordance with the requirements of data protection laws and to guarantee the protection of the rights of the data subject.
There is no data transfer to bodies or persons outside the EU and there are no plans to do so.
Data protection declaration for social media channels
This information supplements our general data protection information regarding the use of social media channels. We operate publicly accessible profiles on social networks, also known as social media profiles. Your visit to these profiles leads to a variety of data processing operations.
You can view the privacy policies for the following social networks
META (Instagram):
https://help.instagram.com/155833707900388 (for Instagram)
Agreement on joint responsibility pursuant to Art. 26 GDPR: https://www.facebook.com/legal/controller_addendum
LinkedIn:
Privacy policy: https://de.linkedin.com/legal/privacy-policy?trk=homepage-basic_footer-privacy-policy
Agreement on joint responsibility pursuant to Art. 26 GDPR: https://legal.linkedin.com/pages-joint-controller-addendum
In addition to our presence on social media platforms, we enable access to external social media platforms through links on our website. We use graphics from the respective provider for this purpose. These graphics do not establish a direct connection to the social media networks. They are used solely for the visual representation of the platforms in order to make it easy to reach the respective providers.
After forwarding by clicking on the link, the social media provider collects information from you.
It is generally possible that your data will be transferred to the USA when you visit our profile on one of the following platforms and may be processed there. This takes place within the framework of the GDPR, more precisely on the basis of the adequacy decision of the EU Commission pursuant to Art. 45 GDPR in conjunction with the respective legal basis of the processing by the respective controller.
Processing of personal data when operating a social media presence of the respective provider
On our Instagram page, we provide information about our services for interested parties. Visiting this page triggers processing operations.
The controller within the meaning of the General Data Protection Regulation (GDPR) is
Meta Platforms Ireland Ltd, 4 Grand Canal Square, Dublin 2, Ireland
You can contact Meta’s data protection officer at the following link https://www.facebook.com/help/contact/540977946302970
In some cases, there is also joint responsibility, see below under Insights. According to the agreement with Meta, Meta then assumes the obligations of the GDPR when you visit the platforms mentioned. This applies in particular to the following obligations
– Duty to provide information (e.g. Art. 13 GDPR)
You can assert your data subject rights directly against Meta, for example the right to information. Facebook ensures that your data is protected by technical and organisational measures.
Calling up my page
When you visit our site, Meta processes the following personal data under its own responsibility
Network and connections (IP address or connection speed, name of mobile phone or internet provider, language, time zone, mobile phone number, information about other devices nearby or in your network, if applicable);
Cookie data (authentication; security; website and product integrity; advertising, recommendations; insights and measurements; website functions and services; performance; analysis and research; third-party websites and apps);
– ‘Information and content provided by you’;
– ‘Networks and connections’;
– ‘Your use’;
– ‘Information about transactions conducted on our products’
– ‘Activities of others and information they provide about you’
– Device information (type of device, such as computer, phone, connected TV and other devices;
– Device attributes (operating system, hardware and software versions, battery level, signal strength, available storage space, browser type, app and file names and types, and plugins)
– Processes on the device;
– Identifiers (device IDs and other identifiers);
– Device signals (Bluetooth and WLAN (access points), beacons and radio cell towers in the vicinity).
If you have a Meta account and are logged in while visiting our site, the following personal data will also be processed by Meta:
Meta user ID
Meta regularly uses cookies (small text files that are stored on your device) to collect data, which are stored on your device when you visit our website, even if you do not have your own Meta profile or are not logged in during your visit. These cookies enable Meta to create user profiles based on preferences and interests and to display customised advertising (inside and outside Meta). Cookies are regularly stored on the end device until they are deleted.
Further information on the cookies used by Meta: https://www.facebook.com/policies/cookies/
Insights
As the operator of our site, we can only view the information stored in your public Meta profile, and only if you have such a profile and are logged in while visiting our site. In addition, Meta provides anonymous usage statistics (so-called insights), which we use to improve the user experience when visiting our site. We do not have access to the usage data that Meta collects to compile these statistics. Meta has undertaken to us to assume primary responsibility under the GDPR for the processing of this data, to fulfil all obligations under the GDPR with regard to this data and to make the essentials of this obligation available to the data subjects.
Further information on Meta’s obligations can be found above under ‘META’.
This data processing serves our legitimate interest in presenting ourselves to the outside world as an attractive employer or company and to improve the user experience when visiting our site on the platform in line with our target group. The legal basis for data processing is therefore Art. 6 para. 1 lit. f) GDPR, our overriding legitimate interest.
When you visit our website, your data may be processed outside the European Union, in particular in the USA. This may make it more difficult or impossible to enforce your rights.
We operate a LinkedIn company page on which we provide information about our services for interested parties. Visiting our site triggers various processing operations. ‘LinkedIn’ is a service of LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland.
Accessing our company page (registered / not registered)
When you visit our LinkedIn company page, LinkedIn processes at least the following personal data under its own responsibility:
– Technical information: Device ID, device data such as display ID, IP address, operating system and browser data.
LinkedIn regularly uses so-called cookies (small text files that are stored on your device) to collect the data, which are stored on your device when you visit our company page even if you do not have your own LinkedIn profile or are not logged into it during your visit to our company page. These cookies allow LinkedIn to create user profiles based on your preferences and interests and to display customised advertising. Cookies are regularly stored on your end device until you delete them.
Further information on the cookies used by LinkedIn: https://de.linkedin.com/legal/cookie-policy
Settings options for non-members: https://www.linkedin.com/psettings/guest-controls?trk=homepage-basic_footer-guest-controls.
If you have a LinkedIn account and are logged into it during your visit to our company website, the following personal data will also be processed:
– Registration: Name, email address, mobile phone number if applicable, password, payment and billing information when using the Premium service
– Profile: Depending on details, e.g. education, professional experience, photo, location or region, confirmation of knowledge.
– Publishing and uploading: Content that is uploaded or published by yourself
– Information from others: LinkedIn receives information about you from others if you use certain synchronisation functions. LinkedIn may then receive contact and calendar data from you.
LinkedIn Insights
The controller within the meaning of Art. 4 (7) GDPR in conjunction with Art. 26 GDPR is Art. 26 GDPR for ‘LinkedIn Insights’ are jointly LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland and Geißler Rechtsanwalts GmbH &. Co KG
In accordance with the agreement with LinkedIn, LinkedIn assumes all obligations under the GDPR when you visit the LinkedIn platform and when creating LinkedIn Insights, this applies in particular (but not exclusively) to the following obligations
– Information obligations (e.g. Art. 13 GDPR)
You can assert your data subject rights (Art. 12 – 22 GDPR) directly against LinkedIn, e.g. the right to information. LinkedIn ensures that your data is protected by technical and organisational measures.
To exercise your rights as a data subject, please contact LinkedIn directly: https://www.linkedin.com/help/linkedin/ask/cp-master?lang=de.
Information on the joint responsibility and in particular the obligations of LinkedIn can be found above under ‘LinkedIn’.
LinkedIn creates anonymised statistics (so-called Insights) from the personal data that LinkedIn collects. The Insights provided to us consist of aggregated data. We do not receive any data that is personally identifiable. We do not have access to the usage data that LinkedIn collects to compile the statistics.
As the operator of the LinkedIn company page, we can only view the information in your LinkedIn profile that you make public through your settings, and only if you have such a profile and are logged into it while you are visiting our company page.
This data processing serves our legitimate interests in improving the user experience when visiting our website in line with our target group. The legal basis for data processing is therefore Art. 6 para. 1 lit. f) GDPR.