Data Protection Information
Data Protection Information
The following information is to inform visitors to this website about data processing and especially about the collection and processing of personal data, i.e. data relating to an identifiable natural person, and any rights relating thereto.
- Controller and corporate data protection officer
The controller responsible for the operation of the website at https://mittelstein.de and the data processing involved pursuant to Art. 4 No. 7 of the General Data Protection Regulation (‘GDPR’) is
Rechtsanwälte Dr. Mittelstein & Partner PartG mbB
Alsterarkaden 20, D-20354 Hamburg
(see our legal notice).
Our data protection officer can be contacted at firstname.lastname@example.org or at the above-mentioned postal address by adding ‘data protection officer’.
- Access to the website for information purposes
If this website is accessed for information purposes, the following data, which the requesting browser transmits automatically to the server used for our website, are processed:
- IP address of the requesting computer
- Date and time of the request
- Name and URL of the retrieved file
- Website from which access is gained (so-called referrer URL)
- Browser used and, if applicable, the operating system of the requesting computer as well as the name of the access provider
The purpose of this data processing is to ensure a smooth connection set-up, convenient use of the website and evaluation of system security and stability. The legal basis of this data processing, if personal data are concerned, is Art. 6(1)(f) of GDPR; our legitimate interest is based on the aforementioned purposes of data processing. The data will be deleted within the time frame required by law, unless legitimate interests or statutory obligations to store the data prevent such a deletion. In the latter case, the processing will be limited to the minimum required and the data will be deleted after expiry of the period of retention or after the legitimate interests have ceased to exist.
- Contact by e-mail or via the contact form
If you contact us by e-mail or via the contact form made available on the website, we will need a valid e-mail address; further information (name and telephone number) is provided on a voluntary basis. We will process the data provided in order to deal with the specific request. The legal basis for this data processing is, depending on the individual case, Art. 6(1)(a) of GDPR (processing on the basis of consent), Art. 6(1)(b) of GDPR (data processing is necessary for the performance of a contract or in order to take steps prior to entering into a contract) or Art. 6(1)(f) of GDPR (legitimate interest in data processing).
The data collected in this connection will be deleted after the specific request has been finally dealt with, unless there are statutory obligations to store the data or we have a legitimate interest in storing them. In such cases, the processing will be limited to the minimum required and the data will be deleted after expiry of the period of retention or after the legitimate interests have ceased to exist.
4. Data protection in applications for employment and in the application process
We process the personal data of applicants for the purpose of handling of the application process. The processing can also be done electronically. This is especially the case if an applicant submits the corresponding application documents by electronic means, for example by e-mail. The legal basis for this data processing is, depending on the individual case, Article 6 (1) (a) of the General Data Protection Regulation (processing on the basis of consent), Article 6 (1) (b) of the General Data Protection Regulation (required data processing for fulfillment of a contract or in order to carry out pre-contractual measures) or Art. 6 (1) (f) of the General Data Protection Regulation (legitimate interest in data processing). If we conclude a contract of employment with an applicant, the transmitted data will be stored for the purpose of the employment relationship in compliance with the legal requirements. If we do not conclude a contract of employment with the applicant, the application documents will be automatically deleted two months after notification of the rejection letter, provided that deletion does not conflict with any other legitimate interests on our part.
To enable the use of certain functions on this website and thus its operation and in order to make our website more attractive, cookies are used on this website. Cookies are small text files that are placed on the visitor’s terminal.
The legal basis for this data processing is Art. 6(1)(f) of GDPR (legitimate interest in the functionality and operation of the website) or Art. 6(1)(a) of GDPR (if the person concerned has given his or her consent). The cookies used on this website are exclusively so-called session cookies that are deleted after the end of the browser session, i.e. after the visitor has closed the browser.
Visitors may set their browser in such a way that they as users are informed of cookies being placed and may decide individually whether to accept them or to exclude the acceptance of cookies for certain cases or in general. We would like to point out that the functionality of this website may be limited if cookies are not accepted.
6. Transfer of data to third parties
The recipient of the data in connection with use of our website is, first of all, our web hoster in order to enable the operation of the website (legal basis: Art. 6(1)(f) of GDPR). Otherwise, personal data are only transferred to third parties if the person concerned has given his or her express consent (legal basis: Art. 6(1)(a) of GDPR), the transfer is required to assert, exercise or defend legal claims and there is no reason to assume that the person concerned has an overriding interest meriting protection (legal basis: Art. 6(1)(f) of GDPR), if there is a statutory obligation (legal basis: Art. 6(1)(c) of GDPR) or this is required for the performance of contractual relationships with the person concerned (legal basis: Art. 6(1)(b) of GDPR).
This website uses Google Maps to visualize geographic information. As a result of visiting the website, data are also passed on to Google: Google receives the information that the visitor in question has accessed the corresponding sub-page of our website. In addition, the data mentioned under Section 2 of this data privacy information are transmitted. This is done regardless of whether Google provides a user account that the respective visitor is logged in, or if there is no user account. When the visitor is logged in to Google, his data is assigned directly to their account. If the visitor does not want the assignment with his profile on Google, he must log out before activating the button. Google stores the data of visitors as usage profiles and uses them for purposes of advertising, market research and / or need-based website design. The visitor has a right to object to the formation of these user profiles, whereby he must direct/ address his objections to Google for the exercise thereof. Further information on the purpose and scope of the data collection and its processing by the plug-in provider is available to visitors in Google’s privacy policies. Visitors can also get more information about their rights and privacy settings here: http://www.google.com/intl/en/policies/privacy .
Google also processes personal information in the United States (third country). Google has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
7. General rights of the data subject
The data subject has the following general rights with regard to the processing of personal data by us:
- Right of access pursuant to Art. 15 of GDPR: The data subject may request information about the purposes of processing, the category of the personal data that are processed, the recipients or categories of recipients to whom his or her personal data have been or will be disclosed, the envisaged storage period, the existence of a right to rectification, deletion, restriction of processing or objection, the existence of a right to lodge a complaint, the source of their data where they are not collected by us as well as the existence of automated decision-making, including profiling, and meaningful information about details thereof, if any.
- Right to rectification pursuant to Art. 16 of GDPR: The data subject may demand the rectification of inaccurate personal data without undue delay or the completion of his or her personal data stored by us.
- Right to erasure (‘right to be forgotten’) pursuant to Art. 17 of GDPR: The data subject has the right to demand that we delete his or her personal data stored by us unless the processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defence of legal claims.
- Right to restriction of processing pursuant to Art. 18 of GDPR: The data subject may demand restriction of the processing of his or her personal data where the accuracy of the data is contested by the data subject, the processing is unlawful but the data subject opposes the erasure of the data and we no longer need the data, but the data subject requires them for the establishment, exercise or defence of legal claims or the data subject has objected to processing pursuant to Art. 21 of GDPR (see paragraph 8).
- Right to data portability pursuant to Art. 20 of GDPR: The data subject has the right to receive his or her personal data that he or she has provided to us in a structured, commonly used and machine-readable format or to demand transmission to another controller.
- Right to lodge a complaint with a supervisory authority (Art. 77 of GDPR): The data subject has the right to lodge a complaint with a supervisory authority. As a rule, the data subject may contact the supervisory authority of his or her habitual residence or place of work or of the registered office of our law firm for this purpose.
8. Right to withdraw one’s consent
Pursuant to Art. 7(3) of GDPR, the data subject has the right to withdraw his or her consent to the processing of his or her personal data at any time with regard to us with effect for the future. An e-mail sent to email@example.com will suffice for this purpose.
9. Right to object
Pursuant to Art. 21 of GDPR, the data subject has the right to object, on grounds relating to his or her particular situation, at any time to processing of his or her personal data if his or her personal data are processed on the basis of legitimate interests pursuant to Art. 6(1)(f) of GDPR; this would also apply to profiling based on these provisions, which is, however, not used on this website. If data subjects wish to avail themselves of their right to object, an e-mail sent to firstname.lastname@example.org will suffice.
The further course of action is laid down in Art. 21 of GDPR. In the case of direct marketing, which we, however, do not use, the personal data would not be used any more for this purpose if an objection is lodged. In other cases where an objection is lodged, further data processing will only take place if we demonstrate compelling grounds for processing that merit protection and override the interests, rights and freedoms of the data subject or the processing is useful for the establishment, exercise or defence of legal claims.
10. Measures to ensure data security
We use suitable technical and organisational measures to protect personal data from accidental or intentional manipulation, partial or complete loss, destruction or from unauthorised third-party access. Our security measures are continuously improved according to the technical development.
Data sent via our contact form are transmitted using SSL encryption. However, we do not have any influence on the security of data transfer on the internet.
11. Up-to-dateness of and changes to this data protection information
This data protection information was prepared in May 2018. It may become necessary to change this data protection information due to the further development of this website and offers relating thereto or due to altered legal and/or regulatory requirements. The current data protection information may be retrieved from this website at https://mittelstein.de/en/data-protection-information/ and printed at any time.