Data Protection Information
Data Protection Information
The following information is to inform visitors to this website about data processing and especially about the collection and processing of personal data, i.e. data relating to an identifiable natural person, and any rights relating thereto.
- Controller and corporate data protection officer
The controller responsible for the operation of the website at https://mittelstein.de and the data processing involved pursuant to Art. 4 No. 7 of the General Data Protection Regulation (‘GDPR’) is
Rechtsanwälte Dr. Mittelstein & Partner PartG mbB
Alsterarkaden 20, D-20354 Hamburg
(see our legal notice).
Our data protection officer can be contacted at email@example.com or at the above-mentioned postal address by adding ‘data protection officer’.
- Access to the website for information purposes
If this website is accessed for information purposes, the following data, which the requesting browser transmits automatically to the server used for our website, are processed (so called Serverlogfiles):
- IP address of the requesting computer
- Date and time of the request
- Name and URL(s) of the retrieved file(s)
- Website from which access is gained (so-called referrer URL)
- Transmitted data volume
- Browser used and, if applicable, the operating system of the requesting computer as well as the name of the access provider
- Message whether the retrieval/access was successful
The purpose of this data processing is to ensure a smooth connection set-up, convenient use of the website and evaluation of system security and stability. The legal basis of this data processing, if personal data are concerned, is Art. 6(1)(f) of GDPR; our legitimate interest is based on the aforementioned purposes of data processing. The log file information automatically stored when you visit the website is normally deleted after 14 days if there is neither a legitimate interest nor a legal obligation to retain the data.
In the latter case, the processing will be limited to the minimum required and the data will be deleted after expiry of the period of retention or after the legitimate interests have ceased to exist.
It is not possible to visit our website without processing the aforementioned personal data.
- Contact by e-mail or via the contact form
If you contact us by e-mail or via the contact form made available on the website, we will need a valid e-mail address; further information (name and telephone number) is provided on a voluntary basis. We will process the data provided in order to deal with the specific request. The legal basis for this data processing is, depending on the individual case, Art. 6(1)(a) of GDPR (processing on the basis of consent), Art. 6(1)(b) of GDPR (data processing is necessary for the performance of a contract or in order to take steps prior to entering into a contract) or Art. 6(1)(f) of GDPR (legitimate interest in data processing).The data collected in this connection will be deleted after the specific request has been finally dealt with, unless there are statutory obligations to store the data or we have a legitimate interest in storing them. In such cases, the processing will be limited to the minimum required and the data will be deleted after expiry of the period of retention or after the legitimate interests have ceased to exist.
If you do not provide the necessary personal data, this means that we may only be able to process your enquiry to a limited extent or not at all.4. Data protection in applications for employment and in the application process
We process the personal data of applicants (e.g. name, contact details, education) for the purpose of handling of the application process. The processing can also be done electronically. This is especially the case if an applicant submits the corresponding application documents by electronic means, for example by e-mail. The legal basis for this data processing is, depending on the individual case, Article 6 (1) (a) of the General Data Protection Regulation (processing on the basis of consent), Article 6 (1) (b) of the General Data Protection Regulation (required data processing for fulfillment of a contract or in order to carry out pre-contractual measures) or Art. 6 (1) (f) of the General Data Protection Regulation (legitimate interest in data processing). If we conclude a contract of employment with an applicant, the transmitted data will be stored for the purpose of the employment relationship in compliance with the legal requirements. Should the application not be successful or be withdrawn by you,, the application documents will be automatically deleted two months after notification of the rejection letter, provided that deletion does not conflict with any other legitimate interests on our part. You are not obliged to provide us with personal data, but incomplete and inaccurate applications cannot be considered.
To enable the use of certain functions on this website and thus its operation and in order to make our website more attractive, cookies (so-called session cookies and temporary cookies) are used on this website. Cookies are small text files that are placed on the visitor’s terminal.
The legal basis for this data processing is Art. 6(1)(f) of GDPR (legitimate interest in the functionality and operation of the website) or Art. 6(1)(a) of GDPR (if the person concerned has given his or her consent). The cookies used on this website are exclusively so-called session cookies that are deleted after the end of the browser session, i.e. after the visitor has closed the browser.
Visitors may set their browser in such a way that they as users are informed of cookies being placed and may decide individually whether to accept them or to exclude the acceptance of cookies for certain cases or in general. We would like to point out that the functionality of this website may be limited if cookies are not accepted.
Session cookies are deleted after the end of the browser session, i.e. after the visitor closes the browser. The cookie used on this website to save the usage decision when the cookie banner is confirmed is deleted after 14 days.
Overview of the temporary cookies used:
|eu_cookie||www.mittelstein.de||14 days||HTTP Cookie|
- Integration of third party services and transfer of data
On our website, we also integrate third party services on the basis of our legitimate interest in the economic operation of an attractive and user-friendly website in accordance with Art. 6 (1)(f) of GDPR we also integrate services of third parties. By means of an external link, you can use the map services of “Google Maps” of the third-party provider Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5 Ireland. Please note that this means that the third-party provider may also obtain other personal data from you in addition to your IP address. Google Ireland Limited provides information on the handling of your personal data when using Google Maps: https://www.google.com/policies/privacy/.
Apart from that, personal data will only be passed on to third parties if we have the consent of the person concerned (legal basis: Art. 6(1)(a) of GDPR), the passing on is necessary for the assertion, exercise or defence of legal claims and there is no reason to assume that the person concerned has an overriding interest worthy of protection, (legal basis: Art. 6(1)(f) of GDPR), if there is a legal obligation (legal basis: Art. 6 (1)(b) of GDPR) or if this is necessary for the execution of contractual relationships. 6 (1)(b) of GDPR).
- General rights of the data subject
The data subject has the following general rights with regard to the processing of personal data by us:
- Right of access pursuant to Art. 15 of GDPR: The data subject may request information about the purposes of processing, the category of the personal data that are processed, the recipients or categories of recipients to whom his or her personal data have been or will be disclosed, the envisaged storage period, the existence of a right to rectification, deletion, restriction of processing or objection, the existence of a right to lodge a complaint, the source of their data where they are not collected by us as well as the existence of automated decision-making, including profiling, and meaningful information about details thereof, if any.
- Right to rectification pursuant to Art. 16 of GDPR: The data subject may demand the rectification of inaccurate personal data without undue delay or the completion of his or her personal data stored by us.
- Right to erasure (‘right to be forgotten’) pursuant to Art. 17 of GDPR: The data subject has the right to demand that we delete his or her personal data stored by us unless the processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defence of legal claims.
- Right to restriction of processing pursuant to Art. 18 of GDPR: The data subject may demand restriction of the processing of his or her personal data where the accuracy of the data is contested by the data subject, the processing is unlawful but the data subject opposes the erasure of the data and we no longer need the data, but the data subject requires them for the establishment, exercise or defence of legal claims or the data subject has objected to processing pursuant to Art. 21 of GDPR (see paragraph 8).
- Right to data portability pursuant to Art. 20 of GDPR: The data subject has the right to receive his or her personal data that he or she has provided to us in a structured, commonly used and machine-readable format or to demand transmission to another controller.
- Right to lodge a complaint with a supervisory authority (Art. 77 of GDPR): The data subject has the right to lodge a complaint with a supervisory authority. As a rule, the data subject may contact the supervisory authority of his or her habitual residence or place of work or of the registered office of our law firm for this purpose.
- Right to withdraw one’s consent
Pursuant to Art. 7(3) of GDPR, the data subject has the right to withdraw his or her consent to the processing of his or her personal data at any time with regard to us with effect for the future. An e-mail sent to firstname.lastname@example.org will suffice for this purpose.
- Right to object
Pursuant to Art. 21 of GDPR, the data subject has the right to object, on grounds relating to his or her particular situation, at any time to processing of his or her personal data if his or her personal data are processed on the basis of legitimate interests pursuant to Art. 6(1)(f) of GDPR; this would also apply to profiling based on these provisions, which is, however, not used on this website. If data subjects wish to avail themselves of their right to object, an e-mail sent to email@example.com will suffice.
The further course of action is laid down in Art. 21 of GDPR. In the case of direct marketing, which we, however, do not use, the personal data would not be used any more for this purpose if an objection is lodged. In other cases where an objection is lodged, further data processing will only take place if we demonstrate compelling grounds for processing that merit protection and override the interests, rights and freedoms of the data subject or the processing is useful for the establishment, exercise or defence of legal claims.
- Measures to ensure data security
We use suitable technical and organisational measures to protect personal data from accidental or intentional manipulation, partial or complete loss, destruction or from unauthorised third-party access. Our security measures are continuously improved according to the technical development.
Data sent via our contact form are transmitted using SSL encryption. However, we do not have any influence on the security of data transfer on the internet.
- Up-to-dateness of and changes to this data protection information
This data protection information was prepared in May 2018. It may become necessary to change this data protection information due to the further development of this website and offers relating thereto or due to altered legal and/or regulatory requirements. The current data protection information may be retrieved from this website at https://mittelstein.de/en/data-protection-information/ and printed at any time.