Protection of personal data and responsible handling of information that you entrust to us are important and special concerns for us. PLANIT // LEGAL Rechtsanwaltsgesellschaft mbH (PLANIT // LEGAL) processes personal data only in accordance with legal requirements, in particular the EU Data Protection Regulation (GDPR) and the German Federal Data Protection Act (Bundesdatenschutzgesetz or BDSG).
This privacy policy contains information how we process personal data in the case you
- visit our website (see section 2)
- conclude contracts with us (see section 3)
- are involved in legal proceedings as a third party – e.g. as a negotiation partner or party in a court case (see Section 4)
- apply for a job (see section 5)
- use internet-based videoconferencing software to contact us (see Section 6)
Further, this privacy policy contains information on recipients of your personal data within the EEA (see section 7) and third countries (see section 8), deletion of your personal data and retention periods (see section 9), your rights as a data subject (see section 10) and automated decision making (see section 11).
1. Controller
Controller in the meaning of data protection law: PLANIT // LEGAL Rechtsanwaltsgesellschaft mbH, Jungfernstieg 1, 20095 Hamburg; mail@planit.legal; for further information refer to our imprint page.
2. Website Visit
When you visit our websites (planit.legal), we collect personal data to enable your use (“Usage Data”) to the extent described in section 2.1. In addition, personal data may be processed for other purposes as described under 2.2 et seq. Please find below information on legal basis, purposes and, if applicable, legitimate interests and the necessity of processing your personal data.
2.1 Data Processing to Enable the Use of the Website
Usage Data includes your IP address and information on start, end, your use of the website and identification data. It also includes technical data transmitted by your browser such as browser type / browser version, previously visited website (referrer URL), monitor resolution, operating system, if applicable device information (e.g. device type) etc. We process these data for the provision and demand-oriented design of this website in our legitimate interest (Art. 6(1)(f) GDPR). If you are interested in detailed information on the balancing of your and our interests, please refer to the addresses in section 1.
2.2 Social Networks
Our website contains links to social networks (Twitter, YouTube and Xing). These services are operated exclusively by third parties. If you follow the links, information may be transferred to these providers. The purpose and scope of the data processing by the provider as well as your rights and setting options for the protection of your privacy can be found in the privacy policy of the provider:
Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
https://policies.google.com/privacy
LinkedIn Corporation, 2029 Stierlin Court, Mountain View, California 94043, USA
http://www.linkedin.com/legal/privacy-policy/
Twitter, Inc., 1355 Market St, Suite 900, San Francisco, California 94103, USA
https://twitter.com/privacy/
Xing AG, Gänsemarkt 43, 20354 Hamburg, DE
https://www.xing.com/privacy
2.3 Contact Form and Comment Function in our Blog
We process your personal data when you use our contact form or comment function of our blog.
If you contact us via the contact form provided, your details will be stored in order to respond to your enquiry. If you personally have a client relationship with us, or if you are enquiring about our services, the legal basis is either the performance of or preparations to enter into a contract (Art. 6(1)(b) GDPR. In all other cases, the legal basis is our legitimate interest in providing a contract form (Art. 6(1)(f) GDPR). You are neither obliged to contact us via the contact form nor to provide personal data. If you do not provide your personal information, we may not be able to process your request. Otherwise there will be no consequences for you. If you are interested in detailed information on the balancing of your and our interests, please refer to the addresses in section 1.
If you leave a comment on our Blog (given that the respective Blog page has that feature enabled), the data you have submitted (Name, email address, and the comment itself) will be saved in order to display your message under the respective blog post. Your personal data will be processed on the basis of your expressed consent pursuant to Art. 6 (1)(a) GDPR. You are neither obliged to leave a comment nor to provide personal data. If you do not provide your personal data, you may not be able to leave a comment. Otherwise there will be no consequences for you.
3. Conclusion and Performance of Contracts
Insofar as it is necessary order to conclude or to perform contracts with you (e.g. attorney mandate; appointment as data protection officer), we process your personal data. Please find below information on legal basis, purposes and the necessity of processing your personal data.
The legal basis for processing your personal Data for this purpose is Art. 6(1)(b)GDPR. We process your personal data to establish and carry out the contractual relationship. This requires provision of your personal data. You are not obliged to provide your personal data, but if you do not provide it, it may not possible to establish and carry out the contractual relationship. Otherwise there will be no consequences for you.
In addition, we also process data of persons with whom no (direct) client relationship exists, insofar as this is necessary for the initiation or execution of client relationships. For example, we may process your data if you are a representative, contact person or employee of a company that is our client. In this case, the legal basis is our legitimate interest in the initiation or execution of the respective client relationship (Art. 6(1)(f) GDPR).
As we advise on IT law and data protection law, we do not normally process special types of personal data within the meaning of Art. 9(1) GDPR. However, if processing of special types of personal data is exceptionally necessary for the purposes mentioned in this Section 3 (e.g. processing of health data in connection with claims for damages), the legal basis is the assertion, exercise or defence of legal claims (Art. 9(2)(f) GDPR).
4. Pursuit of our clients’ interests against you; other participation as a third party in a client relationship
If we pursue the interests or claims of our clients against you (or against a company whose representative or contact person you are) in or out of court, we may process your personal data in the course of this. The same applies if you (or a company of which you are a representative, employee or contact person) are involved in other judicial or extrajudicial proceedings (e.g. as a business or negotiating partner, as a party invited to a meeting, as a fellow party in a dispute, or as an employee of an authority or court) and the processing is necessary for the execution of the mandate relationship.
The legal basis for the processing of your personal data in this context is Art. 6(1)(f) GDPR. Our legitimate interest is to effectively implement the interests and claims of our clients. This interest also requires the direct contact and the collection of data from claimants, potential witnesses and other third parties relevant to the case.
As we advise in IT law and data protection law, we do not usually process special types of personal data in the sense of Art. 9(1) GDPR. However, if processing of special types of personal data is, as an exception, necessary for the purposes mentioned in this Section 4 (e.g. processing of health data in connection with claims for damages), the legal basis is processing for the purpose of asserting, exercising or defending legal claims (Art. 9(2)(f) GDPR).
In this context, data will only be passed on to third parties to the extent that this is necessary for the execution of the mandate and insofar as further legal prerequisites to be observed exist.
5. Job Applications
Within the application process, regardless of whether the application is made by e-mail or by post, we process your personal data.
The legal basis for processing your personal Data are Sec. 26(1), (8)(2) BDSG or Sec. 26(2), (8)(2) BDSG. We process your personal data for the purpose of contacting you and assessing whether or not you are the right candidate for the position. It is not possible to apply for a job without providing personal data. You are neither obliged to apply to PLANIT // LEGAL nor to provide personal data. If you do not provide your personal data, you may not be able to apply and/or we may not be able to consider your application. Otherwise there will be no consequences for you.
6. Newsletter
We use your email address to send you our newsletter if either the requirements of Art. 6(1)(f) GDPR in conjunction with section 7(3) UWG (German Unfair Competition Act) are fulfilled or you have consented to receive our newsletter in accordance with Art. 6(1)(a), Art. 7 GDPR.
If you have consented to receive the newsletter and register for it, we first collect your email address and send you a confirmation email with a confirmation link that you must click to subscribe to our newsletter. You can withdraw your consent at any time with effect for the future.
If you receive the newsletter from us as an existing customer (section 7(3) UWG), you can object to this advertising at any time without incurring any costs other than the transmission costs according to the basic rates. You are also free to object to the processing of your personal data for direct marketing purposes at any time and without giving reasons for the future (Art. 21(2) GDPR).
To send your withdrawal or objection, you can contact us using the contact details above. In the case of newsletters, you can alternatively use the unsubscribe link contained in the respective emails.
7. Internet video telephony in contact with us
You may receive an invitation from us by e-mail or otherwise to a meeting, telephone call or Internet video telephony meeting using software provided by a third party. If you participate in such meetings, information may be transmitted to the respective provider.
The legal basis for the processing of your personal data in this context is Art. 6(1)(b) GDPR (if we hold the meeting for the purpose of carrying out a contractual relationship with you) or Art. 6 (1)(f) GDPR (if we hold the meeting for other business purposes); in the latter case, there is a legitimate interest in being able to use functional and widely used tools for video conferences and the associated Voice over IP telephony in order to be able to communicate efficiently with external partners.
We do not record video conferences and telephone conferences. Video conferences are secured according to the state of the art, but are not encrypted end-to-end.
As far as we use the service “Microsoft Teams” for the technical implementation, the following applies: The service provider used by us is Microsoft (Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA). On our behalf, Microsoft processes personal data of the participants, in particular the IP address, the contents of the conversation, e-mail addresses, names and, if applicable, other service-related data, and stores these for the duration of the video conference or, if you use Microsoft Teams in addition, for the duration of the use. Microsoft is duly bound by us as a processor to comply with the privacy policy. The provider may also process the data outside the European Economic Area. In order to ensure a level of data protection that complies with the EU General Data Protection Regulation (GDPR), we have concluded Standard Contractual Clauses with Microsoft in accordance with the resolution of the EU Commission (2010/87/EU). You can find more detailed information on processing by Microsoft at: https://docs.microsoft.com/de-de/microsoftteams/teams-privacy.
If we use a different provider, you can find more information about the purpose and scope of data collection and the further processing and use of data by the provider, as well as your rights and settings options for protecting your privacy, in the data protection notices of the respective provider.
8. Transfer to Recipients of Personal Data within the EEA
We will only pass on the personal data described here where necessary for the provision of our service or otherwise allowed by the law. Within the scope of the purposes stated here, personal data are transferred to service providers involved in the provision of our services. In addition to their legal obligation to comply with all data protection regulations, these service providers are bound to additional contractual data protection requirements. This includes in particular contractual obligations as a processor in accordance with Art. 28 GDPR.
In particular, we transfer personal data to the following categories of service providers:
- accounting, financial institutions and tax advice;
- IT service and infrastructure,
- IT support and maintenance;
- data destruction and facility services;
- in addition to the categories already mentioned, further categories of service providers may exist or be added at any time;
- providers of internet-based videoconferencing services.
In other cases, we transfer personal data to recipients only if a there is a legal justification or you have expressed your consent. Any consent given can be revoked at any time with effect for the future. We will only disclose your data to government authorities within the framework of statutory obligations or as a result of an official order or court decision and only insofar as this is permitted under data protection law.
9. Transfer to Recipients of Personal Data in States outside the EEA
In individual cases we may also transfer personal data to recipients outside the EEA. This is in particular the case if we have to transfer this data to recipients in third countries for the purposes of contract performance, due to legal obligations or if necessary for the establishment, exercise or defence of legal claims.
If we transfer data to third countries, we make sure, the recipient has implemented an appropriate level of data protection within the meaning of Art. 45 GDPR or suitable guarantees within the meaning of Art. 46(2) and (3) GDPR and there are no other interests worthy of protection against the data transfer.
10. Deletion
We delete your personal data as soon as it is no longer necessary for the aforementioned purposes of processing. We also delete your personal data if you object to a certain processing of data that is based on legitimate interests, unless there are compelling reasons for PLANIT // LEGAL to continue processing. We also delete your data if you revoke your consent to the processing and if there is no other legal basis for processing. In certain cases, e.g. if there is a statutory retention period, your data will initially be blocked and deleted upon expiry of the retention period.
Job Application-related data is retained until a decision is made and then deleted after a maximum of six months or, in the event of a successful application, transferred to your personnel file.
11. Your Rights
As a data subject of the data processing, you have the right to confirmation as to whether personal data relating to you are processed by PLANIT // LEGAL and the right to access this personal data (Art. 15 GDPR), a right to rectification of your incorrect data (Art. 16 GDPR), a right to erasure (Art. 17 GDPR) and a right to restrict (block) your data (Art. 18 GDPR).
In addition, in the case of processing on the basis of Article 6(1)(e) or (f) GDPR, you may object to the processing (Art. 21 GDPR). If you have provided the data, you can request the transmission of the data (Art. 20 GDPR). Whether and to what extent these rights are effective in individual cases and under what conditions they apply is stipulated by law. If the processing is based on a consent within the meaning of Art. 6(1) a) or Art. 9(2)(a) GDPR, you can revoke consent at any time with effect for the future (Art. 7(3)(1) GDPR). You also have the right to contact the competent data protection supervisory authority (Art. 77 GDPR).
If you have any questions or complaints about data protection at PLANIT // LEGAL, we recommend that you first contact our data protection officer (see contact details under section 1).
12. No automated individual Decision-Making
We do not use your personal data for automated individual decisions in the meaning of Art. 22(1) GDPR.
13. Amendment of the Privacy Policy
New legal requirements, business decisions or technical developments may require changes to our privacy policy. The privacy policy will then be adapted accordingly. You can always find the latest version on our website.
Status: July 2023
