Protection of personal data and responsible handling of information that you entrust to us are important and special concerns for us. PLANIT // LEGAL Freund Schmidt Partnerschaft von Rechtsanwälten mbB (PLANIT // LEGAL) processes personal data only in accordance with legal requirements, in particular the EU Data Protection Regulation (GDPR) and the German Federal Data Protection Act (Bundesdatenschutzgesetz or BDSG).
- visit our website (see section 2)
- conclude contracts with us (see section 3)
- are involved in legal proceedings as a third party – e.g. as a negotiation partner or party in a court case (see Section 4)
- apply for a job (see section 5)
- use internet-based videoconferencing software to contact us (see Section 6)
Controller in the meaning of data protection law: PLANIT // LEGAL Freund Schmidt Partnerschaft von Rechtsanwälten mbB, Jungfernstieg 1, 20095 Hamburg; email@example.com; for further information refer to our imprint page.
2. Website Visit
When you visit our websites (planit.legal), we collect personal data to enable your use (“Usage Data”) to the extent described in section 2.1. In addition, personal data may be processed for other purposes as described under 2.2 et seq. Please find below information on legal basis, purposes and, if applicable, legitimate interests and the necessity of processing your personal data.
2.1. Data Processing to Enable the Use of the Website
Usage Data includes your IP address and information on start, end, your use of the website and identification data. It also includes technical data transmitted by your browser such as browser type / browser version, previously visited website (referrer URL), monitor resolution, operating system, if applicable device information (e.g. device type) etc. We process these data for the provision and demand-oriented design of this website in our legitimate interest (Art. 6(1)(f) GDPR). If you are interested in detailed information on the balancing of your and our interests, please refer to the addresses in section 1.
2.2. Google Maps
On the page of the contact form there is a plugin which shows a map of Google Maps. Google Maps is a web service for displaying interactive (country) maps in order to display geographical information visually of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). Using this service will show you our location and make it easier for you to find us.
This is done by connecting your browser to Google’s servers as if you were visiting the Google search engine’s website. If you are logged into Google, your information will be directly linked to your account. If you do not wish to be linked to your profile on Google, you must log out before activating the button. Google is responsible for data processing by Google. There is no tracking by Google on our website.
Google is certified under the EU-U.S. Privacy Shield Framework, which ensures the level of protection of natural persons guaranteed by GDPR is not undermined through data transfers.
2.3. Social Networks and embedded YouTube/Vimeo Videos
Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
LinkedIn Corporation, 2029 Stierlin Court, Mountain View, California 94043, USA
Twitter, Inc., 1355 Market St, Suite 900, San Francisco, California 94103, USA
Xing AG, Gänsemarkt 43, 20354 Hamburg, DE
2.4. Contact Form and Comment Function in our Blog
We process your personal data when you use our contact form or comment function of our blog.
If you contact us via the contact form provided, your details will be stored in order to respond to your enquiry. If you personally have a client relationship with us, or if you are enquiring about our services, the legal basis is either the performance of or preparations to enter into a contract (Art. 6(1)(b) GDPR. In all other cases, the legal basis is our legitimate interest in providing a contract form (Art. 6(1)(f) GDPR). You are neither obliged to contact us via the contact form nor to provide personal data. If you do not provide your personal information, we may not be able to process your request. Otherwise there will be no consequences for you. If you are interested in detailed information on the balancing of your and our interests, please refer to the addresses in section 1.
If you leave a comment on our Blog (given that the respective Blog page has that feature enabled), the data you have submitted (Name, email address, and the comment itself) will be saved in order to display your message under the respective blog post. Your personal data will be processed on the basis of your expressed consent pursuant to Art. 6 (1)(a) GDPR. You are neither obliged to leave a comment nor to provide personal data. If you do not provide your personal data, you may not be able to leave a comment. Otherwise there will be no consequences for you.
3. Conclusion and Performance of Contracts
Insofar as it is necessary order to conclude or to perform contracts with you (e.g. attorney mandate; appointment as data protection officer), we process your personal data. Please find below information on legal basis, purposes and the necessity of processing your personal data.
The legal basis for processing your personal Data for this purpose is Art. 6(1)(b)GDPR. We process your personal data to establish and carry out the contractual relationship. This requires provision of your personal data. You are not obliged to provide your personal data, but if you do not provide it, it may not possible to establish and carry out the contractual relationship. Otherwise there will be no consequences for you.
In addition, we also process data of persons with whom no (direct) client relationship exists, insofar as this is necessary for the initiation or execution of client relationships. For example, we may process your data if you are a representative, contact person or employee of a company that is our client. In this case, the legal basis is our legitimate interest in the initiation or execution of the respective client relationship (Art. 6(1)(f) GDPR).
As we advise on IT law and data protection law, we do not normally process special types of personal data within the meaning of Art. 9(1) GDPR. However, if processing of special types of personal data is exceptionally necessary for the purposes mentioned in this Section 3 (e.g. processing of health data in connection with claims for damages), the legal basis is the assertion, exercise or defence of legal claims (Art. 9(2)(f) GDPR).
4. Pursuit of our clients’ interests against you; other participation as a third party in a client relationship
If we pursue the interests or claims of our clients against you (or against a company whose representative or contact person you are) in or out of court, we may process your personal data in the course of this. The same applies if you (or a company of which you are a representative, employee or contact person) are involved in other judicial or extrajudicial proceedings (e.g. as a business or negotiating partner, as a party invited to a meeting, as a fellow party in a dispute, or as an employee of an authority or court) and the processing is necessary for the execution of the mandate relationship.
The legal basis for the processing of your personal data in this context is Art. 6(1)(f) GDPR. Our legitimate interest is to effectively implement the interests and claims of our clients. This interest also requires the direct contact and the collection of data from claimants, potential witnesses and other third parties relevant to the case.
As we advise in IT law and data protection law, we do not usually process special types of personal data in the sense of Art. 9(1) GDPR. However, if processing of special types of personal data is, as an exception, necessary for the purposes mentioned in this Section 4 (e.g. processing of health data in connection with claims for damages), the legal basis is processing for the purpose of asserting, exercising or defending legal claims (Art. 9(2)(f) GDPR).
In this context, data will only be passed on to third parties to the extent that this is necessary for the execution of the mandate and insofar as further legal prerequisites to be observed exist.
5. Job Applications
Within the application process, regardless of whether the application is made by e-mail or by post, we process your personal data.
The legal basis for processing your personal Data are Sec. 26(1), (8)(2) BDSG or Sec. 26(2), (8)(2) BDSG. We process your personal data for the purpose of contacting you and assessing whether or not you are the right candidate for the position. It is not possible to apply for a job without providing personal data. You are neither obliged to apply to PLANIT // LEGAL nor to provide personal data. If you do not provide your personal data, you may not be able to apply and/or we may not be able to consider your application. Otherwise there will be no consequences for you.
6. Internet video telephony in contact with us
You may receive an invitation from us by e-mail or otherwise to a meeting, telephone call or Internet video telephony meeting using software provided by a third party. If you participate in such meetings, information may be transmitted to the respective provider.
The legal basis for the processing of your personal data in this context is Art. 6(1)(b) GDPR (if we hold the meeting for the purpose of carrying out a contractual relationship with you) or Art. 6 (1)(f) GDPR (if we hold the meeting for other business purposes); in the latter case, there is a legitimate interest in being able to use functional and widely used tools for video conferences and the associated Voice over IP telephony in order to be able to communicate efficiently with external partners.
We do not record video conferences and telephone conferences. Video conferences are secured according to the state of the art, but are not encrypted end-to-end.
If we use a different provider, you can find more information about the purpose and scope of data collection and the further processing and use of data by the provider, as well as your rights and settings options for protecting your privacy, in the data protection notices of the respective provider.
7. Transfer to Recipients of Personal Data within the EEA
We will only pass on the personal data described here where necessary for the provision of our service or otherwise allowed by the law. Within the scope of the purposes stated here, personal data are transferred to service providers involved in the provision of our services. In addition to their legal obligation to comply with all data protection regulations, these service providers are bound to additional contractual data protection requirements. This includes in particular contractual obligations as a processor in accordance with Art. 28 GDPR.
In particular, we transfer personal data to the following categories of service providers:
- accounting, financial institutions and tax advice;
- IT service and infrastructure,
- IT support and maintenance;
- data destruction and facility services;
- in addition to the categories already mentioned, further categories of service providers may exist or be added at any time;
- providers of internet-based videoconferencing services.
In other cases, we transfer personal data to recipients only if a there is a legal justification or you have expressed your consent. Any consent given can be revoked at any time with effect for the future. We will only disclose your data to government authorities within the framework of statutory obligations or as a result of an official order or court decision and only insofar as this is permitted under data protection law.
8. Transfer to Recipients of Personal Data in States outside the EEA
In individual cases we may also transfer personal data to recipients outside the EEA. This is in particular the case if we have to transfer this data to recipients in third countries for the purposes of contract performance, due to legal obligations or if necessary for the establishment, exercise or defence of legal claims.
If we transfer data to third countries, we make sure, the recipient has implemented an appropriate level of data protection within the meaning of Art. 45 GDPR or suitable guarantees within the meaning of Art. 46(2) and (3) GDPR and there are no other interests worthy of protection against the data transfer.
We delete your personal data as soon as it is no longer necessary for the aforementioned purposes of processing. We also delete your personal data if you object to a certain processing of data that is based on legitimate interests, unless there are compelling reasons for PLANIT // LEGAL to continue processing. We also delete your data if you revoke your consent to the processing and if there is no other legal basis for processing. In certain cases, e.g. if there is a statutory retention period, your data will initially be blocked and deleted upon expiry of the retention period.
Job Application-related data is retained until a decision is made and then deleted after a maximum of six months or, in the event of a successful application, transferred to your personnel file.
10. Your Rights
As a data subject of the data processing, you have the right to confirmation as to whether personal data relating to you are processed by PLANIT // LEGAL and the right to access this personal data (Art. 15 GDPR), a right to rectification of your incorrect data (Art. 16 GDPR), a right to erasure (Art. 17 GDPR) and a right to restrict (block) your data (Art. 18 GDPR).
In addition, in the case of processing on the basis of Article 6(1)(e) or (f) GDPR, you may object to the processing (Art. 21 GDPR). If you have provided the data, you can request the transmission of the data (Art. 20 GDPR). Whether and to what extent these rights are effective in individual cases and under what conditions they apply is stipulated by law. If the processing is based on a consent within the meaning of Art. 6(1) a) or Art. 9(2)(a) GDPR, you can revoke consent at any time with effect for the future (Art. 7(3)(1) GDPR). You also have the right to contact the competent data protection supervisory authority (Art. 77 GDPR).
If you have any questions or complaints about data protection at PLANIT // LEGAL, we recommend that you first contact our data protection officer (see contact details under section 1).
11. No automated individual Decision-Making
We do not use your personal data for automated individual decisions in the meaning of Art. 22(1) GDPR.
Status: June 2020