Data protection declaration
Download
Pursuant to the General Data Protection Regulation and other national laws on data protection of the member states as well as any further data protection regulations is responsible:
SKYE Rechtsanwaltsgesellschaft mbH
Eschersheimer Landstrasse 14
60322 Frankfurt am Main
Fax: +49 (0)69 99999 3899
E-Mail: info@skye-partners.de
Contact person: Christoph Breithaupt (attorney)
I. Name of data protection officer
Attorney and specialist lawyer (Fachanwalt) for information technology law
Dr. Christian Rauda
GRAEF Rechtsanwälte Digital PartG mbB
Jungfrauenthal 8
20149 Hamburg
Tel. +49.40.80 6000 9-0
Fax +49.40.80 6000 9-10
E-Mail: Datenschutzbeauftragter@skye-partners.de
Website: www.graef.eu
II. General information on data processing
1. Scope of processing personal data
We collect and use personal data of our users only to the extent necessary in order to provide a functional website, for the provision of our contents and services. Personal data is only collected and used with the consent of our users. An exception hereto is made if a prior consent cannot be obtained for factual reasons and the processing of data is permitted by law. Types of processed data are as follows:
– inventory data (e.g., names, addresses);
– contact details (e.g., e-mail, phone numbers);
– content data (e.g., text entries, photographs, videos);
– usage data (e.g., visited websites, interest in contents, access times);
– meta-/communications data (e.g., device information, IP-addresses).
2. Legal basis for processing personal data
Insofar as we obtain the consent of the person concerned for processing his / her personal data, Art. 6 para. 1 lit. a EU General Data Protection Regulation (GDPR) is the legal basis. Whereas for the processing of personal data which is necessary for the performance of a contract of the respective person concerned, Art. 6 para. 1 lit. b GDPR serves as legal basis. This also applies to processing operations that are required while carrying out pre-contractual actions. Art. 6 para. 1 lit. c GDPR serves as legal basis if the processing of personal data is required to fulfill a legal obligation of our company. Insofar as the processing of personal data is required to fulfill a legitimate interest of our company or of a third party and if interests, fundamental rights and freedoms of the person concerned do not prevail, Art. 6 para. 1 lit. f GDPR is the legal basis for processing.
3. Data deletion and storage duration
The personal data of the person concerned will be deleted or blocked as soon as the purpose of the storage lapses. Such storage also may be carried out if required by European or further national legislation in EU regulations, laws or other regulations that address the responsible operator. Blocking or deletion of the stored personal data is carried out when the storage period prescribed by the legislation mentioned expires, unless there is a need for further storage of with respect to the conclusion or fulfillment of a contract.
4. Cookies
Our website uses so-called session or flash cookies. Cookies are small text files that are stored on the internet browser or by the internet browser on the user’s computer system. A cookie may be stored on the user’s operating system when a user visits a website. This cookie contains a characteristic string of characters that enables the browser to be uniquely identified when the website is called up again. Some functions of our website cannot be offered without the use of cookies. For these it is necessary that the browser is recognized also after a page change. The user data collected by technically necessary cookies are not used to determine your identity or to create user profiles. The legal basis for the processing of personal data using these cookies is our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR. Furthermore, we use so-called persistent cookies – if you permit this – which are used beyond the session (“cross-session cookies”). The legal basis for the processing of personal data using these cookies is your consent pursuant to Art. 6 para. 1 lit. a GDPR. In particular, these cookies serve to make the website user-friendly, more effective and safer.
III. Provision of website und creation of log files
1. Description and scope of data processing
When accessing our website, our system automatically collects data and information from the computer system of the calling computer.
The following data hereby will be collected for a limited time:
(1) information on the type and version of browser used;
(2) the operating system of the user;
(3) the internet service provider of the user;
(4) the IP-address of the user
(5) date and time of access;
(6) websites from which the system of the user is forwarded to our website;
(7) visited website;
(8) amount of data sent in bytes.
Such data is stored in the log files of our system. It is only necessary for the analysis of a possible disruption and will be deleted at the latest within seven days. The legal basis for the temporary storage of data and log files is Art. 6 para. 1 lit. f GDPR. Temporary storage of the IP address by the system is necessary to allow delivery of the website to the computer of the user. To do this, the user’s IP address must be saved for the duration of the session. Storage in log files is done to ensure the functionality of the website. In addition, the data is used to optimize the website and to ensure the security of our information technology systems. Personal data is not evaluated for marketing purposes in this context and no conclusions about the respective person are drawn. This corresponds to our legitimate interest in the processing of data according to Art. 6 para. 1 lit. f GDPR: The collection of data for the provision of the website and the storage of the data in log files is essential for the operation of the website. Consequently, users can not disagree.
IV. Data protection in applications and application procedures
We collect and process the personal data of ou applicants for the purpose of processing the application process. The processing can also be done electronically, especially if an applicant submits his / her application documents electronically, e.g. by e-mail. If we conclude a contract of employment with an applicant, the transmitted data will be stored for the purpose of the employment relationship in compliance with the legal requirements. If no employment contract is concluded, the application documents will be automatically deleted after notification of the rejection decision, provided that the deletion does not conflict with any other legitimate interests of the responsible operator. Other legitimate interest in this sense can be, for example, a burden of proof in a procedure under the General Equal Treatment Act (AGG).
V. Google Maps
Our website uses the Google Maps product of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, (“Google”). For this purpose, corresponding map contents of servers are called by Google. Through this external call, your IP address as well as the date and time will be transmitted to Google’s servers, including those in the USA. Google processes this data in the USA on the basis of EU standard contractual clauses and thus offers sufficient guarantees within the meaning of Art. 46 para. 1, para. 2 lit. c) GDPR. If you are logged in in your Google account, Google is able to match your browsing behavior with further data. Google’s Privacy Policy applies: https://policies.google.com/privacy?hl=en&gl=en.
VI. Google Fonts
On our website we use Google Fonts. These are the “Google fonts” of Google Inc. Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all Google services in Europe. When you visit our website, the fonts are reloaded via a Google server. This external call transmits data such as your IP address to Google servers in the USA, among others. Google processes the data in the USA on the basis of EU standard contractual clauses and thus offers reasonable guarantees in accordance with Art. 46 sec. 1, paragraph 2 lit.c) DSGVO. For more information about Google’s data usage, settings and objections, please visit Google’s websites: https://www.google.com/intl/de/policies/privacy/partners
VII. Privacy information for our LinkedIn website
We operate a website on the social media network LinkedIn, which is operated by LinkedIn Ireland Unlimited Company, in order to communicate with interested users and to be able to inform them about our work there. There is no exchange of data from this website with LinkedIn. When calling up LinkedIn, the terms and conditions and data processing policies of the operator LinkedIn Ireland Unlimited Company apply. Unless otherwise stated within the scope of our privacy policy, we process the data of users insofar as they communicate with us within the social media networks and platforms, e.g. write posts on our online presence or send us messages. The legal basis for the processing of this communication data is Art. 6 para. 1 lit. f GDPR. Our interest in answering an inquiry outweighs the interest of the inquirer; furthermore, if we are inquired, an answer is also in the interest of the inquirer, who is aware that we need to process his data to answer his inquiry. If the contact is aimed at concluding a contract, the legal basis for the processing is Art. 6 para. 1 lit. b GDPR. Incidentally, members of LinkedIn can control the use of their personal data in their account settings. You can find LinkedIn’s privacy policy here: https://de.linkedin.com/legal/privacy-policy
VIII. Rights of the persons concerned
If your personal data is processed, you are concerned pursuant to GDPR and you have the following rights against the responsible operator:
1. Right to information
You may ask the responsible operator whether your personal data is processed by us.
If such processing is available, you may request the responsible operator for the following information:
(1) the purposes for which the personal data is processed;
(2) the categories of personal data that is processed;
(3) the recipients or categories of recipients to whom the personal data is or has been disclosed;
(4) the intended duration of the storage of your personal data or, if such cannot be specified, criteria for determining the duration of storage;
(5) the existence of a right to rectification or erasure of your personal data, a right to restriction of processing by the responsible operator or a right to object to such processing;
(6) the existence of a right of appeal to a supervisory authority;
(7) any available information on the source of the data if the personal data is not collected from the person concerned;
(8) whether your personal data is transmitted to a third country or an international organization. In this context, you may request information on appropriate guarantees pursuant to Art. 46 GDPR in context with the transfer.
2. Right to rectification
You have a right to rectification and / or completion against the responsible operator if your personal data that is processed is incorrect or incomplete. The responsible operator is obligated to correct it without delay.
3. Right to restriction of processing
You may request the restriction of the processing of your personal data under the following conditions:
(1) if you contest the accuracy of your personal information for a period of time that enables the responsible operator to verify the accuracy of your personal information;
(2) the processing is unlawful and you reject the deletion of the personal data and instead demand the restriction of the use of the personal data;
(3) the responsible operator no longer needs the personal data for the purposes of processing but you need it to assert, exercise or defend legal claims; or
(4) if you have objected the processing pursuant to Art. 21 (1) GDPR and it is not yet certain whether the legitimate reasons of the responsible operator outweigh your reasons.
If the processing of your personal data has been restricted, this data may only be used with your consent or for the purpose of asserting, exercising or defending legal claims or protecting the rights of another natural or legal person or for reasons of important public interest within the European Union or a member state. An exception hereof is the storage of the data.
If the processing has been restricted pursuant to the conditions set out above, you will be informed by the responsible operator before the restriction is lifted.
4. Right to erasure
a) Obligation to erasure
You may request from the responsible operator to delete your personal data without delay and the responsible operator is obligated to delete the respective data immediately if one of the following reasons applies:
(1) Your personal data is no longer necessary for the purposes it has been collected for or otherwise processed.
(2) You revoke your consent on which the processing pursuant to Art. 6 para. 1 lit. a or Art. 9 para. 2 lit. GDPR was based and there is no other legal basis for processing.
(3) You appeal pursuant to Art. 21 para. 1 GDPR against the processing and there are no prior justifiable reasons for the processing or you enter an objection pursuant to Art. 21 para. 2 GDPR.
(4) Your personal data has been processed unlawfully.
(5) The deletion of your personal data is required to fulfill a legal obligation under European Union law or any further law of the member states that addresses the responsible operator.
(6) Your personal data was collected relating to the services of the information society pursuant to Art. 8 (1) GDPR.
b) Information to third parties
If the responsible operator has published your personal data and is pursuant to Article 17 (1) of the GDPR obligated to erasure, he / she shall take appropriate measures, including technical means and taking into account available technology and implementing costs, to inform further responsible operators who finally process the personal data that you as person concerned are requesting deletion of all links to your personal data or of copies or replications of such.
c) Exceptions
The right to erasure does not exist if the processing is necessary
(1) to exercise the right to freedom of expression and information;
(2) to fulfill a legal obligation required by the law of the European Union or of the member states that addresses the responsible operator or to carry out a task within public interest or the exercise of official authority that has been transferred to the responsible operator;
(3) for reasons of public interest concerning public health pursuant to Art. 9 (2) lit. h and i and Art. 9 (3) GDPR;
(4) to assert, exercise or defend legal claims.
5. Right to information
If you have exercised the right of rectification, erasure or restriction of processing against the responsible operator, he or she is obligated to notify all recipients to whom your personal data has been disclosed of the correction or deletion of the data or the restriction of processing, unless this proves to be impossible or involves a disproportionate effort.
You have the right against the responsible operator to be informed about these recipients.
6. Right to data portability
You have the right to receive the personal data that you provided to the responsible operator in a structured, common and machine-readable format. Furthermore, you have the right to transfer this data to another person without hindrance by the responsible operator that has provided the personal data, if
(1) the processing is based on a consent pursuant to Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR or on a contract pursuant to Art. 6 para. 1 lit. b GDPR and if
(2) the processing is done by automated procedure.
In exercising this right, you also have the right to obtain that your personal data is transmitted directly from one responsible operator to another, as this is technically feasible. Freedoms and rights of third parties shall not be affected by doing so.
The right to data portability does not apply to the processing of personal data necessary for the performance of a task within the public interest or while exercising official authority that has been transmitted to the responsible operator.
7. Right of objection
You have the right, for reasons that arise from your particular situation, to object the processing of your personal data which is based on Art. 6 para. 1 lit. e or f GDPR at any time. This also applies to a profiling based on these provisions.
The responsible operator will no longer process your personal data, unless he can prove compelling legitimate reasons for processing that outweigh your interests, rights and freedoms, or the processing serves the purpose of enforcing, exercising or defending legal claims.
If your personal data is processed for direct marketing purposes, you have the right to object at any time the processing of your personal data for the purpose of such advertising; this also applies to profiling insofar as it is associated with such direct advertising.
If you object the processing for direct marketing purposes, your personal data will no longer be processed for these purposes.
Regardless of Directive 2002/58/EC, in context of using information society services, you can exercise your right to object through automated procedures that use technical specifications. You can send an e-mail to our data protection officer.
8. Right of withdrawal of your consent concerning data protection
You have the right to revoke your data protection declaration at any time. The revocation of consent does not affect the legality of the processing carried out on the basis of the consent until the revocation.
9. Automated decision on a case-by-case basis, including profiling
You have the right not to be subject of a decision based solely on automated processing – including profiling – that will have legal effect or affect you in a similar manner. This does not apply if the decision
(1) is required for the conclusion or performance of a contract between you and the responsible operator;
(2) is permitted by European Union or further legislation of member states that addresses the responsible operator and if such legislation contains appropriate measures to safeguard your rights and freedoms and legitimate interests; or
(3) with your explicit consent.
However, these decisions cannot be based on special categories of personal data pursuant to Art. 9 (1) GDPR, unless Art. 9 (2) lit. a or g GDPR applies and reasonable measures have been taken to protect the rights and freedoms as well as your legitimate interests.
With regard to the cases referred to in (1) and (3), the responsible operator shall take appropriate measures to uphold the rights and freedoms and your legitimate interests, including at least the right to obtain the intervention of a person of the responsible operator, the right to express his or her position and to challenge of the decision.
10. Right of appeal to a supervisory authority
Regardless of any other administrative or judicial remedy, you have the right to complain to a supervisory authority, in particular in the member sate of your residence, your place of work or the place of the alleged infringement, if you believe that the processing of your personal data infringes the GDPR.
The supervisory authority to which the complaint has been submitted shall inform the complainant of the status and results of the complaint, including the possibility of a judicial remedy pursuant to Article 78 of the GDPR.