+49 (0)6894 9742046 kanzlei@kanzlei-saendig.com

Privacy policy

 

Thank you for visiting our website www.kanzlei-saendig.com and for your interest in our law firm. With the aim of providing you with the highest possible degree of transparency, we would like to inform you in the following about the type, scope and purpose of the collection, processing and use of personal data that is collected when using our website. The General Data Protection Regulation (hereinafter referred to as “GDPR”) can be downloaded here as a complete document. Please note that the terms used are not gender specific.

Content

1. Definitions of terms
2. Person responsible according to article 4 no. 7 GDPR
3. Legal basis of the processing
4. Storage of data / Delection of data 
5. Transfer of personal data 
6. Collection of personal data 
6.1. Exclusive informative use of our website 
6.2. Contact by e-mail
6.3. Contact form 
7. etracker Analytics (web tracking)
8. ProvenExpert
9. Hosting
10. Your rights
11. Right of objection
12. Data security

1. Definitions of terms

The following terms, which we use within our privacy policy, are defined within article 4 GDPR. This is only an extract from Article 4 GDPR. All definitions can be found in the GDPR (available here).

  • Personal data (article 4 no. 1 GDPR)
    Personal data means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
  • Processing (article 4 no. 2 GDPR)
    Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
  • Pseudonymization (article 4 no. 5 GDPR)
    Pseudonymization means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.
  • Controller (article 4 no. 7 GDPR)
    Controller means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
  • Processor (article 4 no. 8 GDPR)
    Processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
  • Third party (article 4 no. 10 GDPR)
    Third party means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.
  • Consent (article 4 no. 11 GDPR)
    Consent of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
  • Enterprise (article 4 no. 18 GDPR)
    Enterprise means a natural or legal person engaged in an economic activity, irrespective of its legal form, including partnerships or associations regularly engaged in an economic activity.

2. Person responsible according to article 4 no. 7 GDPR

Katja Sändig
Lawyer l Tax consultant l Specialist in tax law
Am Pfeifferwald 22
66386 St. Ingbert
Phone: +49 (0)6894 9742046
E-mail: kanzlei@kanzlei-saendig.com
You can find our complete imprint here:
https://kanzlei-saendig.com/en/impressum/

3. Legal basis of the processing

For each processing operation described in our privacy policy, we will always inform you of the appropriate legal basis on which the processing is carried out. A distinction is made between the following groups of cases where processing is lawful:

  • You have given us your consent to the processing of your personal data for one or more specific purposes (article 6 paragraph 1 sentence 1 letter a GDPR).
  • A contract exists between you and us for the performance of which the processing is carried out or the processing is necessary for the implementation of pre-contractual measures which are carried out at your request (article 6 paragraph 1 sentence 1 letter b GDPR).
  • The fulfilment of a legal obligation to which we are subject requires processing (article 6 paragraph 1 sentence 1 letter c GDPR) .
  • The protection of vital interests on your part or on the part of another natural person requires processing (article 6 paragraph 1 sentence 1 letter d GDPR).
  • The performance of a task assigned to us in the public interest or the exercise of official authority requires processing (article 6 paragraph 1 sentence 1 letter e GDPR).
  • The necessity of the processing to safeguard our legitimate interests or those of a third party, unless your interests or fundamental rights and freedoms that require the protection of personal data outweigh the need for processing (article 6 paragraph 1 sentence 1 letter f GDPR).

4. Storage of data / Deletion of data

Within the processing described in our privacy policy, we will always inform you of the
corresponding storage period or the times at which data is deleted or blocked. If no explicit storage period is defined, the data will be deleted or blocked as soon as the purpose or legal basis for storage is no longer given. A storage can take place beyond the defined times if legal regulations to which we are subject (german law, e.g. section 147 AO, section 247 HGB) provide for a different storage period. Following the storage period, the personal data will be deleted or blocked, unless further storage is required by us due to a legal basis. In addition, storage beyond
the specified period is possible in the event of (possible) legal disputes with you or other legal proceedings.

5. Transfer of personal data

If your personal data is passed on, you will be informed of this at the relevant point in our data protection declaration.

6. Collection of personal data

In the following, we will inform you about the collection of personal data (such as name, e-mail address, postal address or user behavior).

6.1. Exclusive informative use of our website

If you neither register on our website (e.g. in the form of a newsletter) nor provide us with data in any other way (e.g. by using a contact form), only the personal data that your browser sends to our server will be collected. This is data that is technically necessary for us to provide you with a secure and stable viewing of the website. This is the following information, which results from a log file line:

  • Internet Protocol address (IP address)
  • Time and date of the respective access
  • Time zone difference to Greenwich Mean Time (GMT)
  • The page you actually called up
  • Status of access / Hypertext Transfer Protocol (http)
  • Amount of data that was transferred in each case
  • Website from which our website is accessed (referrer URL)
  • Internet browser used (including language and version)
  • Operating system used

The legal basis for the collection of the listed data results from article 6 paragraph 1 sentence 1 letter f GDPR. We have a legitimate interest in ensuring error-free connection and comfortable use of our website, as well as in analyzing system stability and security and using the data for further administrative purposes.

6.2. Contact by e-mail

If you contact us via the e-mail addresses listed in section 2 of this data protection declaration or other e-mail addresses of our company published on our website, your e-mail address and other contact data (e.g. your name or your telephone number) will be stored by us in order to process your inquiry. This data will be deleted immediately as soon as further storage is no longer necessary. If there are legal retention periods with regard to the data, the deletion of the data will be replaced by a corresponding restriction of processing.

6.3. Contact form

We offer a contact form on our website, the use of which generally requires the provision of personal data, which goes beyond the data provided when using our website exclusively for information purposes. We explain this function in detail below: When you contact us using the contact form available on our website, your e-mail address and other contact data provided by you will be stored and processed by us to process your request. Depending on the reason for contacting us, the legal basis for processing the data is derived from article 6 paragraph 1 sentence 1 lit. b GDPR or from article 6 paragraph 1 sentence 1 lit. f GDPR, i.e. it is either used to process the contract concluded with you and to fulfil our (pre-)contractual obligations or is based on our legitimate interest in contacting people interested in our services.

7. etracker Analytics (web tracking)

We use the etracker Analytics service of etracker GmbH, Erste Brunnenstraße 1, 20459 Hamburg, Germany, imprint: https://www.etracker.com/en/imprint/ (hereinafter referred to as “etracker”) on our website. Here you will find etracker FAQs regarding the GDPR: https://www.etracker.com/en/docs/faq-2/eu-gdpr/. The etracker privacy policy can be accessed here: https://www.etracker.com/en/data-privacy/. We have concluded a corresponding contract for order processing with the company etracker. We use etracker Analytics on the basis of our legitimate interest in accordance with article 6 paragraph 1 sentence 1 letter f GDPR, in this case in the interest of evaluating our website and improving it for you as a user. As a standard feature,
etracker Analytics does not use cookies, but records the visiting behavior (using purely technical parameters such as the shortened IP address or the browser used) within a session (website visit) by means of cookie-less session tracking. In this process, a hash value (combination of characters from which the original data cannot be derived) is generated from purely technical data (such as the shortened IP address or the browser used) by means of a fingerprinting process, to which the date of the day of the page call is also added in order to make it even less likely that the user’s identity can be inferred. This value is automatically deleted every 24 hours. Within the 24 hours it is possible to analyze the user behavior by this fingerprint. You can object to the data processing at any time here:

I object to the processing of my personal data with etracker on this website.

8. ProvenExpert

We include customer reviews on our website via JavaScript of the service ProvenExpert of the company Expert Systems AG, Quedlinburger Straße 1, 10589 Berlin, Germany, imprint: https://www.provenexpert.com/en-gb/imprint/ (hereinafter referred to as “Expert Systems”). Cookies are not set by Expert Systems. The servers of Expert Systems are located exclusively in Germany. For further information please refer to the privacy policy of Expert Systems: https://www.provenexpert.com/en-gb/privacy-policy/. We integrate the service ProvenExpert on our website due to our legitimate interest according to article 6 paragraph 1 sentence 1 letter f GDPR to provide you as a user with customer reviews and to present our company.

9. Hosting

Our website is hosted by the company ALL-INKL.COM – Neue Medien Münnich, owner: René Münnich, Hauptstraße 68, 02742 Friedersdorf, Imprint: https://all-inkl.com/info/impressum/  (hereinafter referred to as “ALL-INKL”) When calling up our website, the personal data mentioned in this data protection declaration is transmitted to ALL-INKL for purely informational purposes. For this purpose we have concluded a corresponding contract for order processing with the company ALL-INKL. The server locations of ALL-INKL are exclusively in Germany (https://all-inkl.com/info/rechenzentrum/). Here you will find the data protection information of ALL-INKL: https://all-inkl.com/info/datenschutzinformationen/.

10. Your rights

In the following we will inform you about your rights according to the GDPR. You can download the GDPR as a complete document here

  • Right of access by the data subject (article 15 paragraph 1 GDPR)
    The data subject shall have the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and the following information: the purposes of the processing; the categories of personal data concerned; the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations; where possible, the envisaged period for which the
    personal data will be stored, or, if not possible, the criteria used to determine that period; the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing; the right to lodge a complaint with a supervisory authority; where the personal data are not collected from the data subject, any available information as to their source; the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject. .
  • Right of rectification (article 16 GDPR)
    The data subject shall have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
  • Right to erasure (“right to be forgotten”) (article 17 paragraph 1 GDPR)
    You have the right to demand that we delete the personal data concerning you immediately. However, this right does not exist according to article 17 paragraph 3 GDPR if the processing is necessary to exercise the right to freedom of expression and information, to fulfil a legal obligation, for reasons of public interest in the field of public health, for archiving purposes in the public interest or to assert, exercise or defend legal claims
  • Right to restrict processing (article 18 paragraph 1 GDPR)
    The data subject shall have the right to obtain from the controller restriction of
    processing where one of the following applies: the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data; the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead; the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject
    for the establishment, exercise or defence of legal claims; the data subject has objected to processing pursuant to Article 21(1) pending the verification whether the legitimate grounds of the controller override those of the data subject.
  • Right to data portability (article 20 GDPR)
    The data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where: the processing is based on consent pursuant to point (a) of Article 6(1) or point (a) of Article 9(2) or on a contract pursuant to point (b) of Article 6(1); and the processing is carried out by  automated means. In exercising his or her right to data portability pursuant to paragraph 1, the data subject shall have the right to have the personal data transmitted directly from one controller to another, where technically feasible. The exercise of the right referred to in paragraph 1 of this Article shall be without prejudice to Article 17. That right shall not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller. The right referred to in paragraph 1 shall not adversely affect the rights and freedoms of others.
  • The right to withdraw his or her consent at any time (article 7 paragraph 3 GDPR)
    The data subject shall have the right to withdraw his or her consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal. Prior to giving consent, the data subject shall be informed thereof. It shall be as easy to withdraw as to give consent.
  • Right to lodge a complaint with a supervisory authority (article 77 GDPR)
    Without prejudice to any other administrative or judicial remedy, every data subject shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of his or her habitual residence, place of work or place of the alleged infringement if the data subject considers that the processing of personal data relating to him or her infringes this Regulation. 2. The supervisory authority with which the complaint has been lodged shall
    inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to article 78.

11. Right of objection

In addition to the aforementioned rights, you also have the right to object at any time, with effect for the future, to the processing of your personal data which is carried out in the performance of a task carried out in the public interest or in the exercise of official authority (article 6 paragraph 1 sentence 1 letter e GDPR) or in order to safeguard legitimate interests on our part (article 6 paragraph 1 sentence 1 letter f GDPR), provided that there are reasons for doing so which arise from your particular situation. In the event of an objection, no further processing of the personal data will be carried out unless we can prove that there are compelling reasons for processing
worthy of protection which outweigh your interests, rights and freedoms or that the processing serves to assert, exercise or defend legal claims. In the case of processing of your personal data for the purpose of direct marketing or profiling, where there is a link to direct marketing, you have a general right to object, without having to give reasons arising from your particular situation. In the event of an objection, we will immediately stop processing your personal data for these purposes. To exercise your right of withdrawal or objection, simply send an e-mail to: kanzlei@kanzlei-saendig.com.

12. Data security

Our website uses the TLS 1.3 (Transport Layer Security) encryption and communication protocol. Through the TLS certificate used by us and issued by a certification authority, we enable an  encrypted data exchange between web browser and web server, whereby sensitive data cannot be read by third parties. We use the procedure with the highest encryption level supported by your browser, usually this will be a 256-bit encryption. The higher the bit number, the longer the key and the better the protection against third parties.

In addition, we use technical and organizational security measures that are suitable to protect your data against manipulation (accidental or intentional), loss of data, access by third parties without authorization, and destruction. We are continuously improving our security measures in accordance with the current state of the art.