Privacy Policy

1. Data Protection at a Glance

General Notes
The following notes provide a simple overview of what happens to your personal data when you visit our website. Personal data are all data with which you can be personally identified. Detailed information on the subject of data protection can be found in our data protection declaration listed below this text.

Data Collection on Our Website

Who is responsible for data collection on this website?

The data processing on this website is carried out by the website operator. You can find their contact details in the imprint of this website.

How do we collect your data?

Your data is collected firstly by you providing it to us. This could be data that you enter into a contact form, for example.
Other data is automatically collected by our IT systems when you visit the website. These are mainly technical data (e.g., internet browser, operating system, or time of the page view). The collection of this data is automatic as soon as you access our website through your browser.

What do we use your data for?

Part of the data is collected to ensure error-free provision of the website. Other data can be used to analyze your user behavior.

What rights do you have regarding your data?

You have the right at any time to receive information free of charge about the origin, recipient, and purpose of your stored personal data. You also have the right to request the correction, blocking, or deletion of this data. You can contact us at any time at the address given in the imprint for this purpose and for further questions on the subject of data protection.
Furthermore, you have a right to lodge a complaint with the competent supervisory authority.

Analysis Tools and Third-Party Tools

When visiting our website, your surfing behavior can be statistically analyzed. This is primarily done with cookies and so-called analysis programs. The analysis of your surfing behavior is usually anonymous; the surfing behavior cannot be traced back to you. You can object to this analysis or prevent it by not using certain tools. Detailed information can be found in the following privacy policy.
You can object to this analysis. We will inform you about the possibilities of objection in this privacy policy.

2. General Information and Mandatory Information

  1. Data Protection

The operators of these pages take the protection of your personal data very seriously. When you use this website, various personal data are collected. Personal data is data with which you can be personally identified. This privacy policy explains which data we collect and what we use it for. It also explains how and for what purpose this happens.
Please note that data transmission over the Internet (e.g., communication by email) can have security gaps. Complete protection of data against access by third parties is not possible.
We treat your personal data confidentially and in accordance with the statutory data protection regulations and this privacy policy. That means, the personal data of users is processed as follows when visiting this online offer (without additional contact via email):

Types of processed personal data:
Inventory data (e.g., names, addresses – only during electronic contact)
Contact data (e.g., email, telephone numbers – only during electronic contact)
Content data (e.g., text inputs, image files, video files – only during electronic contact)
Usage data (e.g., visited websites, interest in content, access times)
Meta/communication data (e.g., device information, IP addresses)

Categories of affected persons
Visitors and users of the online offer (hereinafter collectively referred to as “users”).

Purpose of processing
Provision of the online offer, its functions, and content
Responding to contact requests and communicating with users
Security measures
Reach measurement/marketing

As a responsible provider, we refrain from automatic decision-making or profiling.

  1. Definitions

This privacy policy uses, among others, the following legal terms that the European legislator has used in the General Data Protection Regulation (GDPR) and which are determined there in Art. 4 (Definitions):

“Personal data” means any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.

“Processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

“Controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State

law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.

“Consent” of the data subject means any freely given, specific, informed, and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

3. Responsible Entity

The responsible entity for data processing on this website is:
Attorney Prof. Dr. Stefan J. Pennartz.
Bavariaring 26
80336 Munich
Telephone: + 49 (0) 89- 544796- 0
Fax: + 49 (0) 89- 544796- 66
Email: OFFICE@KE-RECHT.DE

The responsible entity is the natural or legal person who alone or jointly with others decides on the purposes and means of processing personal data (e.g., names, email addresses, etc.).

4. Right to Lodge a Complaint with a Supervisory Authority

You have the right to lodge a complaint with a supervisory authority, particularly in the Member State of your residence, place of work, or place of the alleged infringement if you consider that the processing of personal data relating to you is unlawful.

5. Rights of the Data Subjects

The applicable data protection law grants you comprehensive rights of data subjects (rights of access and intervention) with the controller regarding the processing of your personal data, which we inform you about below:
Right of access by the data subject according to Art. 15 GDPR: The data subject has the right to obtain confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and the following information:

  • the purposes of the processing;
  • the categories of personal data concerned;
  • the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations;
  • where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
  • the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing;
  • the right to lodge a complaint with a supervisory authority;
  • where the personal data are not collected from the data subject, any available information as to their source;
  • the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.

Right to rectification according to Art. 16 GDPR: You have a right to immediate rectification of incorrect data concerning you and/or completion of your incomplete data stored with us;

Right to erasure according to Art. 17 GDPR: You have the right to request the erasure of your personal data under the conditions of Art. 17 para. 1 GDPR. However, this right does not apply, in particular, if the processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defence of legal claims;

Right to restriction of processing according to Art. 18 GDPR: You have the right to request the restriction of processing of your personal data as long as the correctness of your data contested by you is verified, if you refuse the deletion of your data due to unlawful data processing and instead request the restriction of the processing of your data, if you need your data for the establishment, exercise or defence of legal claims, after we no longer need these data after achieving the purpose, or if you have lodged an objection due to your particular situation, as long as it is not yet determined whether our legitimate grounds prevail;

Right to be informed according to Art. 19 GDPR: If you have asserted the right to rectification, erasure or restriction of processing to the controller, he or she is obliged to communicate this rectification or erasure of data or restriction of processing to all recipients to whom the personal data concerning you have been disclosed, unless this proves impossible or involves disproportionate effort. You have the right to be informed about these recipients.

Right to data portability according to Art. 20 GDPR: You have the right to receive your personal data, which you have provided to us, in a structured, common and machine-readable format or to request the transfer to another controller, as far as this is technically feasible;

Right to withdraw consent given according to Art. 7 para. 3 GDPR: You have the right to withdraw consent to the processing of data once given at any time with effect for the future. In the event of withdrawal, we will delete the affected data immediately, unless further processing can be based on

a legal basis for non-consensual processing. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

Right to object according to Art. 21 GDPR: You can object to the future processing of your personal data in accordance with Art. 21 GDPR at any time. The objection may be made in particular against processing for direct marketing purposes.

6. Data Collection on Our Website

Cookies

This online offer uses cookies. Cookies are text files which are stored and saved on a user’s computer system/browser. Various data can be stored within the cookies. A cookie primarily serves to store information about a user (or the device on which the cookie is stored) during or after his visit within an online offer. As temporary cookies, or “session cookies” or “transient cookies”, are called cookies that are deleted after a user leaves an online offer and closes his browser. In such a cookie, for example, the contents of a shopping cart in an online shop or a login status can be stored. As “permanent” or “persistent” are referred to cookies that remain stored after the browser is closed. Thus, for example, the login status can be saved if the users visit it after several days. Similarly, in such a cookie, the interests of the users can be stored, which are used for reach measurement or marketing purposes. As “Third-Party-Cookies” are referred to cookies that are offered by other providers than the responsible, who operates the online offer (otherwise, i.e. if it is only its cookies, one speaks of “First-Party Cookies”).
If a user does not want cookies to be stored on his computer, he must disable the corresponding option in the system settings of his browser. Already stored cookies can be deleted in the system settings of the browser. The exclusion of cookies can lead to functional restrictions of this online offer.

Server Log Files

The hosting services we use for our hosting provider serve to provide the following services of our online offer: infrastructure and platform services, computing capacity, storage space and database services, security services as well as technical maintenance services, which we use for the purpose of operating this online offer. In this context, we, or our hosting provider, process contact data (in case of email contact: email address), usage data, meta and communication data of users of this online offer on the basis of our legitimate interests in an efficient and secure provision of this online offer according to Art. 6 para. 1 lit. f GDPR in conjunction with Art. 28 GDPR (conclusion of a contract processing agreement).

We, or our hosting provider, collect a series of general data and information with each call of our online offer by a data subject or an automated system. These general data and information are stored in the server’s log files. The following can be collected: (1) the types and versions of browsers used, (2) the operating system used by the accessing system, (3) the website from which an accessing system reaches our website (so-called referrer), (4) the sub-websites which are accessed via an accessing system on our website, (5) the date and time of access to the website, (6) an Internet protocol address (IP address), (7) the Internet service provider of the accessing system, and (8) other similar data and information that serve to avert dangers in the event of attacks on our information technology systems.

When using these general data and information, we, or our hosting provider, do not draw conclusions about the data subject. Rather, this information is needed to (1) deliver the contents of our website correctly, (2) optimize the content of our website and the advertising for it, (3) ensure the long-term functionality of our information technology systems and the technology of our website, and (4) provide law enforcement authorities with the information necessary for criminal prosecution in case of a cyber-attack. The data of the server log files are stored separately from all personal data provided by a data subject.
After a maximum of 7 days, these logfile information will be anonymized by shortening the IP address at the domain level, so that it is no longer possible to relate to the individual user.

7. Contacting Us

When contacting us (e.g. by email, telephone or via social media), the user’s details are processed for the purpose of handling the contact request and its processing according to Art. 6 para. 1 lit. b) GDPR. User information can be stored in a Customer Relationship Management System (“CRM System”) or comparable request organization.
If you send us requests by email, your details from the email inquiry form, including the contact details you provided there, will be stored by us for the purpose of processing the request and in case of follow-up questions. We do not pass on this data without your consent.
The processing of the data entered in an email is thus exclusively based on your consent (Art. 6 para. 1 lit. a GDPR). You

can revoke this consent at any time. An informal email making this request is sufficient. The legality of the data processing operations carried out until the revocation remains unaffected by the revocation.
The data entered by you in an email will remain with us until you request us to delete it, revoke your consent to storage, or the purpose for data storage ceases to apply (e.g. after your request has been processed). Mandatory statutory provisions – in particular retention periods – remain unaffected.

8. Google Web Fonts

This site uses so-called web fonts provided by Google for the uniform representation of fonts. When you call up a page, your browser loads the required web fonts into your browser cache to display texts and fonts correctly.
For this purpose, the browser you are using must connect to Google’s servers. As a result, Google becomes aware that our website has been accessed via your IP address. The use of Google Web Fonts is in the interest of a uniform and attractive presentation of our online offers. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR.
If your browser does not support web fonts, a standard font will be used by your computer.
More information about Google Web Fonts can be found at https://developers.google.com/fonts/faq and in Google’s privacy policy: HTTPS://WWW.GOOGLE.COM/POLICIES/PRIVACY/.

9. Relevant Legal Bases

According to Art. 13 GDPR, we have to inform you of the legal bases of our data collection. If the legal basis in the privacy statement is not mentioned, the following applies: The legal basis for obtaining consents is Art. 6 para. 1 lit. a and Art. 7 GDPR, the legal basis for processing for the performance of our services and carrying out contractual measures as well as responding to inquiries is Art. 6 para. 1 lit. b GDPR, the legal basis for processing to fulfill our legal obligations is Art. 6 para. 1 lit. c GDPR, and the legal basis for processing to protect our legitimate interests is Art. 6 para. 1 lit. f GDPR.

10. Transmission of Data

Your personal data will not be transmitted to third parties for purposes other than those listed below. We only pass on your personal data to third parties if:
you have given your express consent according to Art. 6 para. 1 sentence 1 lit. a GDPR,
the disclosure according to Art. 6 para. 1 sentence 1 lit. f GDPR is necessary for the assertion, exercise or defense of legal claims and there is no reason to assume that you have an overriding interest worthy of protection in not disclosing your data,
in the event that there is a legal obligation for the transfer according to Art. 6 para. 1 sentence 1 lit. c GDPR, as well as
this is legally permissible and required according to Art. 6 para. 1 sentence 1 lit. b GDPR for the settlement of contractual relationships with you.
Insofar as we disclose data to other persons and companies (contract processors or third parties) within the scope of our data processing, transmit them to them or otherwise grant them access to the data, this is done on the basis of a legal permission or if you have consented, a legal obligation provides for this or based on our legitimate interests (e.g. when using a hosting provider, etc.). If we commission third parties with the processing of personal data on the basis of a so-called “contract processing agreement”, this is done on the basis of Art. 28 GDPR.
If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or this occurs in the context of the use of third-party services or disclosure or transmission of data to third parties, this only takes place if it is necessary to fulfill our (pre-)contractual obligations, on the basis of your consent, on the basis of a legal obligation or on the basis of our legitimate interests. Subject to legal or contractual permissions, we process or let the data be processed in a third country only in the presence of the special conditions of Art. 44 ff. GDPR. That is, the processing is carried out e.g. on the basis of special guarantees, such as the officially recognized determination of a data protection level corresponding to the EU (e.g. for the USA through the “Privacy Shield”) or compliance with officially recognized special contractual obligations (so-called “standard contractual clauses”).

11. Deletion of Data / Restriction of Processing

Personal data processed by us will be deleted or restricted in their processing in accordance with Art. 17 and 18 GDPR. Unless expressly stated otherwise in this privacy policy, the data stored by us are deleted as soon as they are no longer required for their purpose and the deletion does not conflict with any statutory storage obligations. This applies, for example, for data that must be kept for commercial or tax reasons

(e.g. § 257 HGB, § 147 para. 1 AO – retention up to 10 years). If the data are not deleted because they are required for other and legally permissible purposes, their processing is restricted. That is, the data are blocked and not processed for other purposes.

12. Online Presence in Social Media

We maintain online presences within social networks and platforms to communicate with customers, prospects and users active there and to inform them about our services. When calling up the respective networks and platforms, the terms and conditions and the data processing policies of their respective operators apply.
Unless otherwise stated in our privacy policy, we process users’ data as long as they communicate with us within social networks and platforms, e.g. write posts on our online presences or send us messages.

13. Privacy Policy on Use and Application of YouTube

The controller has integrated components of YouTube on this website. YouTube is an Internet video portal that enables video publishers to post video clips free of charge and other users also free of charge to view, rate and comment on them. YouTube allows the publication of all kinds of videos, which is why complete film and television programs, but also music videos, trailers, or videos made by users themselves can be accessed via the Internet portal.
The service on de.youtube.com is provided by:
Google Ireland Limited
Gordon House, Barrow Street
Dublin 4
Ireland

Each time one of the individual pages of this website operated by the controller is called up, on which a YouTube component (YouTube video) was integrated, the Internet browser on the information technology system of the data subject is automatically prompted by the respective YouTube component to download a display of the corresponding YouTube component from YouTube. More information about YouTube may be retrieved under https://www.youtube.com/yt/about/de/. During this technical procedure, YouTube and Google gain knowledge of what specific sub-page of our website was visited by the data subject.
If the data subject is logged in on YouTube at the same time, YouTube recognizes with the call-up of a sub-page that contains a YouTube video, which specific sub-page of our website was visited by the data subject. This information is collected by YouTube and Google and associated with the respective YouTube account of the data subject.
YouTube and Google receive information via the YouTube component that the data subject has visited our website, whenever the data subject is logged in at YouTube at the time of the call to our website; this occurs regardless of whether the person clicks on a YouTube video or not. If such a transmission of this information to YouTube and Google is not desirable for the data subject, the delivery may be prevented if the data subject logs out of their own YouTube account before a call-up to our website is made.
The data protection provisions published by YouTube, which are retrievable at https://www.google.de/intl/de/policies/privacy/, provide information about the collection, processing and use of personal data by YouTube and Google.

14. Security Measures

We take organizational, contractual and technical security measures according to the state of the art, to ensure that the regulations of the data protection laws are complied with and thus to protect the data processed by us against accidental or intentional manipulations, loss, destruction or against the access of unauthorized persons.

15. Newsletter

The sending of the newsletter is done using “MailerLite” (HTTPS://WWW.MAILERLITE.COM/) where the email addresses and further information about the dispatch and the analysis of the newsletter are stored.

You receive a so-called Double-Opt-In email, in which you are asked to confirm your registration. You can object to receiving the newsletter at any time (so-called Opt-Out). A link to cancel the newsletter is found at the end of each newsletter or the Double-Opt-In email.

To optimize the newsletter for you, you consent to our evaluation, with which we measure how frequently the newsletter is opened and which links the readers click.

With the following information, we inform you about the contents of our newsletter as well as the registration, dispatch and the statistical evaluation procedure as well as your rights of objection. By subscribing to our newsletter, you agree to the receipt and the described procedures.

Content of the newsletter: We send newsletters, emails and other electronic notifications with advertising information (hereinafter “newsletter”) only with the consent of the recipients or a legal permission. If the contents of a newsletter are specifically described in the context of a registration for the newsletter, they are decisive for the consent of the users. In addition, our newsletters contain information about our services and us.

Double-Opt-In and logging: The registration for our newsletter is done in a so-called Double-Opt-In procedure. I.e., you receive an email after registering in which you are asked to confirm your registration. This confirmation is necessary so that no one can register with foreign email addresses. The registrations for the newsletter are logged in order to be able to prove the registration process according to the legal requirements. This includes storing the login and confirmation time, as well as the

IP address. Also, the changes to your data stored at the shipping service provider are logged.

Registration data: To subscribe to the newsletter, it is sufficient if you provide your email address. Optionally, we ask you to enter a name for the purpose of a personal address in the newsletter.

The dispatch of the newsletter and the associated performance measurement are based on the recipients’ consent according to Art. 6 para. 1 lit. a, Art. 7 GDPR in conjunction with § 7 Abs. 2 Nr. 3 UWG or on the basis of the statutory permission according to § 7 Abs. 3 UWG.

The logging of the registration procedure is based on our legitimate interests according to Art. 6 para. 1 lit. f GDPR. Our interest is directed towards the use of a user-friendly and secure newsletter system, which serves both our business interests and meets the expectations of users and also allows us to prove consents.

Termination/Revocation – You can terminate the receipt of our newsletter at any time, i.e. revoke your consents. A link to cancel the newsletter is found at the end of each newsletter. We may store the unsubscribed email addresses for up to three years based on our legitimate interests before we delete them in order to be able to prove a formerly given consent. The processing of these data is limited to the purpose of a possible defense against claims. An individual deletion request is possible at any time, provided at the same time that the former existence of a consent is confirmed.

The dispatch of the newsletter is done using the dispatch service provider “MailerLite”, a newsletter dispatch platform. The privacy policy of the shipping service provider can be viewed here: HTTPS://WWW.MAILERLITE.COM/PRIVACY-POLICY. The shipping service provider is used based on our legitimate interests according to Art. 6 para. 1 lit. f GDPR and a contract processing agreement according to Art. 28 para. 3 s. 1 GDPR.

The shipping service provider may use the recipients’ data in pseudonymous form, i.e. without assignment to a user, to optimize or improve their own services, e.g. for technical optimization of the dispatch and the presentation of the newsletter or for statistical purposes. However, the shipping service provider does not use the data of our newsletter recipients to write to them themselves or to pass the data on to third parties.

For all questions concerning the collection, processing or use of your personal data, for information, correction, blocking or deletion of data as well as revocation of granted consents, please contact the email address given in the imprint.