It is important to us to inform you what personal data we use from you as a visitor to our website and for what purpose. For this reason, we describe the type, scope and purpose of the personal data processed by us in the following data protection declaration.
Responsible for data processing:
Data protection officer:
Jan A. Strunk
DATROS Rechtsanwaltsgesellschaft mbH
1. Legal bases and purposes of the processing
We process your personal data only with regard to the fulfilment of our contractual business relationship with you (pursuant to Art. 6 para. 1 lit. b GDPR), or insofar as this is necessary in order to be able to provide the service requested by you. In addition, we process your personal data if you have given us your corresponding consent (Art. 6 para. 1 lit. a GDPR).
If necessary, we process your data (in accordance with Art. 6 Para. 1 lit. f GDPR) also beyond the actual fulfilment of the contract to protect legitimate interests of us or third parties (e.g. for advertising and analysis if you have not objected to the use of your data; to assert legal claims and defence in legal disputes; to guarantee IT security and IT operation; to prevent and clarify criminal offences; measures for business management and further development of our offers or enquiries on our website and around the website with your contents).
Any processing of personal data takes place only in accordance with the provisions of the European Data Protection Ordinance (GDPR) and the Federal Data Protection Act (BDSG).
2. processing of personal data and type and purpose of use
a.) Duration of data storage
In principle, we only store your personal data for as long as this is necessary for the provision of the service requested by you or the fulfilment of our business relationship with you, provided that no other regulations are provided for by law and 7 days in the case of the IP address to secure IT security.
b.) Web server
Like many other companies, we operate our web server with an external service provider in Germany. This ensures that the web server is always up to date and that security gaps can be closed promptly. Our web server requires some information from you in order for you to be able to access our website and for it to be displayed in a reasonable manner. These include:
The browser you use to surf our pages.
- Your IP address.
- Name and URL of the retrieved file
- Website from which access is made (referrer URL)
- Date and time of your visit.
- Pages accessed by you.
These data are automatically deleted from the web server after 7 days at the latest. The data is stored for this period of time, in the event of unauthorized access to our web server, to be able to trace from whom this attack originated or where it came from.
The legal basis for this data processing is Art. 6 para. 1 sentence 1 lit. f GDPR. Our legitimate interest follows from the purposes listed above for data collection.
For questions that are not answered by our FAQs, we provide a contact form in the FAQ area. In order to be able to process and/or answer your inquiries, we need at least your e-mail address.
As soon as you send your request, your data will be transmitted by the web server to a service provider (Zapier, USA), processed there and transmitted to us. Please do not write any sensitive data (e.g. bank details, etc.) in the contact form, as transmission by e-mail is never 100% secure. In addition, your data will only be passed on to third parties with your consent.
The legal basis for this data processing is Art. 6 para. 1 lit. a GDPR and Art. 6 para. 1 sentence 1 lit. f GDPR.
Data we collect in connection with our newsletter (your e-mail) will be sent to a service provider ("Zapier", USA). At Zapier, the requests are collected and then transmitted to another service provider ("MailChimp", USA) for processing. MailChimp provides a platform via which we handle the dispatch of the newsletter. We have opted for this procedure because "MailChimp" greatly simplifies the processing of newsletter orders. Zapier has been interposed to prevent tracking of your data by MailChimp. In this way, only the data required for the newsletter is transmitted.
The legal basis for this data processing is Art. 6 para. 1 lit. a GDPR.
e.) Privacy Shield
MailChimp and Zapier are certified according to the so-called Privacy Shield. This means that these companies, based in the USA, have declared that they will at least adapt their data processing to the European data protection level.
f.) Press area
In our press area you have the possibility to follow our newsfeed. Your e-mail address is required for this. Your e-mail address will be passed on to one of our service providers "Mynewsdesk" from Leipzig. We use the "Mynewsdesk" service to publish press releases and distribute them to interested parties.
g.) Web analysis
Google Analytics cookies are stored on the basis of Art. 6 Par. 1 S.1 lit. f GDPR. The Louisenlund Foundation has a legitimate interest in anonymised analysis of user behaviour in order to ensure that the design and ongoing optimisation of the website meets your needs.
You can object to the processing of your data in the future by setting an opt-out cookie in your browser by clicking on this link.
No cookies are used on our site, with the exception of cookies from Google Analytics (see "Web Analysis").
3.) Your rights
right of objection
You have the right to object at any time to the processing of personal data concerning you on the basis of Art. 6 para. 1 letter f of the GDPR (data processing on the basis of a balance of interests) for reasons arising from your particular situation. If you object, we will no longer process your personal data, unless we can prove compelling reasons worthy of protection for the processing, which outweigh your interests, rights and freedoms or the processing serves to assert, exercise or defend legal claims.
a.) Further rights
You have the right to information pursuant to Art. 15 DSGVO, the right to correction pursuant to Art. 16 GDPR, the right to cancellation pursuant to Art. 17 GDPR, the right to limitation of processing pursuant to Art. 18 GDPR and the right to data transferability pursuant to Art. 20 GDPR. The restrictions according to §§ 34 and 35 BDSG apply to the right to information and the right of cancellation. In addition, there is a right of appeal to a data protection supervisory authority (Art. 77 GDPR in conjunction with § 19 BDSG) and to revoke the consent granted to us at any time pursuant to Art. 7 Para. 3 GDPR.
Please send an inquiry to our above address (or also by e-mail to: firstname.lastname@example.org).
4.) Up-to-dateness and amendment of this data protection declaration
This data protection declaration is currently valid and has the status as of May 25, 2018.
Due to the further development of our website and offers above or due to changed legal or official requirements, it may become necessary to change this data protection declaration.