Privacy Policy

I. Controller´s name and address
II. General
III. Website and Logfiles
IV. Cookies and Google Analytics
V. Share buttons
VI. Newsletter
VII. Email contact
VIII. Mandate
IX. Rights of the data subject

I. Controller’s name and address

The controller, as defined by the General Data Protection Regulation and other national data protection laws of the Member States and other data protection regulations, is:
Beissenhirtz – Kanzlei für Wirtschaftsrecht
Volker Beissenhirtz
Dr. jur., LL.M. (London)
Rechtsanwalt & Zertifizierter Restrukturierungsberater (EACTP)
Uhlandstr. 158
10719 Berlin
Fon: +49 (0)30 88 71 79 60
Fax: +49 (0)30 88 71 79 61
bz@beissenhirtz.com
www.beissenhirtz.com

II. General information regarding data processing

1. Scope of processing of personal data

We process our users’ personal data only if this is necessary for the provision of a functional website and our content and services. We process our users’ data regularly only after obtaining the user’s consent. An exception applies in those cases where, for practical reasons, it is not possible to obtain prior consent and the processing of the data is permitted by legal regulations.

2. Legal basis for processing of personal data
Insofar as we obtain the data subject’s consent for processing personal data, Article 6 Para. 1(a) of the EU General Data Protection Regulation (GDPR) serves as the legal basis.
In processing personal data necessary for the performance of a contract to which the data subject is the contractual party, Article 6 Para. 1(b) of the GDPR serves as legal basis. This also applies to processing necessary for executing pre-contractual measures.
If the processing of personal data is necessary to fulfil a legal obligation our company is subject to, Article 6 Para. 1(c) of the GDPR serves as the legal basis.
Where vital interests of the data subject or of another natural person make processing personal data necessary, Article 6 Para. 1(d) of the GDPR serves as the legal basis.
If the processing is necessary for the purposes of the legitimate interests pursued by our company or by a third party, and the interests or fundamental rights and freedoms of the data subject do not override the former interest, Article 6 Para. 1(f) of the GDPR serves as legal basis for the processing.
3. Data erasure and duration of storage
The data subject’s personal data are deleted or made unavailable as soon as the purpose of the storage lapses. The data can also be stored if this has been provided for by the European or national legislator in the Union’s legal directives, laws or other regulations to which the controller is subject. The data will also be made unavailable or erased if a storage deadline set by the above standards expires, unless it remains necessary to continue storing the data for the purpose of entering or performing a contract.

III. Website and log files

1. Description and scope of the data processing
Whenever this website is visited our system automatically collects data and information about the visiting computer’s system.
This process involves the collection of the following data:
• Information about the browser type and the version used
• The user’s operating system
• The user’s IP address
• The date and time the website was accessed
• Websites from which the user’s system arrived at our website
The data are saved in our system’s log files. These data are not stored together with other personal data of the user.
2. Legal basis for the data processing
The legal basis for the temporary storage of the data and log files is Article 6 Para. 1(f) of the GDPR.
3. Purpose of the data processing
The temporary storage of the IP address by the system is necessary in order to facilitate delivery of the website to the user’s computer. The user’s IP address must therefore be stored for the duration of the visit.
This is stored in log files to ensure the website’s functionality. In addition, we use the data to ensure the security of our IT systems.
Pursuant to Article 6 Para. 1(f) of the GDPR these aims also constitute our legitimate interest in the data processing.
4. Duration of storage
The data are erased as soon as they are no longer required for the purpose for which they were collected. This happens when data collected for the purpose of providing the website are erased at the end of each visit.
The log files are disassociated after seven days so that they can no longer be allocated to the visiting client.
5. Option to object and of removal
The collection of the data for providing the website and storing the data in log files is absolutely essential for the operation of the website. The user therefore has no option to object.

IV. Cookies and Google analytics

1. description and scope of data processing
My website uses cookies. Cookies are text files that are stored in the Internet browser or by the Internet browser on the user’s computer system. When a user visits a website, a cookie can be stored on the user’s operating system. This cookie contains a characteristic string of characters that enables the browser to be uniquely identified when the website is called up again. I use cookies to make my website more user-friendly. Some elements of my website require that the calling browser can be identified even after a page change. When calling up my website, the user is informed about the use of cookies for analysis purposes and his consent to the processing of the personal data used in this context is obtained. In this context there is also a reference to this data protection declaration.
My website also uses Google Analytics cookies. Google Analytics is a web analysis service of Google Inc. (“Google”). Google Analytics uses cookies, which allow an analysis of the use of the website by you. The information generated by the cookie about your use of the website will generally be transmitted to and stored by Google on servers in the United States. I use the extension “{ ‘anonymize_ip’: true }”.
The anonymization or masking of the IP takes place as soon as the IP addresses arrive in the Analytics data collection network and before the data is stored or processed (see also https://support.google.com/analytics/answer/2763052?hl=en).
2. legal basis for the data processing
The legal basis for the processing of personal data using cookies is Art. 6 para. 1 lit. f DSGVO.
3. purpose of data processing
The purpose of using technically necessary cookies is to simplify the use of websites for users. Some functions of my website cannot be offered without the use of cookies. For these it is necessary that the browser is recognized also after a page change. The user data collected by cookies are not used to create user profiles.
I use Google Analytics to analyse and regularly improve the use of my website.
4. duration of the storage, objection and removal possibility
Cookies are stored on the user’s computer and transmitted to my site by the user. Therefore, you as a user have full control over the use of cookies. You can deactivate or restrict the transmission of cookies by changing the settings in your Internet browser. Cookies that have already been saved can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it is possible that all functions of the website can no longer be used to their full extent.
You can prevent the collection by Google of the data generated by the cookie and related to your use of the website (including your IP address) and the processing of this data by Google by downloading and installing the browser plug-in available under the following link: http://tools.google.com/dlpage/gaoptout?hl=en.
As an alternative to the browser plug-in or within browsers on mobile devices, please click this link: Disable Google Analytics to prevent Google Analytics from collecting data from this website in the future (the opt-out only works in this browser and only for this domain). An opt-out cookie is stored on your device. If you delete your cookies in this browser, you must click this link again.

V. Share buttons

On my site you can share posts on Linkedin, Xing and Twitter via a simple link. I don’t use any plug-ins, so when you visit my site, information is not automatically transferred to the social media channels. I use the privacy secure “Shariff” buttons. More information about the Shariff project can be found at: https://www.heise.de/ct/artikel/Shariff-Social-Media-Buttons-mit-Datenschutz-2467514.html

VI. Newsletter

1. Description and scope of the data processing
It is possible to subscribe to a free newsletter at beissenhirtz.com. The email address entered by the customer when registering for the newsletter is sent to us.
The date and time of registration is also collected on registration. Your consent for the processing of the data is collected as part of the registration process and reference is made to this privacy policy.
2. Legal basis for the data processing
The legal basis for processing the data after registration for the newsletter by the user, where the user has submitted his or her consent, is Article 6 Para. 1(a) of the GDPR.
3. Purpose of the data processing
The user’s email address is collected in order to send the newsletter.
4. Duration of storage
The data are erased as soon as they are no longer required for the purpose for which they were collected. The user’s email address will be stored for as long as the subscription to the newsletter remains active.
5. Option to object and of removal
The newsletter subscription can be cancelled at any time by the user concerned. Every email with which the newsletter is sent will contain a corresponding link for this purpose.
This also allows revocation of consent for storage of the personal data collected during the registration process.

VII. Email contact & comments

1. Description and scope of the data processing
If users leave comments or other contributions on my website, their IP addresses and email addresses are stored.
2. Legal basis for the data processing
The legal basis for processing the data transmitted when commenting on news contributions is Article 6 Para. 1(f) of the GDPR.
3. Purpose of the data processing
The processing of personal data is carried out for the security of beissenhirtz.com, in the case that illegal content is published in comments and contributions (insults, prohibited political propaganda; see in this context also comments guidelines). In this case, beissenhirtz.com can itself be prosecuted and therefore has an interest in knowing the identity of the author.
4. Duration of storage
The data are erased as soon as they are no longer required for the purpose for which they were collected.

VIII. Mandate

1. Description and scope of data processing

If you mandate me, I process your contact data (name, title, address, telephone number, fax number, email, website) as well as all information necessary for the execution of the mandate.

2. Legal basis for data processing

The legal basis for the processing of data processed in the course of a mandate is in principle Art. 6 para. 1 lit. b DSGVO. The fulfilment of legal obligations to which I am subject as a lawyer is based on Art. 6 para. 1 lit. c DSGVO. Art. 6 para. 1 lit. f DSGVO is the legal basis for processing, insofar as data processing is necessary to safeguard legitimate interests; in particular, the continuous business relationship with my clients is a legitimate interest. If you have given me your express consent to the processing of your personal data for specific purposes, the legal basis is Art. 6 para. 1 lit a DSGVO. 

3. Purpose of data processing

I will use the data for the following purposes: 

  • Execution and handling of the mandate relationship including correspondence,
  • Fulfilment of my contractual and legal obligations as a lawyer and
  • Processing within the scope of mutual claims arising from the mandate agreement (e.g. invoicing, performance, remuneration and liability claims etc.).

4. Transmission to third parties

If this is necessary in accordance with Art. 6 Para. 1 S. 1 lit. b DSGVO for the processing of client relationships, your personal data will be passed on to third parties. This includes in particular the disclosure to opponents of proceedings and their representatives as well as courts and other public authorities for the purpose of correspondence and for asserting and defending your rights. The passed on data may be used by the third party exclusively for the named purposes.

The attorney-client privilege remains unaffected. As far as data is concerned which is subject to the attorney-client privilege, it will only be passed on to third parties in consultation with you.

5. Transmission to third countries

I store the personal data of my clients exclusively on servers located in Germany and do not use any cloud services located outside Europe. Data will only be transmitted to countries outside the European Economic Area if this is necessary for the execution of the mandate agreement or if you have given me your consent or if this is otherwise legally permissible.

6. Duration of storage

Personal data is stored for the duration of the statutory retention periods. As a rule, these are 10 years plus a waiting period of a further 4 years in order to record cases of a possible suspension of expiry. After 14 years, I check whether there are reasons for further retention.

IX. Rights of the data subject

When your personal data is processed, you are the data subject as defined by the GDPR, and you have the following rights in relation to the controller:
1. Right to information
You may demand from the controller confirmation as to whether personal data relating to you is processed by us.
If such processing takes place, you may demand the following information from the controller:
(1) the purposes for which personal data is processed;
(2) the categories of personal data processed;
(3) the recipients or categories of recipients to whom your personal data has been or will be disclosed;
(4) the planned duration of storage of your personal data or, if it is not possible to provide any concrete information about this, criteria for determining the duration of storage;
(5) the existence of a right to rectification or erasure of your personal data, a right to restriction of processing by the controller or a right to object to this processing;
(6) the existence of the right to lodge a complaint with a supervisory authority;
(7) all available information about the origin of the data if personal data is not obtained from the data subject;
(8) the existence of automated decision-making including profiling pursuant to Article 22 Para. 1 and 4 of the GDPR and – at least in these cases – conclusive information about the logic involved as well as the implications and the intended effects of such processing for the data subject.
You have the right to demand information concerning whether your personal data is transferred to a third country or an international organisation. In this connection you may demand to be informed about suitable guarantees pursuant to Article 46 of the GDPR in connection with the transfer.
2. Right to rectification
You have the right in relation to the controller to rectification and/or completion insofar as personal data relating to you is incorrect or incomplete. The controller must make the correction without undue delay.
3. Right to restriction of processing
Under the following conditions you may demand restriction of processing of personal data relating to you:
(1) if you dispute the correctness of the personal data relating to you for a duration that allows the controller to check the correctness of the personal data;
(2) the processing is illegal and you refuse to allow erasure of the personal data and instead demand restriction of use of the personal data;
(3) the controller no longer needs the personal data for the purposes of processing but you nevertheless require it for assertion, exercise or defence of legal claims;
(4) if you have lodged an objection against processing pursuant to Article 21 Para. 1 of the GDPR and it is not yet established whether the controller’s justified interests outweigh your reasons.
If processing of the personal data relating to you has been restricted, this data may – apart from storage – be processed only with your consent or for assertion, exercise or defence of legal claims or for the protection of rights of another natural person or legal entity or for reasons of an important public interest of the European Union or of a Member State.
If processing has been restricted in accordance with the above conditions, you will be informed by the controller before the restrictions are lifted.
4. Right to erasure
a) Duty of erasure
You may demand from the controller that personal data relating to you be erased immediately, whereupon the controller is required to erase these data without undue delay insofar as one of the following reasons applies:
(1) The personal data relating to you are no longer needed for the purposes for which they were obtained or otherwise processed.
(2) You revoke your consent on which the processing was based pursuant to Article 6 Para. 1(a) or Article 9 Para. 2(a) of the GDPR, and there is no other legal basis for the processing.
(3) You lodge an objection pursuant to Article 21 Para. 1 of the GDPR against the processing and there are no overriding justified grounds for the processing, or you lodge an objection against the processing pursuant to Article 21 Para. 2 of the GDPR.
(4) The personal data relating to you have been processed illegally.
(5) Erasure of the personal data relating to you is required for fulfilment of a legal obligation in accordance with EU law or the law of Member States to which the controller is subject.
(6) The personal data relating to you were obtained in relation to the services offered by the information society pursuant to Article 8 Para. 1 of the GDPR.
b) Information to third parties
Where the controller has made your personal data public and is obliged pursuant to Article 17 Para. 1 of the GDPR to erase the personal data, the controller must take reasonable steps, including technical measures, taking into account the available technology and the cost of implementation, to inform controllers which are processing the personal data that you as the data subject have requested erasure by such controllers of any links to, or copy or replication of, these personal data.
c) Exceptions
The right to erasure does not exist insofar as the processing is necessary
(1) to exercise the right to freedom of expression and information;
(2) for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
(3) for reasons of public interest in the sphere of public health pursuant to Article 9 Para. 2(h) and (i) as well as Article 9 Para. 3 of the GDPR;
(4) for archiving purposes in the public interest, scientific or historic research purposes or for statistical purposes pursuant to Article 89 Para. 1 of the GDPR insofar as the right stated under Section a) is expected to make realisation of the objectives impossible or seriously impede them or
(5) for the establishment, exercise or defence of legal claims.
5. Right to be informed
If you have asserted the right to rectification, erasure or restriction of processing in relation to the controller, the latter is required to notify all recipients, to whom the personal data relating to you have been disclosed, about this rectification or erasure of data or restriction of processing unless it proves to be impossible or entails disproportionate effort.
You have the right in relation to the controller to be informed about these recipients.
6. Right to data portability
You have the right to receive the personal data relating to you, which you have provided to the controller, in a structured, commonly used and machine-readable format. You also have the right to transfer these data to another controller, without hindrance by the controller to whom you have provided the personal data, insofar as
(1) the processing is based on consent pursuant to Article 6 Para. 1(a) of the GDPR or Article 9 Para. 2(a) of the GDPR or on a contract pursuant to Article 6 Para. 1(b) of the GDPR and
(2) the processing is carried out by automated means.
When exercising this right you also have the right to arrange, where this is technically feasible, to have the personal data relating to you transmitted directly from one controller to another controller. Rights and freedoms of other persons must not be affected by this.
The right to data portability does not apply to processing of personal data required to carry out a task in the public interest or in the exercise of official authority vested in the controller.
7. Right to object
You have the right, for reasons arising from your particular situation, to lodge an objection at any time to processing of personal data relating to you which takes place on the basis of Article 6 Para. 1(e) or (f) of the GDPR; this also applies to profiling based on these provisions.
The controller will no longer process the personal data relating to you unless he can prove compelling reasons for the processing that warrant protection that outweigh your interests, rights and freedoms or the processing serves the purpose of asserting, exercising or defending legal claims.
If the personal data relating to you are processed for the purpose of direct advertising, you have the right at any time to lodge an objection against the processing of the personal data relating to you for the purpose of such advertising; this also applies to profiling insofar as it is directly connected with such direct advertising.
If you object to processing for the purposes of direct advertising, the personal data relating to you will no longer be used for these purposes.
You have the option in connection with the use of services of the information society – notwithstanding Directive 2002/58/EC – to exercise your right of objection by means of automated processes in which technical specifications are used.
8. Right to revoke the declaration of consent under data protection law
You have the right to revoke your declaration of consent under data protection law at any time. Revocation of consent does not affect the legality of processing carried out on the basis of consent up to the time of revocation.
9. Right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or the place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR.
The supervisory authority with which the complaint has been lodged will inform the complainant about the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Article 78 of the GDPR.