This privacy policy is based on the legal provisions for the protection of your data, which are contained in the General Data Protection Regulation (GDPR), the Federal Data Protection Act (BDSG) and the Telecommunications Digital Services Data Protection Act (TDDDG).
Responsible
KONTENTIERT LEGAL
Attorney Alicja Wilczek
Konkordiastraße 25
40219 Düsseldorf
E-Mail-Adresse: info@kon-legal.de
Telefonnummer: +49 211 97 53 78 07
Subject of the privacy policy
This privacy policy provides you with information about which personal data is stored, processed and passed on when you visit our website, in what form and for what purpose.
Personal data according to Art. 4 No. 1 GDPR is all information relating to an identified or identifiable natural person (hereinafter “data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Use of own cookies for functionality purposes
Our website uses so-called “cookies” in some places. A cookie is a text file that our website places on your device via your web browser. They are used to make our service more user-friendly, effective, and secure. We only use so-called “session cookies.” They are automatically deleted after your visit. You can refuse cookies in your web browser. However, this may impair functionality.
Data that we collect on the basis of legitimate interests in accordance with Art. 6 (1) (f) GDPR, Section 25 (2) TDDDG:
Server data
When you visit our site, various server statistics are automatically saved, which your browser transmits to our provider’s server. Every access to our website and every retrieval of a file stored on the website is logged. This storage serves internal system-related and statistical purposes. The following are logged: the name of the retrieved file, the date and time of retrieval, the amount of data transferred, a notification of successful retrieval, the web browser, and the requesting domain. In addition, the IP addresses of the requesting computers are logged in anonymized form.
This data is used for statistical analysis of visits to our site and cannot be assigned to specific individuals. This data is not combined with other data sources. Using this data, we can optimize our offering for users, for example, by preventing access from malicious sites or optimizing access via certain browsers. Logging the IP address enables the site to be delivered to the visitor. The data is automatically deleted after 14 days for the aforementioned purposes.
To transmit your data, we use a secure server with SSL (Secure Socket Layer) technology and 256-bit encryption. This ensures that your data is transmitted to us securely and is unreadable by unauthorized persons.
Hosting by STRATO
We use the web hosting service “STRATO.” The service is operated by STRATO AG, Otto-Ostrowski-Straße 7, 10249 Berlin, Germany. STRATO enables us to manage a domain under which we can publish our website (and shop, if applicable). We also use STRATO’s email system, cloud service, and servers. You can find out which data is collected and the purpose of the collection and storage in the section above (“Server Data”). Our legitimate interest lies in enabling the operation of a website on the Internet. We have concluded a data processing agreement (DPA) with STRATO, under which this company assures and documents compliance with appropriate technical and organizational measures. Further information can be found in STRATO’s privacy policy at https://www.strato.de/datenschutz/
Email inquiries
If you send us an inquiry by email, we will collect and store the email address and the data contained in the email to respond to your inquiry. Our legitimate interest lies in communicating and responding to your inquiries.
Should a contractual relationship develop from the inquiry through the initiation of a contract, or should the inquiry relate to an existing contractual/mandate relationship, the legal basis is Art. 6 (1) (b) GDPR, as the storage of the data is necessary to fulfill a pre-contractual or contractual obligation. The data will be deleted when the purpose for which it was stored no longer applies, i.e., after your email/contact form inquiry has been answered or when the matter related to the inquiry has been conclusively resolved. In the case of an existing contractual relationship or one resulting from the inquiry, deletion will occur after the expiration of the statutory retention periods.
Appointment requests
If you send us an appointment request via the booking form, at least your first name and email address will be collected as mandatory information. We save this information so that we can process and confirm your request. All other information is voluntary. Should a contractual/mandate relationship develop from the request through the initiation of a contract or if the request relates to an existing contractual/mandate relationship, the legal basis is Art. 6 (1) (b) GDPR, as the storage of the data is necessary to fulfill a pre-contractual or contractual obligation. The data will be deleted when the purpose of storage no longer applies, i.e. after the request has been answered or a corresponding appointment suggestion has been made, or when the matter related to the request has been conclusively clarified. In the case of an existing contractual relationship or a contractual relationship resulting from the request, the data will be deleted after the statutory retention periods have expired.
Data that we process based on an expressly granted consent in accordance with Article 6 (1) (1) a) a) DSGVO, § 25 Abs. 1 TDDG collect:
Contact form
When you use our contact form, we collect and store your email address for the purpose of responding to your inquiry. Before submitting your inquiry, you give us explicit consent by checking the box below the contact form and agreeing to the terms of this privacy policy.
If a contractual relationship develops from the inquiry in the course of contract initiation or if the inquiry relates to an existing contractual relationship, the legal basis is Art. 6 (1) lit. b) GDPR, as the storage of the data is necessary for the fulfillment of a pre-contractual or contractual obligation. The data will be deleted when the purpose of storage no longer applies, i.e., after your email/contact form inquiry has been answered or when the matter associated with the inquiry has been conclusively resolved. In the case of an existing or subsequent contractual relationship arising from the inquiry, deletion will occur after the statutory retention periods have expired.
Data that we collect to fulfill a contract in accordance with Art. 6 (1) Sent. 1 lit. b) GDPR:
Contract processing
For the purpose of contract processing and invoicing, we collect and store the personal data you provide, such as your name, address, and email address. If you have already provided us with this data during your registration, we will use it for the purposes stated there for contract processing. The data will be passed on to tax advisors and banks for billing purposes. In addition, the billing data will be transferred to the tax office in accordance with tax law requirements in accordance with Art. 6 (1) (c) GDPR. This data will be deleted after the applicable statutory retention periods have expired. Unless we are subject to statutory retention periods, the data will be deleted when the purpose for which it was collected no longer applies.
Stripe (Payments)
We use the payment service provider Stripe to process and manage payments. Stripe is a service provided by Stripe, Inc., 354 Oyster Point Blvd, South San Francisco, CA 94080, USA. Stripe Payments Europe Ltd., based in Ireland, is responsible for the European Union. To process a payment and offer various payment methods, Stripe requests certain personal data. The scope of the data depends on Stripe. Information on the type, scope, and purpose of data processing by Stripe can be found in Stripe’s global privacy policy at https://stripe.com/de/privacy. Data transfer is based on the EU-US Adequacy Decision (EU-US Data Privacy Framework). By joining, Stripe demonstrates to us that it adheres to appropriate and suitable technical and organizational measures to protect your personal data.
Rights of data subjects that you are entitled to at any time:
Right of objection, Art. 21 GDPR
If we process your data to protect legitimate interests (Article 6 (1) (f) GDPR), you can object to this processing for reasons arising from your particular situation. We will then no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or unless the processing serves to assert, exercise, or defend legal claims. If you object to data processing for direct marketing purposes, processing for this purpose will no longer take place.
Right to information, Art. 15 GDPR
You have the right to request confirmation from us as to whether we process personal data concerning you and, if so, a right to information about the personal data and related information (Art. 15 (1) (a) – (h) GDPR).
Right to rectification, Art. 16 GDPR
You have the right to request that we immediately rectify any inaccurate personal data concerning you. Furthermore, taking into account the purposes of the processing, you have the right to request that incomplete personal data be completed, including by means of a supplementary statement.
Right to erasure, Art. 17 GDPR
You have the right to request that we delete personal data concerning you immediately and we are obliged to delete it immediately if one of the reasons stated in Art. 17 GDPR applies.
Right to restriction of processing, Art. 18 GDPR
You have the right to request that we restrict the processing of personal data concerning you if one of the conditions set out in Art. 18 GDPR is met.
Right to data portability, Art. 20 GDPR
You have the right to receive the personal data concerning you that you have provided to us in a structured, common and machine-readable format and have the right to transmit this data to another controller, provided that the processing is based on consent pursuant to Article 6(1)(a) or Article 9(2)(a) or on a contract pursuant to Article 6(1)(b) and the processing is carried out by automated means.
Right to lodge a complaint, Art. 77 GDPR
If you believe that the processing of your personal data violates the Data Protection Regulation, you can lodge a complaint with a competent supervisory authority.
State Commissioner for Data Protection and Freedom of Information Nordrhein-Westfalen
Postfach 20 04 44
40102 Düsseldorf
Tel.: 0211/38424-0
Fax: 0211/38424-10
E-Mail: poststelle@ldi.nrw.de