(25 May 2018)
When processing your Data, we naturally comply with all applicable data protection laws and regulations – in particular, the provisions of the GDPR and the German Federal Data Protection Act (Bundesdatenschutzgesetz).
Luther Rechtsanwaltsgesellschaft mbH
Phone +49 221 9937 0
Fax +49 221 9937 110
II. Data protection officer
Contact details of our Data Protection Officer:
Data Protection Officer
Luther Rechtsanwaltsgesellschaft mbH
Phone +49 221 9937 0
Fax +49 221 9937 110
III. Personal data
Personal data means individual pieces of information about the personal or factual circumstances of an identified or identifiable natural person. The personal data in relation to you therefore includes all data which contains information about your personal or factual circumstances and which makes it possible to personally identify you, such as your name, your address, your telephone number or your email address.
IV. Purposes and legal bases of data processing
1. Informational use of our website
You can visit our Website without providing any personal information in relation to you. If you use our Website for information purposes only, that is, if you do not register or otherwise provide us with personal information in relation to you, we will not process any Data, with the exception of the Data that is transmitted by your browser to enable you to visit our Website.
For the purposes of making our Website technically available, we need to process certain information from you that has been transferred automatically in order to enable your browser to display our Website and in order to enable you to use it. Such information is collected automatically whenever our Website is called up and is stored in our server log files. The information relates to the computer system of the computer calling up our Website. The following information is processed:
- the host;
- the user’s IP address;
- (where applicable) also the user’s name;
- the date and time of access;
- the method of access (get/post);
- the request;
- the protocol (e.g. http);
- the status (e.g. error reports);
- the amount of data retrieved;
- the referrer;
- the user’s browser and operating system.
- the ID of a logged-in backend user for identification by the Content Management System;
- the PHP session ID of a logged-in backend user for identification by the Content Management System;
- the confirmation of the notification about cookies by clicking “OK”.
We do not use the information that we collect through the aforesaid cookies for the purposes of creating user profiles or evaluating your activities on the Internet.
We will process your Data for the purposes of making our Website technically available on the following legal basis:
- for the performance of a contract or in order to take steps prior to entering into a contract according to Article 6(1)(b) GDPR, to the extent that you visit our Website to obtain information about our products and about events organised by us; and
- for the purposes of our legitimate interests according to Article 6(1)(f) GDPR to be able to make our Website technically available to you. In this respect, our legitimate interest consists in being able to make an attractive, technically functional and user-friendly Website available to you and in taking measures to protect our Website from cyber risks and in preventing cyber risks to third parties from our Website.
2. Active use of our Website
Aside from the purely informational use of our Website, you can also use our Website actively to get in contact with us or subscribe to our newsletter. In addition to the above-described processing of your Data in the event of a purely informational use, we will then also process further Data in relation to you that we need to be able to handle and answer your request. If you use the information services on our Website and, for example, call up interesting articles or press releases and forward them to third parties, we will not store the third-party data but use it exclusively for forwarding purposes.
a. Contact request
To be able to handle and answer your requests addressed to us, e.g. via the various contact forms, we will process the Data in relation to you that you have communicated to us in this connection. This includes in any case your name and your email address, so we can send you an answer, and any other information that you send us as part of your communication.
We will process your Data for the purposes of answering user inquiries on the following legal basis:
- For the purposes of our legitimate interests according to Article 6(1)(f) GDPR; our legitimate interest consists in properly answering requests.
b. Newsletter and advertising emails
With your consent, we will use your Data for advertising purposes, for example, to send you our newsletter. We will process only your name and your email address as required data for this purpose. You can unsubscribe at any time by clicking the appropriate link in the newsletter and carrying out the deregistration.
We will process your Data for the purposes of sending you our newsletter on the following legal basis:
- If you have given us your consent according to Article 6(1)(a) GDPR.
c. Recruitment applicant tool
We will process your Data that you communicate to us as part of your recruitment application – in particular, via our online recruitment applicant tool – for the purposes of processing your recruitment application and carrying out the application process. We will only collect the Data that is required for this purpose.
Some parts of our Website contain links to third-party websites, for example, links to services such as LinkedIn and Xing. After clicking the integrated logo, you will be redirected to the website of the respective provider, which means that only then will your user data be transferred to the respective provider. If you send information to or via such third-party websites, you should check the privacy policies of these websites before providing them with information that can be attributed to you personally. For information about how your Data will be handled if you use third-party websites, please refer to the privacy policies of the respective providers. We are not responsible for the operation of such websites, including their handling of Data.
VI. Categories of recipients
Initially, only our employees will obtain knowledge of your Data. To the extent permitted or required by law, we will additionally transfer your Data to other recipients who provide services to us in connection with our Website. We will limit any transfer of your Data to the necessary scope. Some of our service providers will receive your Data as data processors and will then be obliged to handle your Data strictly as instructed by us. Some recipients will handle your Data transferred by us in an independent manner.
Please find below information about the different categories of recipients of your Data:
- IT service providers, for the purposes of administrating and hosting our Website;
- logistics companies, for the purposes of sending information.
VII. Transfer to a third country
In all other respects, we will not transfer your Data collected when using our Website to countries outside the EU or the EEA or to international organisations.
VIII. Duration of storage
1. Informational use of our Website
When you use our Website for information purposes only, we will store your Data on our servers exclusively for the duration of your visit to our Website. After you leave our Website, your Data will be deleted without undue delay.
As a rule, all cookies installed by us will also be deleted after you leave our Website. However, this does not apply to ID cookies of registered backend users. Such cookies will be stored for a period of one year. In addition, you can delete installed cookies at any time yourself.
2. Active use of our Website
When you use our Website actively, we will initially store your Data for the duration of us replying to your request. If you have given us your consent, we will store your Data until such consent is revoked. We will then additionally store your Data until any legal claims that may arise out of our relationship with you have become time-barred, so as to be able to use such Data as evidence, if necessary. The limitation period is generally between 12 and 36 months, but can also be as long as 30 years. We will delete your Data upon expiry of the limitation period, unless we have a statutory retention duty, for example, under the German Commercial Code (Handelsgesetzbuch, §§ 238, 257(4) German Commercial Code) or under the German General Tax Code (Abgabenordnung, §§ 147(3), 147(4) German General Tax Code). Such retention duties can exist for a period of two to ten years.
All Data that is exchanged between you and us via our Website is generally transmitted using secure connections which correspond to the current state of technology. In addition, we take technical and organisational security measures to protect your Data that is managed by us from accidental or deliberate manipulation, loss, destruction or unauthorised access. Our data processing and our security measures are continuously improved in line with technological developments.
X. Your rights as a data subject
As a data subject, you have, and can assert against us, the rights set out below if the statutory requirements are met:
- Right to information: Under Article 15 GDPR, you may, at any time, demand to be given confirmation from us as to whether or not we are processing Data in relation to you; where this is the case, you further have the right under Article 15 GDPR to demand to receive information from us about the Data concerned and certain further information (inter alia, purposes of the processing, categories of Data, categories of recipient, envisaged storage period, source of the Data, use of automated decision-making and, where Data is transferred to a third country, the appropriate safeguards) and a copy of your Data.
- Right to rectification: Under Article 16 GDPR, you may demand that we rectify the Data stored in relation to you if such Data is inaccurate or incorrect.
- Right to erasure: If the requirements stipulated in Article 17 GDPR are met, you may demand that we erase Data in relation to you without undue delay. A right to erasure does not exist if, for example, the processing of the Data is necessary (i) for exercising the right of freedom of expression and information, (ii) for compliance with a legal obligation to which we are subject (e.g. statutory retention duties) or (iii) for the establishment, exercise or defence of legal claims.
- Right to restriction of processing: If the requirements stipulated in Article 18 GDPR are met, you may demand that we restrict the processing of your Data.
- Right to data portability: If the requirements stipulated in Article 20 GDPR are met, you may demand to receive from us, in a structured, commonly used and machine-readable format, the Data in relation to you that you provided to us.
- Right of revocation: You have the right to revoke your consent to the processing of Data at any time with effect for the future.
- Right to object: If the requirements stipulated in Article 21 GDPR are met, you may object to the processing of your Data and, as a result, we must discontinue processing your Data. The right to object exists only within the limits defined in Article 21 GDPR. Furthermore, our interests may conflict with the discontinuation of processing, such that we continue to be entitled to process your Data despite your objection.
- Right to lodge a complaint with a supervisory authority: If the requirements stipulated in Article 77 GDPR are met, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, your place of work or the place of the alleged infringement, if you consider that the processing of Data relating to you infringes the GDPR. The right to lodge a complaint exists without prejudice to any other administrative or judicial remedy.
The supervisory authority responsible for us is the State Commissioner for Data Protection and Freedom of Information North Rhine-Westphalia:
Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen
We would recommend, however, that you always address your complaints, if any, in the first instance to our Data Protection Officer.
Where possible, your applications made in exercise of your rights should be sent in writing to the above-stated address or directly to our Data Protection Officer.
XI. Scope of your obligations to provide Data
You are not generally obliged to disclose your Data to us. However, if you do not do so, we will be unable to make our Website available to you or to answer the requests that you address to us. All Data that is absolutely needed by us for the aforesaid processing purposes is marked as such.
XII. Automated decision making / profiling
We do not use any automated decision-making or profiling (automated analysis of your personal circumstances).
Mrs. Jenny Gabrial
4 Battery Road, Bank of China Building #25-01, Singapore 049908
25 May 2018