DATAPROTECTION
VResponsible iSd data protection laws is the
VEGARD Academy Ford & Reh GbR
Adam-Karrillon-Str. 18A, 55118 Mainz
With this data protection notice, we inform you (also referred to as “user” or “person concerned” in the following text) in a general way about data processing in our law firm and in a special way about data processing when you visit our website or contact us via our Website contact form, contact by e-mail or telephone and as part of registering for our newsletter. We also inform you about our online presence in social media and about your rights with regard to the processing of your data. Conceptually, “data processing” always means the processing of personal data.
1. General information on data processing
1.1 Categories of personal data
We process the following categories of personal data:
• Inventory data (e.g. names, addresses, functions, organizational affiliation, etc.);
• Contact details (e.g. e-mail, telephone/fax numbers, etc.);
• content data (e.g. text input, image files, videos etc.);
• usage data (e.g. access data);
• Meta/communication data (eg IP addresses).
1.2 Recipients or categories of recipients of personal data
If, as part of our processing, we disclose data to other people and companies such as web hosts, contract processors or third parties, transmit it to them or otherwise grant them access to the data, this is done on the basis of legal permission (e.g. if the data is transmitted to third parties in accordance with Art. Art. 6 Para. 1 lit. b DS-GVO is required for the fulfillment of the contract) if the data subjects have consented or if a legal obligation provides for this.
1.3 Duration of storage of personal data
The criterion for the duration of the storage of personal data is the respective statutory retention period. After the deadline, the corresponding data will be deleted if they are no longer required to achieve the purpose, fulfill the contract or initiate a contract.
1.4 Transfers to third countries
If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or this happens as part of the use of third-party services or disclosure or transmission of data to third parties, this only takes place if it is to fulfill our (pre-)contractual obligations, on the basis of your consent, on the basis of a legal obligation or on the basis of our legitimate interests. Subject to legal or contractual permissions, we process or have the data processed in a third country only if the special requirements of Art. 44 et seq EU-corresponding data protection levels (e.g. for the USA through the "Privacy Shield") or compliance with officially recognized special contractual obligations (so-called "standard contractual clauses").
2. Data processing when visiting our website
2.1 Log Files
Every time an affected person accesses our website, general data and information is stored in the log files of our system:
• Date and time of retrieval (time stamp);
• Request details and target address (protocol version, HTTP method, referrer, user agent string);
• Name of the retrieved file and amount of data transferred (requested URL including query string, size in bytes);
• Notification of whether the retrieval was successful (HTTP status code).
When using these general data and information, we do not draw any conclusions about the data subject. There is no personal evaluation or an evaluation of the data for marketing purposes or profiling. The IP address is not saved in this context.
The legal basis for the temporary storage of the data is Article 6 (1) (f) GDPR. The collection of the data for the provision of the website and the storage of the data in log files is absolutely necessary for the secure operation of our website. Consequently, there is no possibility of objection on the part of the data subject.
2.2 Malware Detection and Log Data Analysis
We collect log data that arises during the operation of our law firm's communication technology and evaluate this automatically, insofar as this is necessary to identify, isolate or eliminate disruptions or errors in the communication technology or to defend against attacks on our information technology or to identify and defend against malware is required.
The legal basis for the temporary storage and evaluation of the data is Art. 6 Para. 1 lit. f GDPR. The storage and evaluation of the data is absolutely necessary for the provision of the website and for its secure operation. Consequently, there is no possibility of objection on the part of the data subject.
2.3 Cookies
Description and scope of data processing
Our website uses cookies. Cookies are small text files that are also stored on the user's computer system (end device) via your browser. If a user calls up a website, a cookie can be stored on the user's operating system. This cookie contains a characteristic character string (cookie ID) through which websites and servers can be assigned to the specific internet browser in which the cookie was stored. This enables the visited websites and servers to distinguish the individual browser of the person concerned from other internet browsers that contain other cookies. The cookie enables the browser to be clearly identified when you (re)visit the website. We use cookies to make our website more user-friendly and to enable certain functions.
On the one hand, we use so-called session cookies, which are automatically deleted from your browser immediately after you have finished visiting the website. In the field of web analysis, we also use persistent cookies, which enable us to recognize your browser on your next visit, for example to remember information you provided on your last visit for your later visit to our website.
The following data is stored and transmitted in the cookies:
Location data, log-in information, IP addresses
If we use cookies that enable an analysis of the surfing behavior of users, the following data can also be transmitted: Entered search terms, frequency of page views, use of website functions.
We also work with (advertising) partners who help us to optimize our website for you and make it more interesting. For this purpose, cookies from partner companies are also stored on your hard drive when you visit our website (third-party cookies).
If we work together with such advertising partners, you will be informed below about the use of such cookies and the scope of the information collected in each case.
2.4 Hosting
The hosting services we use serve to provide the following services: infrastructure and platform services, computing capacity, storage space and database services, security services and technical maintenance services that we use to operate our website.
In doing so, we or our processor process contact data, content data, usage data, meta and communication data from users of our website on the basis of our legitimate interests in an efficient and secure provision of this online offer in accordance with Article 6 Paragraph 1 lit. f GDPR in conjunction with Article 28 DS-GVO (conclusion of a contract for order processing).
3. Data processing in connection with establishing contact
3.1 Contacting us by email
You can contact our law firm by email using the email addresses published on our website.
If you use this contact method, the data you transmit (e.g. surname, first name, address), but at least the e-mail address, and the information contained in the e-mail together with any personal data you may have transmitted will be used for the purpose of contact and processing of your request. In addition, the following data is collected by our system:
• IP address of the calling computer;
• Date and time of the email.
The legal basis for the processing of personal data in the context of e-mails sent to us is Article 6 Paragraph 1 Letter b and Letter f GDPR.
3.2 Contacting us via website contact form
If you use the contact form provided on our website for communication, it is necessary to provide your surname and first name as well as your e-mail address. Without this data, your request sent via the contact form cannot be processed. Providing your address is optional and allows us, if you wish, to process your request by post.
In addition, the following data is collected by our system:
• IP address of the calling computer;
• Date and time of registration.
The legal basis for the processing of personal data in the context of e-mails sent to us is Article 6 Paragraph 1 Letter b and Letter f GDPR.
3.3 Contact by letter and fax
If you send us a letter or fax, the data you transmit (e.g. surname, first name, address) and the information contained in the letter or fax, together with any personal data you may have transmitted, will be stored for the purpose of contacting us and processing your request .
The legal basis for the processing of personal data in the context of letters and faxes sent to us is Article 6 Paragraph 1 Letter b and Letter f GDPR.
4. Online social media presence
We maintain online presences within social networks (https://www.facebook.com/praxis-training-ihk.de) and Instagram.com/vegard.akademie) to inform the users active there about our services and, if they are interested, about to communicate the platforms. Our social media channels can only be accessed via an external link. As soon as you call up the respective social media profile in the respective network, the terms and conditions and data processing guidelines of the respective operator apply there.
We have no influence on the data collection and its further use by the social networks. There is no knowledge of the extent to which, where and for how long the data is stored, to what extent the networks comply with existing deletion obligations, which evaluations and links are made with the data and to whom the data is passed on. We therefore expressly point out that your data (e.g. personal information, IP address) will be stored by the network operators in accordance with their data usage guidelines and used for business purposes.
We process data with regard to social media presences insofar as comments or direct messages are sent to us via these. The legal basis for processing the data after the user has given his consent is Article 6 (1) (a) GDPR.
5. Your Rights
As the data subject, you have the following rights in connection with the processing of your personal data:
5.1 Right to information
(1) The data subject has the right to request confirmation from the person responsible as to whether personal data relating to them are being processed; if this is the case, you have the right to information about this personal data and the following information:
a) the processing purposes;
b) the categories of personal data being processed;
c) the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organizations;
d) if possible, the envisaged period for which the personal data will be stored or, if this is not possible, the criteria used to determine that period;
e) the existence of a right to correction or deletion of the personal data concerning you or to restriction of processing by the person responsible or a right to object to this processing;
f) the existence of a right of appeal to a supervisory authority;
g) if the personal data are not collected from the data subject, all available information about the origin of the data;
h) the existence of automated decision-making including profiling in accordance with Art. 22 Para. 1 and Para. 4 DS-GVO and - at least in these cases - meaningful information about the logic involved as well as the scope and intended effects of such processing for the data subject .
(2) If personal data is transmitted to a third country or to an international organization, the data subject has the right to be informed of the appropriate guarantees pursuant to Article 46 GDPR in connection with the transmission.
5.2 Right to Rectification
The data subject has the right to demand that the person responsible correct incorrect personal data concerning them without delay. Taking into account the purposes of the processing, the data subject has the right to request the completion of incomplete personal data - also by means of a supplementary declaration.
5.3 Right to erasure
(1) The data subject has the right to demand that the person responsible delete personal data concerning them immediately, and the person responsible is obliged to delete personal data immediately if one of the following reasons applies:
a) The personal data are no longer necessary for the purposes for which they were collected or otherwise processed.
b) The data subject revokes their consent on which the processing was based pursuant to Article 6(1)(a) or Article 9(2)(a) GDPR and there is no other legal basis for the Processing.
c) The data subject objects to the processing in accordance with Art. 21 (1) GDPR and there are no overriding legitimate reasons for the processing, or the data subject objects in accordance with Art. 21 (2) GDPR the processing.
d) The personal data have been processed unlawfully.
e) The deletion of the personal data is necessary to fulfill a legal obligation under Union law or the law of the Member States to which the person responsible is subject.
f) The personal data was collected in relation to information society services offered in accordance with Art. 8 Para. 1 DS-GVO.
(2) If the person responsible has made the personal data public and is obliged to delete them in accordance with paragraph 1, he shall take appropriate measures, including technical measures, taking into account the available technology and the implementation costs, to ensure that those responsible for data processing who use the personal data process, to inform that a data subject has requested them to delete all links to this personal data or copies or replications of this personal data.
(3) Paragraphs 1 and 2 do not apply if processing is necessary
a) to exercise the right to freedom of expression and information;
b) to fulfill a legal obligation that requires processing under Union or Member State law to which the controller is subject, or to perform a task that is in the public interest or in the exercise of official authority that has been delegated to the controller ;
c) for reasons of public interest in the field of public health in accordance with Article 9 Paragraph 2 lit. h) and i) and Article 9 Paragraph 3 GDPR;
d) for archiving purposes in the public interest, scientific or historical research purposes or for statistical purposes pursuant to Article 89 Paragraph 1, insofar as the law referred to in Paragraph 1 is likely to render impossible or seriously impair the achievement of the objectives of this processing, or
e) to assert, exercise or defend legal claims.
5.4 Right to restriction of processing
(1) The data subject has the right to demand that the person responsible restrict the processing if one of the following conditions is met:
a) the accuracy of the personal data is disputed by the data subject, for a period enabling the controller to verify the accuracy of the personal data,
b) the processing is unlawful and the data subject refuses to have the personal data deleted and instead requests that the use of the personal data be restricted;
c) the person responsible no longer needs the personal data for the purposes of processing, but the data subject needs them to assert, exercise or defend legal claims, or
d) the data subject has lodged an objection to the processing pursuant to Art. 21 Para. 1 DS-GVO, as long as it is not certain whether the legitimate reasons of the person responsible outweigh those of the data subject.
(2) If processing has been restricted in accordance with paragraph 1, this personal data - apart from its storage - may only be used with the consent of the person concerned or to assert, exercise or defend legal claims or to protect the rights of another natural or legal person or from reasons of important public interest of the Union or a Member State are processed.
5.5 Right to data portability
(1) The data subject has the right to receive the personal data relating to them that they have provided to a person responsible in a structured, common and machine-readable format, and they have the right to transfer this data to another person responsible without hindrance by the person responsible , to whom the personal data was provided, if
a) processing based on consent pursuant to Article 6(1)(a) or Article 9(2)(a) GDPR or on a contract pursuant to Article 6(1)(b) GDPR based and
b) the processing is carried out using automated procedures.
(2) When exercising their right to data portability in accordance with paragraph 1, the data subject has the right to obtain that the personal data is transmitted directly from one person responsible to another person responsible, insofar as this is technically feasible.
The right under paragraph 1 shall not affect the rights and freedoms of other persons.
This right does not apply to processing that is necessary for the performance of a task that is in the public interest or in the exercise of official authority that has been assigned to the person responsible.
5.6 Right to Object
The data subject has the right, for reasons arising from their particular situation, to object at any time to the processing of personal data relating to them, which is based on Article 6 Paragraph 1 lit. e) or f) GDPR ; this also applies to profiling based on these provisions. The person responsible no longer processes the personal data unless he can demonstrate compelling legitimate grounds for the processing which outweigh the interests, rights and freedoms of the data subject, or the processing serves to assert, exercise or defend legal claims.
In connection with the use of information society services, the data subject may, notwithstanding Directive 2002/58/EC, exercise his or her right to object by automated means using technical specifications.
5.7 Right of Withdrawal
The data subject has the right to revoke their declaration of consent under data protection law at any time. The revocation of the consent does not affect the legality of the processing carried out on the basis of the consent up to the point of revocation.
5.8 Right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, every data subject has the right to lodge a complaint with a supervisory authority, in particular in the Member State of their place of residence, their place of work or the place of the alleged infringement, if the data subject believes that the processing of personal data concerning them data violates this regulation.