Privacy Policy

A. Information about the data controller and the data protection officer

Responsible for the website of Noerr LLP (www.noerr.com) (this “Website”) is: Noerr LLP, a Limited Liability Partnership with registered office at Tower 42, 25 Old Broad Street, London, EC2N 1HQ, registered in England and Wales under the company registration number OC349228. Noerr LLP operates the Noerr LLP website via its German establishment in Brienner Straße 28, 80333 Munich. Tel.: +49 (0) 89 286280
E-mail: datenschutz@noerr.com
Internet: www.noerr.com

(hereinafter “Noerr LLP” or “we”)

All interested parties and visitors to our Website can contact our Data Protection Officer as follows:  

Pascal Schumacher
Noerr LLP
Charlottenstraße 57
10117 Berlin

Tel. +49 30 2094 2316
E-mail: pascal.schumacher@noerr.com
Internet: www.noerr.com

Noerr LLP is registered in accordance with the UK Data Protection Act 1998 with the Information Commissioner’s Office under the registration number Z306039X. The German establishment of Noerr LLP is registered in the Partnerships Register of the Local Court of Munich under the number PR 945.

B. Information on the processing of personal data

Various personal data are processed for various purposes when you access and use this Website and the content offered on this Website. We for example process protocol data which accrue for technical reasons when you access the Website to provide the Website content requested by you.

If we as data controller alone or jointly with others determine the purposes and means of the processing of personal data, you will in particular receive information about

    • the personal data or categories of personal data that are processed,
    • the purposes for which the personal data are processed,
    • the legal basis for the processing and – if the processing is based on point f of Article 6 (1) GDPR – the legitimate interests pursued by us or any third party,
    • if applicable, the recipients or categories of recipients of the personal data,
    • if applicable, our intention to transfer the personal data to a third country or an international organisation, as well as the existence or absence of an adequacy decision of the Commission or in the case of transfers in accordance with Article 46 or Article 47 GDPR or subparagraph 2 of Article 49 paragraph 1 GDPR reference to the suitable and appropriate safeguards and the means to obtain a copy of them or where they have been made available,
    • the duration for which the personal data are stored or if this is not possible, the criteria for determining this duration.

If we collect your personal data from you as a data subject, you will also receive information below about whether the provision of the personal data is required by law or contract or to enter into a contract, whether you are obliged to provide the personal data and what possible consequences not providing such would have. If we do not collect your personal data as a data subject, you will receive information about from what source the personal data originate and if applicable whether they originate from publicly accessible sources.

I. Informational use of the Website

When the use of the Website is purely informational, certain information, for example your IP address, is for technical reasons sent to our Website’s server by the browser used on your end device. We process this information in order to provide the Website content requested by you. To ensure the security of the IT infrastructure used to provide the Website, this information is also stored temporarily in what is referred to as a “web server log file”..

In order to facilitate an informational use of the Website by you, we use Cookies on the Website, by means of which personal data are processed.

Details on the personal data that are processed  

Data categories

Personal data

Source of the data

Obligation to provide the data

Storage duration

Certain protocol data which accrue via the Hypertext Transfer Protocol (Secure) (HTTP(S) (“HTTP Data”) for technical reasons when the website is visited.

IP address, type and version of your internet browser, operating system used, last site accessed before visiting the Website (referrer URL), date and time of visit.

User of the Website.

There is no obligation to provide the data, but if the data are not provided, we cannot provide the requested Website content.

7 days, unless any security-relevant event occurs (e.g. a DDoS attack). If there is a security-relevant event, server log files are stored until the security-relevant event has been eliminated and clarified in full.

Data stored on the user’s end device in cookies (see Section C.) strictly necessary to manage the cookie consents for this (“Opt-In Cookie Data”)

Consent and, where applicable, your individual selection for the use of cookies on your end device.

User of the Website

There is no obligation to provide the data, but if the data are not provided, we cannot provide the requested Website content.

We do not store these data on our systems.
See Section C.III.III on the validity period of the cookie.

Data stored on the user’s end device in cookies (see Section C.) strictly necessary to keep track of the user’s state on all Website pages requested by the user (“ASP.NET_SessionId [x2] Data” and “JSESSIONID Data”)

User preferences

User of the Website.

There is no obligation to provide the data, but if the data are not provided, we cannot provide the requested Website content.

We do not store these data on our systems.
See Section C.III.III on the validity period of the cookie.

Data stored on the user’s end device in cookies (see Section C.) strictly necessary to store the user’s preferred language (“Language Data”)

User’s preferred language

User of the Website.

There is no obligation to provide the data, but if the data are not provided, we cannot provide the requested Website content.

We do not store these data on our systems.
See Section C.III.III on the validity period of the cookie.

Details on the processing of the personal data

Purpose of the processing

Categories of data

Legal basis

Recipient

HTTP data are temporarily processed on our web server for provision of the Website content requested by the user.

HTTP Data.

Balancing of interests (point (f) of Article 6 paragraph 1 GDPR). Our legitimate interest is the provision of the Website content requested by the user.

Hosting provider.

HTTP data are processed temporarily in web server log files to ensure the security of the IT infrastructure used to provide the Website, in particular to identify, eliminate and preserve evidence of disruptions (e.g. DDoS attacks).

HTTP Data.

Balancing of interests (point (f) of Article 6 paragraph 1 GDPR). Our legitimate interest ensuring the security  of the IT infrastructure used to provide the Website, in particular identifying, eliminating and preserving evidence of disruptions (e.g. DDoS attacks).

Hosting provider.

Data from cookies which are strictly necessary to provide the management of cookie consents (Section C) are processed temporarily on our web server in order to identify, when the site is visited again, whether you have already given consent.

Opt-In Cookie Data.

Balancing of interests (point (f) of Article 6 paragraph 1 GDPR). Our legitimate interest is the management of the cookie consents granted by the user for this Website.

Hosting provider.

Data from strictly necessary cookies (Section C) are processed temporarily on our web server in order to keep track of the user’s state on all Website pages requested by the user.

ASP.NET_SessionId [x2] Data and JSESSIONID Data

Balancing of interests (point (f) of Article 6 paragraph 1 GDPR). Our legitimate interest is the provision of the informational function of the Website requested by the user.

Hosting provider

Data from strictly necessary cookies (Section C) are processed temporarily on our web server in order to store the user’s preferred language.

Language Data

Balancing of interests (point (f) of Article 6 paragraph 1 GDPR). Our legitimate interest is the provision of the informational function of the Website requested by the user.

Hosting provider.

Details on the recipients and the transfer to third countries

Recipient

Recipient’s role

Recipient’s location

Safeguards for transfer to third countries

Hosting provider

Processor

EU

-

II. Measurement of web audience and use of web analysis and web tracking technologies  

To measure the web audience, visits to our website are recorded by “tracking pixels” and analysed in anonymised form. Tracking pixels are small graphics on websites that record a log file and allow a log file analysis of visits to the websites.

It you have given your consent to this, we also use web analysis technologies in order, by means of cookies (Section C.), to record and analyse the usage behaviour on our website to improve the website and better achieve the objectives of the website (e.g. frequency of visits, increase in number of page visits).

Details on the personal data that are processed

Data categories

Personal data

Source of the data

Obligation to provide the data

Storage duration n

Tracking pixels

Protocol data accrued via the Hypertext Transfer Protocol (Secure) (HTTP(S)) when the tracking pixels contained in our Website are accessed (“Tracking Pixel Data”).

Tracking pixels are small graphics on websites that allow recording of a log file and a log file analysis of visits to the websites.

 

IP address, type and version of your internet browser, operating system used, site accessed before visiting the Website (referrer URL), date and time of the visit.

User of the Website.

There is no obligation to provide the data. If the data are not provided, we cannot carry out any measurement of web audience.

An “IP anonymisation” is activated on this Website for the use of tracking pixels. The IP address transmitted is anonymised before storage by being shortened.

The other protocol data are not stored in a form allowing the data subject to be identified either.

etracker

Protocol data accrued via the Hypertext Transfer Protocol (Secure) (HTTP(S)) for technical reasons when the web analysis tool etracker used on the Website is used (“etracker HTTP Data”).

IP address, type and version of your internet browser, operating system used, site accessed before visiting the site (referrer URL), date and time of the visit.

User of the Website.

There is no obligation to provide the data. If the data are not provided, we cannot carry out any web analysis.

An “IP anonymisation” is activated on this Website for etracker. The IP address transmitted is anonymised before storage by shortening it.

Data which are stored in cookies (see Section C.) on the user’s end device for etracker (“etracker Cookie Data”).

Unique visitor ID to identify returning visitors.

User of the Website.

There is no obligation to provide the data. If the data are not provided, we cannot carry out any web analysis.

We do not store these data on our systems.
See Section C.III.III on the validity period of the cookie.

Data collected by etracker and stored in pseudonym usage profiles (“etracker Profile Data”).

Data about the use of the website, in particular page visits, visit frequency and time spent on the pages visited.

Generated autonomously.

-

 

Details on the processing of the personal data

Purpose of the processing

Data categories

Legal basis

Recipient

Tracking pixels: To measure the web audience, the visits to our Website are recorded by “tracking pixels” and analysed in anonymised form.

HTTP Data.

Balancing of interests (point (f) of Article 6 paragraph 1 GDPR). Our legitimate interest is the measurement of the web audience.

Hosting provider.

etracker: To improve the Website and better achieve the objectives of the Website (e.g. frequency of visits, increase in number of page visits), the behaviour of users on our Website is recorded and analysed in pseudonymised form. Users of the Website are marked in pseudonymised form so that they can be recognised again on the Website. Pseudonymised usage profiles are created from this information. The pseudonymised usage profiles are not combined with data regarding the bearer of the pseudonym. The objective of this process is to examine where users come from, which areas of the Website they visit and how often and how long which subpages and categories are looked at.

For these purposes cookies (see Section C.) of the web analysis tool etracker are used.

HTTP Data, Cookie Data, Profile Data.

Consent (point (a) of Article 6 paragraph 1 GDPR)

etracker GmbH

Details on the recipients and the transfer to third countries  

Recipient

Recipient’s role

Recipient’s location

Safeguards for transfer to third countries

Hosting provider

Processor

EU

-

etracker GmbH

Processor

Erste Brunnenstraße 1, 20459 Hamburg, Germany

-

III. Newsletter

We offer you the possibility on the Website to subscribe to our personalised e-mail newsletter (“Noerr_news”). With Noerr_news we inform you expertly by e-mail about legal issues that are relevant for you. You can in this respect select the areas of law that interest you and thus compile the issues addressed in your Noerr_news yourself. We also invite you by e-mail to events relevant for you which we hold or participate in and contact you regarding special occasions.

Certain information, for example your e-mail address, is collected when you register for the Noerr_news and when you access the newsletter. We process this information for the provision of the Noerr_news.

You can unsubscribe from Noerr_news at any time, for example by using the link at the bottom of each newsletter. Alternatively, you can also send you unsubscription request at any time by e-mail to datenschutz@noerr.com.

In order to provide with the subscription/unsubscription form for our newsletter on our Website, we use cookies on the Website (see Section C.) with which personal data are processed.

Details on the personal data that are processed  

Categories of data

Personal data

Source of the data

Obligation to provide the data

Storage duration

Data we collect during the registration for the newsletter (“Registration Data”).

E-mail address (required), title, first name, last name (voluntary).

Newsletter subscribers.

There is no obligation to provide the data, but if the data are not provided, we cannot provide you with any newsletter.

We store these data as long as you are registered for our newsletter.

We in addition store these data for evidence purposes for the establishment, exercise or defence of any legal claims for an interim period of three years commencing at the end of the year in which you unsubscribed and in the event of any legal disputes until such have been concluded.

 

Protocol data which accrue via the Hypertext Transfer Protocol (Secure) (HTTP(S)) (“HTTP Data) for technical reasons when the subscription and unsubscription form for our newsletter on our website is accessed.

IP address, type and version of your internet browser, operating system used, site accessed before visiting the Website (referrer URL), date and time of the visit.

User of the Website

There is no obligation to provide the data, but if the data are not provided, we cannot provide the requested Website content.

7 days, unless any security-relevant event occurs (e.g. a DDoS attack). Data are then stored until the security-relevant event has been eliminated and clarified in full.

Protocol data which accrue for technical reasons during subscription and unsubscription of the newsletter (“Subscription and Unsubscription Data”).

Date and time of subscription to newsletter, date and time when registration notification is sent in double opt-in procedure, date and time of confirmation of registration in double opt-in procedure as well as IP address of the end device used for the confirmation, date and time of any unsubscription from newsletter.

Newsletter subscribers.

Provision is not a statutory or contractual requirement, or a requirement necessary to enter into a contract. There is no obligation to provide the data.
If the data are not provided, we cannot provide with you any newsletter.

We store these data as long as you are registered for our newsletter.

We in addition store these data for evidence purposes for the establishment, exercise or defence of any legal claims for an interim period of three years commencing at the end of the year in which you unsubscribed and in the event of any legal disputes until such have been concluded.

Protocol data accrued via the Hypertext Transfer Protocol (Secure) (HTTP(S)) when the tracking pixels contained in our newsletter is accessed (“Tracking Pixel Data”).

Tracking pixels are small graphics in HTML e-mails that allow recording of a log file and a log file analysis of access to the e-mails.

IP address, type and version of your internet browser, operating system used, page accessed, site accessed before visiting the Website (referrer URL), date and time of the visit.

Newsletter subscribers.

Provision is not a statutory or contractual requirement, or a requirement necessary to enter into a contract. There is no obligation to provide the data, but if the data are not provided, we cannot any analysis of newsletter usage behaviour.

We store these data as long as you are registered for our newsletter.

Data in usage profiles that we create by analysing usage behaviour regarding the newsletter using pseudonyms (“Usage Profile Data”).

Data about the use of the newsletter, in particular, access, access frequency and time spent in accessed newsletters.

Generated autonomously.

-

We store these data as long as you are registered for our newsletter.

Details on the processing of the personal data  

Purpose of the processing

Categories of data

Legal basis

Recipient

Sending of Noerr_news, invitations to events and information about special occasions. Use of the information provided voluntarily to personalise Noerr_news and the targeted selection of relevant information. We use the title and your name specified during registration to address you personally in our newsletter.

Registration Data, Subscription and Unsubscription Data.

Consent (point (a) of Article 6 (1) GDPR)

InxMail GmbH

HTTP Data are processed temporarily on our web service to provide the newsletter subscription/unsubscription form on our Website.

HTTP Data.

Balancing of interests (point (f) of Article 6 paragraph 1 GDPR). Our legitimate interest is provision of the website content requested by the user.

Hosting provider.

Data from strictly necessary cookies (à Section C) are processed temporarily on our web server to provide the newsletter subscription/unsubscription form on our Website.

Form Cookie Data.

Balancing of interests (point (f) of Article 6 paragraph 1 GDPR). Our legitimate interest is provision of the website content requested by the user.

Hosting provider.

“Double opt-in” procedure to confirm the subscription.

For this we send an e-mail message requesting confirmation to the e-mail address given by you when registering for the newsletter. Any subscription first becomes effective when the subscriber has confirmed the e-mail address by accessing the confirmation link in the e-mail.

Registration Data, Subscription and Unsubscription Data.

Balancing of interests (point (f) of Article 6 paragraph 1 GDPR). Our legitimate interest is the legally secure documentation of your consent to receiving the newsletter.

Inxmail GmbH

Storage and processing for evidence purposes for any establishment, exercise or defence of legal claims.

Registration Data, Subscription and Unsubscription Data.

Balancing of interests (point (f) of Article 6 paragraph 1 GDPR). Our legitimate interest is the establishment, exercise and defence of legal claims.

Inxmail GmbH

Analysis of the usage behaviour of newsletter subscribers and creation of usage profiles using pseudonyms for the purposes of personalising the newsletter.

Registration Data, Subscription and Unsubscription Data, Tracking Pixel Data, Usage Profile Data.

Consent (point (a) of Article 6 paragraph 1 GDPR)

Inxmail GmbH

Details on the recipients and transfer to third countries

Recipient

Recipient’s role

Recipient’s location

Safeguards for transfer to third countries

Hosting provider

Processor

EU

-

Inxmail GmbH

Processor

Wentzingerstr. 17
79106 Freiburg, Deutschland

-

 

IV. Use of the webinar function

Webinars are online presentations or events with a speaker who gives a live speech. Using Noerr webinars (webinare.noerr.com) requires registration as a member. Your name, your valid e-mail address and a password are required to register as a member. The password specified by you is stored by us in encrypted form. To inform other members about yourself you can describe yourself in more detail by providing more data in your member profile. Under Settings -> Privacy in your member account you can, however, determine which persons can access your member profile to what extent. Your address, telephone number, e-mail address and bank details are not shown in your member profile.

Details on the personal data that are processed

Categories of data

Personal data

Source of the data

Obligation to provide the data

Storage duration

Data that we collect during registration (“Registration Data”).

E-mail address, title, first name, last name, password.

Webinar user.

There is no obligation to provide the data, but if the data are not provided, participation in webinars is not possible.

We store these data as long as you subscribe for webinars.

We in addition store these data for evidence purposes for the establishment, exercise or defence of any legal claims for an interim period of three years commencing at the end of the year in which you unsubscribe and in the event of any legal disputes until such have been concluded.

Protocol data which accrue via the Hypertext Transfer Protocol (Secure) (HTTP(S)) for technical reasons when the subscription/unsubscription form for webinars is accessed (“HTTP Data”).

IP address, type and version of your Internet browser, operating system used, page accessed, site accessed before visiting the Website (referrer URL), date and time of the visit.

Users of the Website.

There is no obligation to provide the data, but if the data are not provided, we cannot provide you with the webinar function.

7 days, unless any security-relevant event occurs (e.g. a DDoS attack). Data are then stored until the security-relevant event has been eliminated and clarified in full.

Data stored on the user’s end device in cookies (see Section C.) strictly necessary to provide the subscription/subscription form for our webinars (“Webinar Form Cookie Data”).

language preferences

Users of the Website.

There is no obligation to provide the data, but if the data are not provided, we cannot provide you with the webinar function.

Deleted after session

Protocol data which accrue for technical reasons during webinar subscription/unsubscription (“Subscription and Unsubscription Data”).

Date and time of subscription, date and time subscription message is sent, date and of time subscription confirmation as well as IP address of device used for confirmation, date and time of any unsubscription.

Webinar users.

There is no obligation to provide the data, but if the data are not provided we cannot provide you with the webinar function.

We store these data as long as you subscribe for webinars.

We in addition store these data for evidence purposes for the establishment, exercise or defence of any legal claims for an interim period of three years commencing at the end of the year in which you unsubscribe and in the event of any legal disputes until such have been concluded.

 

Data in usage profiles which we create by analysing the usage behaviour of webinar participants using pseudonyms (“Usage Profile Data”).

Data on the use of the webinar functions, in particular access, access frequency and time spent using function.

Generated autonomously.

-

We only store these data as long as you subscribe for our webinars.

Details on the processing of the personal data

Purpose of the processing

Categories of data

Legal basis

Recipient

Provision and streaming of webinars after subscription in registered user area.

Registration Data, Subscription and Unsubscription Data, webinars accessed.

Performance of a contract (point (b) of Article 6 paragraph 1 GDPR).

edudip GmbH

HTTP Data are processed temporarily on our web server to provide the subscription/unsubscription form for webinars on the Website.

HTTP Data.

Balancing of interests (point (f) of Article 6 paragraph 1 GDPR). Our legitimate interest is the provision of the Website content requested by the user..

Hosting provider.

Data from strictly necessary cookies (see Section C) are processed temporarily on our web server to provide the subscription/unsubscription form for webinars on the Website.

Form Cookie Data.

Balancing of interests (point (f) of Article 6 paragraph 1 GDPR). Our legitimate interest is the provision of the Website content requested by the user..

Hosting  provider.

“Double opt-in procedure to confirm subscription. For this we send an e-mail message requesting confirmation to the e-mail address given by you when registering for webinars.

Subscription and Unsubscription Data.

Balancing of interests (point (f) of Article 6 paragraph 1 GDPR). Our legitimate interest is the legally secure documentation of your consent to participation in webinars.

edudip GmbH

Storage and processing for evidence purposes for any establishment, exercise or defence of legal claims.

Subscription and Unsubscription Data.

Balancing of interests (point (f) of Article 6 paragraph 1 GDPR). Our legitimate interest is the establishment, exercise and defence of legal claims.

edudip GmbH

Analysis of the usage behaviour of webinar participants in the registered area and creation of usage profiles using pseudonyms

Subscription and Unsubscription Data, Tracking Pixel Data, Usage Profile Data.

Consent (point (a) of Article 6 paragraph 1 GDPR)

edudip GmbH

Details on the recipients and transfer to third countries

Recipient

Recipient’s role

Recipient’s location

Safeguards for transfer to third countries

Hosting provider

Processor

EU

-

edudip GmbH

Processor

Jülicher Straße 306
52070 Aachen, Deutschland

-

V. Job applicant management

We offer you the possibility on the Website to apply for a job with us using a contact form (“Job Applicant Platform”). We process personal data in this respect for technical operation of the Job Applicant Platform and conduct the application and, if applicable, hiring process.

Details on the personal data that are processed  

Categories of data

Personal data

Source of the data

Obligation to provide the data

Storage duration

Protocol data which accrue via the Hypertext Transfer Protocol (Secure) (HTTP(S)) for technical reasons when the platform is accessed (“HTTP Data”).

IP address, type and version of your Internet browser, operating system used, page accessed, site accessed before visiting the Website (referrer URL), date and time of the visit.

User of the platform as a data subject.

There is no obligation to provide the data, but if the data are not provided it is not possible to use the platform.

Data are stored in server log files in a form allowing data subjects to be identified for a maximum of 7 days, unless any security-relevant  event occurs (e.g. a DDoS attack). If a security-relevant event occurs, server log files are stored until the security-relevant event has been eliminated and clarified in full.

 

Data specified by the applicant (“Applicant Data”)

Obligatory information: title, first name, last name, e-mail address.

Optional information: date of birth, profile picture and additional documents, e.g. CV, covering letter, overall assessment, certificates and references.

Job applicant as a data subject.

The provision of the data is in principle voluntary, but if the data are not provided, an application process and, if applicable a hiring are not possible.

If an application is successful, we transfer the data to the personnel file and store the data beyond the period of the application process in accordance with the applicable statutory provisions. If an applicant withdraws his/her application, the application is unsuccessful or the applicant deletes his/her applicant profile, we store the data beyond the period of the application process for an additional six months.

Additional internal comments store by Noerr in an applicant profile (“Applicant Comments Data”). These internal comments cannot be accessed on the platform by applicants.

Perceptions from interviews, feedback and assessments.

Generated autonomously.

-

 

Details on the processing of the personal data  

Purpose of the processing

Categories of data

Legal basis

Recipient

HTTP Data are processed temporarily on our web server to provide the platform content requested by the user.

HTTP Data, Login Data.

Balancing of interests (point (f) of Article 6 paragraph 1 GDPR). Our legitimate interest is the provision of the platform content requested by the user.

 

Conducting the application process, in particular reviewing applications, contacting the applicant and conducting interviews to assess and select suitable applicants.

Applicant Data, Applicant Comments Data.

Taking steps prior to entering into a contract (point (f) of Article 6 paragraph 1 GDPR).

HR Department, the employee responsible in each case for any hiring of the applicant, (other) employees participating in the interview as co-interviewers.

Conducting the hiring process following a successful application, in particular conclusion of an employment contract.

HR data

Taking steps prior to entering into a contract (point (f) of Article 6 paragraph 1 GDPR).

 

Details on the recipients and transfer to third countries

Recipient

Recipient’s role

Recipient’s location

Safeguards for transfer to third countries

Hosting provider

Processor

EU

-

C. Information on the use of Cookies

We use cookies in connection with the Website and the offers provided on the Website. We use the processing and storage functions of your end device’s browser and collect information from the memory of your end device’s browser.

I. General information regarding cookies

Cookies are small text files with information that can be placed on a user’s end device through its browser when a website is visited. When the website is visited again with the same end device, the cookie and the information it contains can be retrieved.

First-party and third-party-cookiesDepending on where a cookie comes from, a distinction can be made between first-party cookies and third-party cookies:

First-party cookies

Cookies that are placed and accessed by the operator of the website as the controller or a processor engaged by it.

Third-party cookies

Cookies that are placed and accessed by controllers other than the operator of the website that are not processors engaged by the operator of the website.

Transient and persistent cookiesA distinction can be made between transient and persistent cookies depending on how long they remain active:

Transient cookies
(session cookies)

Cookies that are automatically deleted when you close your browser.

Persistent cookies

Cookies that remain stored on your end device for a certain period of time after the browser is closed.

Consent-free cookies and cookies requiring consentUsers’ consent is required for some cookies depending on their function and purpose of use. Thus, a distinction can be made between cookies that require users’ consent and those that do not:

Consent-free cookies

Cookies whose sole purpose is transmit a message using an electronic communication network.

Cookies that are necessary so that the party offering a service that has been expressly requested by a participant or user can provide this service (“Necessary Cookies”)

Cookies requiring consent

Cookies for all purposes of use other than the abovementioned.

II. Management of the cookies used on this Website

1. Granting consent to the use of cookies and management of cookies using a cookie dashboard  

If a user’s consent is necessary for the use of certain cookies, we only use these cookies when you use our Website if you have previously granted your consent to this. You can find information as to whether the use of a particular cookie requires consent in the information on the cookies used on this Website in Section C.III of this cookie information.

When you visit our Website, we display a “cookie banner” in which you can declare your consent to the use of cookies on this Website by clicking on a button. When you click on the button, you have the option of giving your consent to the use of all of the cookies described in detail in Section C.III of this cookie information. You also have the option, by clicking on the “cookie dashboard” button, to choose individual cookies. In the “cookie dashboard” of this Website, you also have the option of changing your individual selections at a later point in time.

We also store your consent and any individual cookies you have selected in the form of a cookie (“opt-in cookie”) on your end device in order to determine, when you visit the Website again, whether you have granted your consent. The opt-in cookie has a limited effective period of twelve months.

Necessary Cookies cannot be deactivated using the cookie management function of this Website. However, you can deactivate these cookies in general at any time in your browser.

2. Managing cookies using browser settings 

You can also manage cookies using your browser’s settings. Different browsers have different ways to configure cookie settings. You can find more extensive information on this, for example at http://www.allaboutcookies.org/ge/cookies-verwalten/.

However, we would like to point out that some functions of the Website may not work properly or at all if you deactivate cookies in general in your browser.

III. Cookies used on this Website

The following cookies may be used on this Website:

D. Information about your rights

As a data subject you have the following rights regarding the processing of your personal data:

Right to access (Article 15 GDPR)

As a data subject, you have a right to obtain access and information under the conditions provided in Article 15 of the General Data Protection Regulation.

This means in particular that you have the right to obtain confirmation from us as to whether we are processing your personal data. If so, you also have the right to obtain access to the personal data and the information listed in Article 15 paragraph 1 of the General Data Protection Regulation. This includes information regarding the purposes of the processing, the categories of personal data that are being processed and the recipients or categories of recipients to whom the personal data have been or will be disclosed (points (a), (b) and (c) of Article 15 paragraph 1 of the General Data Protection Regulation).

You can find the full extent of your right to access and information in Article 15 of the General Data Protection Regulation, which can be accessed using the following link.

Right to rectification (Article 16 GDPR)

As a data subject, you have the right to rectification under the conditions provided in Article 16 of the General Data Protection Regulation.

This means in particular that you have the right to receive from us without undue delay the rectification of inaccuracies in your personal data and completion of incomplete personal data.

You can find the full extent of your right to rectification in Article 16 of the GDPR, which can be accessed using the following link.

Right to erasure (“right to be forgotten”) (Article 17 GDPR)

 

As a data subject, you have a right to erasure (“right to be forgotten”) under the conditions provided in Article 17 of the General Data Protection Regulation.

This means that you have the right to obtain from us the erasure of your personal data and we are obliged to erase your personal data without undue delay when one of the reasons listed in Article 17 paragraph 1 of the General Data Protection Regulation applies. This can be the case, for example, if personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed (point (a) of Article 17 paragraph 1 of the General Data Protection Regulation).

If we have made the personal data public and are obliged to erase it, we are also obliged, taking account of available technology and the cost of implementation, to take reasonable steps, including technical measures, to inform controllers which are processing the personal data that you have requested the erasure by such controllers of any links to, or copy or replication of those personal data (Article 17 paragraph 2 of the General Data Protection Regulation).

The right to erasure (“right to be forgotten”) does not apply if the processing is necessary for one of the reasons listed in Article 17 paragraph 3 of the General Data Protection Regulation. This can be the case, for example, if the processing is necessary for compliance with a legal obligation or for the establishment, exercise or defence of legal claims (points (a) and (4) of Article 17 paragraph 3 of the General Data Protection Regulation).

You can find the full extent of your right to erasure (“right to be forgotten”) in Article 17 of the GDPR, which can be accessed using the following link.

Right to restriction of processing (Article 18 GDPR)

As a data subject, you have a right to restriction of processing under the conditions provided in Article 18 of the General Data Protection Regulation.

This means that you have the right to obtain from us the restriction of processing if one of the conditions provided in Article 18 paragraph 1 of the General Data Protection Regulation applies. This can be the case, for example, if you contest the accuracy of the personal data. In such a case, the restriction of processing lasts for a period that enables us to verify the accuracy of the personal data (point (a) of Article 18 paragraph 1 of the General Data Protection Regulation).

Restriction means that stored personal data are marked with the goal of restricting their future processing (Article 4 paragraph 3 of the General Data Protection Regulation).

You can find the full extent of your right to restriction of processing in Article 18 of the GDPR, which can be accessed using the following link.

Right to data portability (Article 20 GDPR)

 

As a data subject, you have a right to data portability under the conditions provided in Article 20 of the General Data Protection Regulation.

This means that you generally have the right to receive your personal data with which you have provided us in a structured, commonly used and machine-readable format and to transmit those data to another controller without hindrance from us if the processing is based on consent pursuant to point (a) of Article 6 paragraph 1 or point (a) of Article 9 paragraph 2 of the General Data Protection Regulation or on a contract pursuant to point (b) of Article 6 paragraph 1 of the General Data Protection Regulation and the processing is carried out by automated means (Article 20 paragraph 1 of the General Data Protection Regulation).

You can find information as to whether an instance of processing is based on consent pursuant to point (a) of Article 6 paragraph 1 or point (a) of Article 9 paragraph 2 of the General Data Protection Regulation or on a contract pursuant to point (b) of Article 6 paragraph 1 of the General Data Protection Regulation in the information regarding the legal basis of processing in Section B of this Privacy Policy.

In exercising your right to data portability, you also generally have the right to have your personal data transmitted directly from us to another controller if technically feasible (Article 20 paragraph 2 of the General Data Protection Regulation).

You can find the full extent of your right data portability in Article 20 of the General Data Protection Regulation, which can be accessed using the following link.

Right to object (Article 21 GDPR)

As a data subject, you have a right to object under the conditions provided in Article 21 of the General Data Protection Regulation. At the latest in our first communication with you, we expressly inform you of your right, as a data subject, to object. More detailed information on this is given below:

Right to object on grounds relating to the particular situation of the data subject

As a data subject, you have the right to object, on grounds relating to your particular situation, at any time to processing of your personal data which is based on point (e) or (f) of Article 6 paragraph 1, including profiling based on those provisions.

You can find information as to whether an instance of processing is based on point (e) or (f) of Article 6 paragraph 1 of the General Data Protection Regulation in the information regarding the legal basis of processing in Section B of this Privacy Policy.

In the event of an objection relating to your particular situation, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal Claims.

You can find the full extent of your right to objection in Article 21 of the General Data Protection Regulation, which can be accessed using the following link

Right to object to direct Marketing

Where your personal data are processed for direct marketing purposes, you have the right to object at any time to processing of your personal data for such marketing, which includes profiling to the extent that it is related to such direct Marketing.

You can find information as to whether and to what extent personal data are processed for direct marketing purposes in the information regarding the legal basis of processing in Section B of this Privacy Policy.

If you object to processing for direct marketing purposes, we no longer process your personal data for these purposes.

You can find the full extent of your right to objection in Article 21 of the General Data Protection Regulation, which can be accessed using the following link.

Right to withdraw consent (Article 7 paragraph 3 GDPR)

Where an instance of processing is based on consent pursuant to point (a) of Article 6 paragraph 1 or point (a) of Article 9 paragraph 2 of the General Data Protection Regulation or on a contract pursuant to point (b) of Article 6 paragraph 1 of the General Data Protection Regulation, as a data subject, you have the right, pursuant to Article 7 paragraph 3 of the General Data Protection Regulation, to withdraw your consent at any time. The withdrawal of your consent does not affect the legitimacy of the processing that occurred based on your consent until the withdrawal. We inform you of this before you grant your consent.

You can find information as to whether an instance of processing is based on point (a) of Article 6 paragraph 1 or point (a) of Article 9 paragraph 2 of the General Data Protection Regulation in the information regarding the legal basis of processing in Section B of this Privacy Policy. 

Right to lodge a complaint with the supervisory authority (point (f) of Article 57 paragraph 1 GDPR)

As a data subject, you have a right to lodge a complaint with the competent supervisory authority under the conditions provided in point (f) of Article 57 paragraph 1 of the General Data Protection Regulation. The competent supervisory authority for us is:

Bayerisches Landesamt für Datenschutzaufsicht
Promenade 27 (Schloss)
91522 Ansbach
Telephone: 0981/53-1300
Fax: 0981/53-5300

E-mail: poststelle@lda.bayern.de
Homepage: www.lda.bayern.de

You can also contact our data protection officer to exercise your rights (Section A.).

E. Effective date and changes to this Privacy Policy

The effective date of this Privacy Policy is [24 May 2018].
It may be necessary to modify this Privacy Policy due to technical developments and/or amendment of statutory or official requirements.
An up-to-date version of this Privacy Policy can be retrieved at any time at www.noerr.com/de/meta/datenschutz.aspx.