DATA PRIVACY NOTICE
We attach great importance to the protection of your personal data which we take seriously. The collection and processing of your personal data is carried out under the applicable legal regulations (EU Data Protection Basic Regulation, “EU-DSGVO” or Federal Data Protection Act (BDSG). The personal data we collect, the form we collect it and how we process it is summarized below. Further, we […] in the rights you are entitled to in this context is explained in the following.
A. Responsibilities and contact details
Responsibility for processing your personal data in accordance with EU-DSGVO lies with:
Astera Legal Egbers Hitzer Partnerschaft von Rechtsanwälten mbB
Anschrift und Kontaktdaten
Theatinerstraße 11 (Fünf Höfe)
You can contact our data protection officer under the following e-mail address:
or by mail under:
PROLIANCE GmbH/ www.datenschutzexperte.de
B. Processing of personal data
The object of data processing by us is your contact data as well as any other personal data required for providing services to you or our communication with you. In particular, this concerns information that is typically contained in legal documents such as contracts and briefs or public registers such as land registers or commercial registers, information which was part of our correspondence with you, or concerns your legal relations with third parties, such as file numbers, bank account numbers or similar. If you have not provided us with your personal data yourself, we have received it from our clients, business partners, service providers or cooperation partners for whom you may be working as a representative or employee or through whom you are invited to our events, or we have taken the data from publicly available sources.
We process your personal data to the extend necessary to safeguard the legitimate interests of Astera Legal (Art. 6 Para. 1 lit. f EU-DSGVO), in particular:
- for the conclusion or execution of engagement letters, contracts and other business relationships (including for the processing of sales contracts, deliveries or payments) with our clients, business partners, service providers or cooperation partners) for which you may be acting as agent or employee;
- for internal administrative purposes of Astera Legal (e.g. bookkeeping)
- to conduct legal and official proceedings or for the purpose of assertion/exercise of and defence against legal claims in Germany and abroad;
- for service providers (e.g. external IT service providers) which support our business processes;
- to ensure the IT security and IT operation of our firm
- to plan and conduct events to which you have been invited as a guest.
Personal data is also processed for the purpose of fulfilling contracts with or orders from individuals (natural persons) with whom we have business relations (Art. 6 para. 1 lit. b EU-DSGVO).
If you do not provide us with your personal data, we cannot carry out the contractual relationship or fulfil the above-mentioned communication purposes.
In addition, we are required to certain extend by law to process data (Art. 6 para. 1 lit. c) EU-DSGVO). For example, according to the provisions of the German Anti-Money-Laundering Act (Geldwäschegesetz, GwG), we are obliged to identify our clients and require the necessary information from you for this purpose (Section 11 (6) sentence 1 GwG).
2. Application for employment
In particular, we process contact data, curriculum vitae, cover letters and certificates of applicants, and, if necessary, internal notes on job interviews.
We store this data for as long as it is necessary for the above-mentioned purposes and delete the data of rejected applicants within 6 months after notification of our decision. In the case of accepted applications, the data will be included in the personnel file. If we do not consider the application positively, consent for longer storage can be given on a voluntary basis, e.g. in the event that we wish to contact the applicant again at a later date; we will contact the relevant person separately in this regard.
C. Processing of personal data when visiting our website
When you access our website, it is technically necessary that data is transmitted to our web server via your internet browser. The following data is recorded during an ongoing connection for communication between your internet browser and our web server:
- Domain visited
- Date and time of the request
- Page from which the file was requested
- Access status (file transferred, file not found, etc.)
- Web browser and operating system used
- IP address of the requesting computer
- Amount of data transmitted
We collect this data in order to ensure a smooth connection to the website and to enable a comfortable use of our website. In addition, the log file serves to evaluate system security and stability as well as for administrative purposes. The legal basis for the temporary storage of the data or log files is Art. 6 para. 1 lit. f DSGVO.
For reasons of technical security, in particular to defend against attempts to attack our web server, we may store this data for a short period of time. The IP addresses are stored anonymously by shortening the IP addresses so that it is not possible to draw conclusions about individual persons on the basis of this data. This data is not evaluated in any way except for statistical purposes in anonymised form. This data is not mixed with data from other data sources. The anonymised data will be deleted after 60 days at the latest.
Our website uses so-called “cookies”. Cookies are small text files that are stored on your device either temporarily for the duration of a session (session cookies) or permanently (permanent cookies). Session cookies are automatically deleted at the end of your visit. Permanent cookies remain stored on your terminal device until you delete them yourself or until your web browser automatically resolves them. Cookies have various functions. Many cookies are technically necessary, as certain website functions would not work without them. Other cookies are used to evaluate user behaviour or display advertising. Technically necessary cookies are stored on the basis of Art. 6 para. 1 lit. f DSGVO. We have a legitimate interest in the storage of cookies for the technically error-free and optimised provision of our services. Other cookies are only stored with your consent on the basis of Art. 6 para. 1 lit. a DSGVO. This consent can be revoked at any time for the future. If the processing is necessary for the performance of a contract to which you are a party or for the implementation of pre-contractual measures taken at your request, the legal basis may also result from Art. 6 para. 1 lit. b DSGVO.
You can also visit our website without using cookies if you deactivate the storage of cookies in the system settings of your browser. Please note that if you deactivate cookies, the functionality of our website may be limited. Further information about cookies and their deactivation can be found on the website of the Federal Office for Information Security:
3. Social Media Plug-ins
We use social media plug-ins on our website. We use the so-called 2-click solution. When you visit our website, so far no personal data is transmitted to the providers of the plug-ins. You can recognize the provider of the plug-in by the marking on the respective plug-in or by the corresponding logo. You have the possibility to communicate directly with the provider of the plug-in via the button. Only if you click on the marked field and thereby activate it, the plug-in provider will receive the information that you have accessed the corresponding website of our online offer. In addition, further data, such as your IP address, is usually transmitted. By activating the plug-in, your personal data is transmitted to the respective plug-in provider and stored.
The plug-ins allow you to interact with social networks and other users, so that we can improve our offer and make it more interesting for you as a user. Legal basis for the use of the plug-ins Art. 6 Abs.1 lit. f DSGVO.
For our plug-ins we use the so-called “Shariff” buttons. “Shariff” was developed to provide more privacy on the internet and to replace the usual “Share” buttons of social networks. It is not the user’s browser, but the server on which this online offer is located that connects to the server of the respective social media platforms and requests the personal data.
Instagram Inc. 1601 Willow Road, Menlo Park, California 94025, USA
LinkedIn Corporation, 2029 Stierlin Court, Mountain View, California 94043, USA http://www.linkedin.com/legal/privacy-policy
D. Your Rights
Below you will find a list of the rights you are entitled to if the legal requirements are met in connection with the collection / processing / use of your data by us:
1. Information and Rectification
You have the right to obtain information about your data stored with us and to request the correction of incorrect or incomplete data.
You can demand the deletion of your data if
- we are not obliged to store the data due to legal or contractual requirements;
- the processing of personal data is no longer necessary for the purposes for which it was collected;
- the consent to data processing has been revoked;
- there is a valid objection to data processing;
- personal data were processed unlawfully;
- the deletion is necessary to fulfil a legal obligation to which we are subject.
3. Restriction of Use
You can demand us to restrict the use of your data if, for example
- the accuracy/completeness of the personal data must be checked for your reference
- the personal data collected is only used by us to assert legal claims; or
- you have raised an objection to the collection and use of the personal data and this objection will be examined.
4. Right to Data Transmission
You have the right to receive your personal data that you have provided us with in a structured, common and machine-readable format or to request it to be transferred to another responsible party.
5. Right of objection
If your personal data are processed by us on the basis of legitimate interests, you have the right to object to the processing of your personal data if this is done for reasons arising from your particular personal situation.
6. Right of withdrawal
You have the right to revoke your consent to the processing of data at any time with effect for the future. After receipt of the revocation, we will stop using and processing data based on your previous consent. You can send us your revocation informally either by letter, telephone, fax or e-mail.
7. Right of appeal
If you believe that we are using and processing your personal data unlawfully, you have the right to lodge a complaint with the competent data protection supervisory authority.
E. Transfer of personal data to third parties
We only transmit your personal data to third parties on the basis of and in accordance with statutory provisions or if and in the extent you have given your consent in an individual case.
Insofar as it is necessary for the processing of client relationships, personal data will be passed on to third parties. This includes, in particular, the disclosure of such data to opposing parties and their representatives (e.g. their attorneys) as well as courts and public authorities for the purpose of correspondence and for asserting and defending the rights of our clients. We only pass on personal data to recipients outside the European Union or the European Economic Area if such a transfer is necessary in connection with the processing of a client relationship.
Only in exceptional cases and only within the framework of legal regulations will personal data be passed on to supervisory and law enforcement authorities to the extent necessary to prevent and detect fraud and other criminal offences.
In some cases, data is processed on our behalf by external service providers, e.g. in the area of IT services or document destruction. These service providers have been carefully selected and commissioned by us, are bound by our instructions and are regularly checked. A confidentiality agreement is concluded with these external service providers and, if the data provided is processed, an agreement is also concluded on the scope and legality of the data processing by the external service provider (commissioned data processing in accordance with Art. 28 EU-DSGVO). In principle, we remain responsible for data processing and use.
F. Status and ongoing changes of the data protection declaration