Privacy Policy

Privacy Policy www.pplaw.com

 

Berlin:
Potsdamer Platz 5
10785 Berlin
+49 (30) 25353-0
F +49 (30) 25353-999
ber@pplaw.com

Frankfurt aM:
An der Welle 3
60322 Frankfurt aM
+49 (69) 247047-0
F +49 (69) 247047-30
fra@pplaw.com

Munich:
Hofstatt 1 (Entrance: Färbergraben 16)
80331 Munich
+49 (89) 24240-0
F +49 (89) 24240-999
muc@pplaw.com

 

Information on data processing at POELLATH

Unsubscribe from the newsletter

Overview

In this privacy policy, we inform you in accordance with Art. 12 GDPR about how, to what extent and for what purposes we process personal data

in the use of our website (see section 2)

regarding advice from POELLATH (see section 3)

Further information relevant to all the above-mentioned data processing operations is provided in Sections 1 and 4 to 9.

1. Responsible party and data protection officer

Responsible party in terms of data protection law: P+P Pöllath + Partners Rechtsanwälte und Steuerberater mbB (hereinafter POELLATH)

Data protection officer: Anna Cardillo. You can contact our data protection officer c/o P+P Pöllath + Partners, Potsdamer Platz 5, 10785 Berlin, T +49 (30) 25353-0, DSB@pplaw.com.

2. Website: processing of your personal data

2.1 Use of the website, access data

You may use our website for purely informational purposes without disclosing your identity. When visiting individual pages of the website in this sense, only access data is transmitted to our provider so that the website can be displayed to you. This includes the following data:

  • Browser type/browser version,

  • Operating system used,

  • Language and version of the browser software,

  • Host name of the accessing terminal,

  • IP address,

  • Website from which the request comes,

  • Content of the request (specific page),

  • Date and time of the server request,

  • Access status/HTTP status code,

  • Referrer URL (the previously visited page),

  • Amount of data transmitted,

  • Time zone difference from Greenwich Mean Time (GMT).

Temporary processing of this data is necessary in order to make it technically possible for a website visit to take place and for the website to be transmitted to your terminal. The access data is not used to identify individual users and is not merged with other data sources. Further storage in log files takes place to ensure the functionality of the website and the security of the information technology systems. The legal basis for processing is Art. 6(1) Sentence 1(f) GDPR. Our legitimate interests lie in ensuring the functionality of the website and the integrity and security of the website. The storage of access data in log files, in particular the IP address, for a longer period of time enables us to recognize and ward off misuse. This includes, for example, the defense against requests that overload the service or any bot usage. The access data will be deleted as soon as they are no longer required for the purpose of their processing. In the case of the data collection provide access to the website, this is the case when you end your visit to the website. In principle, the data is deleted after seven days at the latest; processing beyond this time period is possible in individual cases. In this case, the IP address will be deleted or encrypted in such a way that it is no longer possible to associate it with the accessing client.

You can appeal against the processing. Your right of objection exists for reasons arising from your particular situation. You can send us your objection via the contact data mentioned in the section “Responsible party and data protection officer”.

2.2 Cookies

In addition to the aforementioned access data, so-called cookies are stored in the Internet browser of the terminal device you use when using the website. These are small text files with a sequence of numbers which are stored locally in the cache of the browser used. Cookies do not become part of the terminal and cannot execute programs. They serve to make our website user-friendly. The use of cookies may be technically necessary or may be used for other purposes (e.g. analysis / evaluation of website use).

2.2.1 Technically necessary cookies

Some elements of our website require that the accessing browser be identified even after you change to another page. Language settings, for example, are processed in the cookies.

The user data collected through technically necessary cookies is not processed to create user profiles. If we use unnecessary cookies, we will inform you separately within the scope of this data protection declaration. We also use so-called "session cookies", which store a session ID with which various requests from your browser can be assigned to the common session. Session cookies are necessary for the use of the website. In particular, they enable us to recognize the terminal device used when you return to the website. The session cookies are deleted as soon as you log out or close the browser. The legal basis for this processing is Art. 6(1) Sentence 1(f) GDPR. Our legitimate interests in processing are to provide the aforementioned special functionalities and thereby make the use of the website more attractive and effective.

You can object to the processing. Your right to object exists for reasons arising from your particular situation. You can also prevent data processing based on cookies as follows: by deactivating or restricting or deleting cookies in the settings of your browser software or by opening the browser used in “private mode”.

2.2.2 Cookie management

We use a consent management tool on our website to request consent for the use of cookies or similar technologies. By means of a banner displayed on the website or the possibility to refuse your consent for certain functionalities of our website, e.g., for the purpose of integrating streaming content, statistical analysis and range measurement. You can use the cookie banner to give or refuse your consent for all functions or to give your consent for individual purposes or individual services. You can also subsequently change the settings you have selected under the link “Advanced Settings”. The purpose of integrating the cookie banner is to allow the users of our website to decide whether to set cookies and similar technologies and to offer the possibility to change settings already made in the course of further use of our website. In the course of utilizing the cookie banner, personal data as well as information from the terminals used, such as the IP address, are processed. The legal basis for the processing is Art. 6(1) Sentence 1(f) DSGVO. Our legitimate interests in processing lie in the storage of user settings and preferences with regard to the use of cookies and other functionalities. We store your data as long as your user settings are active. After two years after the user settings have been made, you will be asked for your consent again. The user settings are then stored again for this period.

You can object to the processing. Your right to object exists for reasons arising from your particular situation. You can also prevent data processing based on cookies as follows: by deactivating or restricting or deleting cookies in the settings of your browser software or by opening the browser used in “private mode”.

 

 

2.3 Newsletter and e-mail advertising by us and P+P Training GmbH

You may subscribe to our e-mail newsletter on our website, which will keep you regularly informed about our publications, seminars and events. In order to receive the newsletter, a valid e-mail address is required. The registration for our e-mail newsletter is a double opt-in procedure. After you enter the data marked as mandatory, we will send you an e-mail to the e-mail address you have provided, in which we ask you to explicitly confirm your registration for the newsletter (by clicking on a confirmation link). In this way, we ensure that you actually wish to receive our e-mail newsletter. After your confirmation, we process the e-mail address of the recipient concerned for the purpose of sending our e-mail newsletter. The legal basis for the processing is Art. 6(1) Sentence 1(a) GDPR. We delete this data when you cancel the newsletter subscription. We process the data until you exercise your right of revocation by cancelling our newsletter.

You can revoke your consent to the processing of your e-mail address for the receipt of the newsletter and e-mail advertising at any time, either by sending us a message (see the contact details in the section “Responsible party and data protection officer”), on our website or by directly clicking on the unsubscribe link contained in the newsletter. The legality of the processing carried out on the basis of consent until revocation is not affected by the revocation.

We process your IP address, the time of registration for the newsletter and the time of your confirmation in order to document your newsletter registration and to prevent the misuse of your personal data. The legal basis of the processing is Art. 6(1) Sentence 1(f) GDPR. Our legitimate interest in this processing lies in the prevention of fraud. We delete these data at the latest when the newsletter subscription ends.

The newsletter is sent by P+P Training GmbH, to which we pass on your personal data for this purpose. The legal basis for passing on this data is Art. 6(1) Sentence 1(f) GDPR. It serves our legitimate interest in cross-company bundling of our newsletter subscriptions. You have the right to object to the transfer of your data to P+P Training GmbH. Your right to object exists for reasons arising from your particular situation. You can send us your objection using the contact details provided in the section “Responsible party and data protection officer”.

2.4 POELLATH COVID-19 Impact Tool & PILAR II - HELPDESK

On our website, we use the “COVID-19 Impact Tool” and the “PILLAR II – HELPDESK” from BRYTER GmbH (Uhlandstrasse 175, 10719 Berlin; hereinafter referred to as "BRYTER"), in particular, to provide you with helpful information on funding measures, support in the preparation of funding applications and information on legal innovations in connection with COVID-19.

In order to use the “COVID-19 Impact Tool” and the “PILLAR II – HELPDESK”, within the displayed tool you can choose between the listed funding measures, legal fields and topics that match your respective request. By clicking on the topics you have selected, you will be provided with the sought-after information and details in automated form. Under the subsequent special topics, if you have further questions, you can also send an individual message to the responsible contact person in order to receive more detailed information and get in touch with us directly. You can also use Pillar II - HELPDESK to create your application form directly. After you have created the appropriate form for your request and completed it with the information requested there (such as, in particular, your name and e-mail address, as well as company-related data), you can send this request directly via the PILLAR II - HELPDESK. In order to forward your application or your inquiry or message to the appropriate office, the “COVID-19 Impact Tool” and the “PILLAR II – HELPDESK” process terminal information such as your IP address and the time of access, as well as the information you entered about the company and personal data, particularly contact data such as the company name, your first and last name, place of birth, address, telephone number and e-mail address. If you wish to complete and submit your application at a later date, you can use the “Save&Continue” function to save your progress so far and to finish your reply at a later date. For this purpose, you will be provided with a link to a URL where you can call up your previously entered data. Your encrypted IP address and the data you have entered up to that point will be saved by the tool. We have no access to the data.

If you contact the responsible contact persons through the two tools, we will process the personal data you provide us in order to answer your request and provide you with the requested information. In order to process your request, it is absolutely necessary to provide your first name, last name and e-mail address; the company name is optional. The legal basis for the processing is Art. 6(1) Sentence 1(f) GDPR or Art. 6(1) Sentence 1(b) GDPR, if the purpose of the contact is the conclusion of a contract. Insofar as the inquiry is aimed at the conclusion of a contract, the details of your data are necessary and obligatory for the conclusion of a contract. If the data is not provided, it is not possible to conclude or execute a contract in the form of establishing contact or processing the inquiry. Insofar as the processing is based on Art. 6(1) Sentence 1(f) GDPR, our legitimate interests lie in increasing our service quality and improving communication with website visitors, interested parties and clients.

In addition, we process your data for the purpose of statistical analysis, in particular to analyze the interaction with the “COVID-19 Impact Tool” and the “PILLAR II – HELPDESK” in the form of statistics that are anonymized for us, e.g. which topics or questions our website users are interested in, in order to use this information to continuously improve our information, questionnaires and specific subject areas and to identify any errors. For this purpose, via integrated programming interfaces, in particular the data mentioned in the section (“Use of the Website”), i.e., terminal and browser information such as your IP address, the time and duration of use of the “COVID-19 Impact Tool” and the “PILLAR II – HELPDESK”, as well as the total number of users, are processed and stored on BRYTER's servers. This provides us with statistical information about how many users have used the “COVID-19 Impact Tool” and the “PILLAR II – HELPDESK” and enables us to determine how appealing the offered topics within the tool are for our users. The legal basis for the processing is Art. 6(1) Sentence 1(f) GDPR. Our legitimate interests in the processing lie in the statistical analysis of the tool usage, as well as the improvement of the quality of service and communication.

We delete the data accrued in this context after the processing is no longer necessary - as a rule two years after termination of communication - or, if necessary, limit the processing to compliance with the existing legally binding storage obligations. Further information on data protection in connection with the “COVID-19 Impact Tool” and the “PILLAR II – HELPDESK” from BRYTER can be found here.

You can file an objection to the processing. Your right to object exists for reasons arising from your particular situation. You can exercise your right to object by using the contact details provided in the section “Responsible party and data protection officer”.

2.5. Services for statistical, analysis and marketing purposes (Google Analytics)

In order to tailor our website perfectly to user interests, we use Google Analytics, a web analytics service from Google (Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, fax: +353 (1) 436 1001). Google Analytics uses cookies (see “Cookies” above), which are stored on your terminal device. Google uses the cookies to process the information generated about the use of our website by your device – e.g. the fact that you have visited a certain page – and processes, among other things, the data mentioned under “Using our website”, in particular your IP address, browser information, the website visited previously and the date and time of the server request, for the purpose of statistical analysis of how people use our website. For this purpose, it is also possible to determine whether different devices belong to you or to your household. This website uses Google Analytics with the “anonymizeIp()” extension. This shortens IP addresses before they are processed, in order to make it much more difficult to identify individuals. According to Google, your IP address is shortened beforehand within member states of the European Union. Only in exceptional cases will the full IP address be transferred to a Google server in the US and shortened there. On our behalf, Google will process this information for the purpose of evaluating your use of this website, compiling reports for us on website activity, and – where we point this out separately – providing us with other services relating to website usage. Google will not associate the IP address transmitted by your browser for these purposes with any other data held by Google. The legal basis of this processing is your consent under Art. 6(1) Sentence 1(a) GDPR. Google also processes the data in part in the US. The EU Commission has not issued an adequacy decision for data transfers to the US; the legal basis for transfers to the US is your consent under Art. 49(1) Sentence 1(a) GDPR. Your data processed in connection with Google Analytics will be erased after 14 months at the latest. For further information about privacy at Google, please refer here.

You can withdraw your consent to the processing and transfers to third countries at any time by moving the slider back in the consent tool “Settings”. This does not affect the legality of the processing carried out on the basis of the consent prior to the withdrawal.

2.6 Integration of: YouTube videos         

On the website, we use plug-ins of the video platform “YouTube.de” or “YouTube.com”, a service of YouTube LLC (headquarters at 901 Cherry Avenue, San Bruno, CA 94066, USA; hereinafter “YouTube”), for which “Google” (Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001) is the responsible party in terms of data protection law. With the integration, we aim to include visual content (videos) that we have published on “Youtube.de” or “Youtube.com” on our website. When using the streaming function, information that is stored on your terminal device (e.g., IP address) is also processed. The videos are integrated in “extended data protection mode”, which means that no data about you as a user is transferred to “YouTube” if you do not play the videos. While playing the videos on our website, “YouTube” receives the information that you have accessed the corresponding subpage of our website. In addition, some of the data mentioned in the section “Use of the website” is transmitted to “Google”. This happens regardless of whether “YouTube” provides a user account through which you are logged in or whether no user account exists. If you are logged in at “Google”, your data will be assigned directly to your account. If you do not want the attribution to your profile on “YouTube”, you have to log out before activating the button. “YouTube” stores your data as user profiles and processes them independently of the existence of a user account at “Google” for the purposes of advertising, market research and/or demand-oriented design of its website. The legal basis for the processing is Art. 6(1) Sentence 1(a) GDPR. Google also processes the data in part in the USA. There is no adequacy decision by the EU Commission for data transfer to the USA; the legal basis for the transfer to the USA is your consent according to Art. 49(1) Sentence 1(a) GDPR. The storage period of your data can be found in the following descriptions of the individual third-party services. Further information on the purpose and scope of processing by “YouTube"” and the storage period at “YouTube” can be found in the privacy policy

You can revoke your consent to processing at any time, either by sending us a message (see the contact details in the “Responsible party and data protection officer” section) or by moving the slider back in the “Advanced Settings” of the content tool. The legality of the processing carried out on the basis of the consent until revocation is not affected by the revocation.

2.7 Social media

We do not use so-called social media plug-ins. However, we do offer you the opportunity to visit our presence on social networks such as LinkedIn, Twitter and Facebook at various places on our website. If you click on the respective logo or the name of a social network, you will be redirected to our respective site via a link. In addition, you can also “share” certain contents of our website on the social networks. If you click on the “Share” logo on our website, the logos of the various social networks will appear. If you click on one of these logos, you will be redirected to the website of the corresponding social network. There - if you have an account and are logged in or log in - you can share the desired content from our website.

No personal data is sent to the social networks before you click on the logos or links which take you to the social network’s website. The possibility of personal data being transmitted to and processed by the social network only exists from the moment you click on the logo on our website and are redirected to the social network website. Personal data is processed, in particular, if you are logged in with your respective social media account and post the content with your account on the social networks. However, data - such as your IP address - can also be processed if you do not have a social media account.

We have no influence on the collected data and data processing procedures, nor are we aware of the full extent of the data collection, the purposes of the processing, the storage periods. We also have no information on the deletion of the collected data by the respective social network.

Further information on the purpose and scope of data collection and processing can be found in the data protection declaration of the respective network. There you will also find further information on your rights and settings to protect your privacy:

LinkedIn 

Twitter

Facebook

2.8 Registration for events

If you register for one of our events on our website, we process your personal data to the extent necessary for the organization, implementation and follow-up of the event. For this purpose, we collect the following data from you: First and last name, company, address, e-mail address. The legal basis for this arises from Art. 6(1) Sentence 1(b) GDPR. The provision of your data is necessary for participation in the event and you are contractually obliged to provide your data. If your data is not made available, the conclusion and/or execution of a contract is not possible. After the purpose has been achieved (e.g., contract implementation), the personal data will be blocked for further processing or deleted, unless we are authorized to further process the data on the basis of your consent (e.g., consent to the processing of your e-mail address for sending electronic advertising mail), a contractual agreement, a legal authorization (e.g., authorization to send direct advertising) or on the basis of legitimate interests (e.g., storage for the enforcement of claims).

2.9 Contact with POELLATH

If you contact our company, e.g. by e-mail, the personal data you provide will be processed by us in order to answer your inquiry. The legal basis for the processing is Art. 6(1) Sentence 1(f) GDPR or Art. 6(1) Sentence 1(b) GDPR, if the contact is aimed at the conclusion of a contract. If the inquiry is aimed at the conclusion of a contract, the information you provide is necessary and obligatory for the conclusion of a contract (see section 3). If the data is not provided, it is not possible to conclude or execute a contract in the form of establishing contact or processing the inquiry. The processing of personal data serves solely to process the establishment of contact, in which our legitimate interest also lies. In this context, the data will not be passed on to third parties. We delete the data accrued in this connection after the processing is no longer necessary - usually after the expiry of the legally binding storage obligations - or if they contradict further processing.

You can object to the processing. Your right of objection exists for reasons arising from your particular situation. You can send us your objection via the contact data mentioned in the section “Responsible party and data protection officer”.

2.10 Applications

If you send a job application to us by e-mail, the data you provide (your contact details, date of birth, professional background) will be processed by us to process your job application. The legal basis for processing your personal data in this job application procedure is primarily § 26 BDSG. According to this law, the processing of data required in connection with the decision to establish an employment relationship is permissible. Should the data be required for legal action after the application procedure has been completed, processing may be carried out on the basis of the requirements of Art. 6 GDPR, in particular to safeguard legitimate interests in accordance with Art. 6(1) Sentence 1(f) GDPR. Our legitimate interest then consists in the assertion or defense of claims. Data of applicants will be deleted after 6 months in case of a rejection. In the event that you have agreed to further storage of your personal data, we will transfer your data to our job applicant pool. There the data will be deleted after your revocation.

Insofar as the processing is based on the legal basis in accordance with Art. 6(1) Sentence 1(f) GDPR, you have the right to object to the processing of your other data. Your right to object exists for reasons arising from your particular situation. You can send us your objection using the contact details provided in the section “Responsible party and data protection officer”.

3. Advisory by POELLATH

We hereby inform you about the processing of your personal data when we advise or legally represent you as attorneys or tax advisors.

3.1. Requirement to provide your personal data, purposes of processing and legal basis

We process your personal data to establish and execute the client-lawyer relationship. Providing your personal data is required for this purpose. If you do not provide your personal data, the establishment and execution of the client-lawyer relationship may not be possible. The legal basis for processing is Art. 6(1) lit. b GDPR.

3.2. Recipients and categories of recipients

Your personal data will or can be transmitted to the following recipient or categories of recipients:

  • P+P Training GmbH (see 2.3.)

  • Berliner Steuergespräche e.V.

  • Münchner Unternehmenssteuerforum e.V.

  • Münchner M&A Forum e.V.

  • Funds Forum Frankfurt

  • Frankfurt International Tax Forum

  • Venture Ladies

  • Stiftung Hilfe zur Selbsthilfe

  • Max-Planck-Förderstiftung

  • Stiftung ex oriente

  • Courts or authorities who are involved in your case.

  • Third parties who are involved in your case, such as the opposing party and their authorized proxies.

  • Colleagues from other law firms whom we consult on your case.

3.3 E-mail information

We reserve the right to use the e-mail address provided by you within the scope of the client relationship in accordance with the statutory provisions from time to time in order to send you information on publications, seminars and events by e-mail during or after our consultation, provided that you have not already objected to this processing of your e-mail address:

If the sending of electronic information is not necessary for the execution of the contract (e.g., e-mail in informational form), the processing is based on the legal basis according to Art. 6(1) Sentence 1(f) GDPR. Our legitimate interests in the above-mentioned processing are to increase and optimize our services, to send information on current market developments, to inform you of consulting offers, to invite you to free events, to send direct advertising and to ensure customer satisfaction. We delete your data at the latest after receiving your objection.

We would like to point out that you can object to receipt of this information, as well as the processing for the purpose of this information, at any time without incurring any costs other than the transmission costs according to the basic tariffs. You have a general right to object without stating reasons (Art. 21(2) GDPR). You can declare your objection by sending us a message (see the contact details in the section “Responsible party and data protection officer”) or by directly clicking on the unsubscribe link contained in the e-mails.

4. Transmission to third parties

We only pass on the personal data described here to the extent that this is necessary for the provision of our service or is required by law in this context (see Art. 6(1) lit. a and c GDPR). Within the scope of the purposes described here, personal data is forwarded to service providers who work for us and support us in particular in the provision of services. In addition to their legal obligation to ensure that we comply with all data protection regulations, these service providers are bound by further contractual provisions on data protection. As a rule, this includes an obligation as a processor in accordance with Art. 28(3) GDPR.

Otherwise, we only transfer personal data to third parties if we have a legal permission to do so or if you have given your prior consent. You can revoke any consent you may have given at any time with effect for the future. We will only pass on your data to government agencies within the framework of legal obligations or on the basis of an official order or court decision and only to the extent permitted by data protection law.

5. Transmission to countries outside the EU

As far as necessary for our purposes, we may also transfer your data to recipients outside the EU. We only do this within the framework of the data protection requirements for transfers to third countries, if it is ensured that the recipient of the data guarantees an adequate level of data protection in the sense of Chapter V of the GDPR and no other interests worthy of protection speak against the data transfer.

6. Deletion

We delete your personal data as soon as they are no longer required for the purposes pursued by the processing and as long as there are no conflicting legal storage obligations.

7. Your rights

You can request access to the personal data stored by POELLATH about you at any time, free of charge (Art. 15 GDPR), and – subject to the relevant legal requirements – you can request that such data be rectified (Art. 16 GDPR), erased (Art. 17 GDPR), or that its processing be restricted (Art. 18 GDPR). If POELLATH processes your data to pursue legitimate interests, you can exercise your right to object (Art. 21 GDPR). Whether and to what extent these rights exist in individual cases and which conditions apply is determined by the law, in particular the GDPR. The GDPR also grants you a right to data portability under certain circumstances (Art. 20 GDPR). If you have given your consent under data protection law, you can withdraw it at any time with effect for the future (Art. 7(3) GDPR). You also have the right to lodge a complaint with the competent data protection supervisory authority (Art. 77 GDPR). However, if you have any questions or complaints about data protection at POELLATH, we recommend that you first contact our data protection officer. To exercise these rights or if you have any other questions regarding data protection, please contact our company’s data protection officer (see (1) above). To ensure that your request is dealt with quickly, we recommend that you provide us with your last name, first name and, if available, your e-mail address and – if you have received advertising and wish to object – that you send us a copy of the offending promotional material.

8. No automated individual decision-making

We will not use your personal data for automated individual decision-making in terms of Art. 22(1) GDPR.

9. Changes to this privacy notice

New legal requirements, business decisions or technical developments may require changes to our privacy notice. The privacy notice will then be adjusted accordingly. The latest version is always available on our website.

Last amended: August 2020