Privacy Policy

Website

Information about the data processing

1. Information about the data controller and the data protection officer

This privacy policy applies to the websites of (Data Controller):

SCHLATTER Rechtsanwälte PartG mbB (hereinafter „Schlatter“)
Kurfürsten-Anlage 59
69115 Heidelberg
Germany
Phone: 06221 - 9812-0
Telefax: 06221 - 9812-73
E-Mail: info@schlatter.law

The data protection officer of Schlatter can be contacted per e-mail: datenschutz@schlatter.law


2. Information on the processing of data

a) Informational use of our website

When you use our Websites, certain information, for example your IP address, is for technical reasons sent to our Website’s server by the browser used on your end device. We process this information in order to provide the Website content requested by you. To ensure to provide the Website, this information is also stored temporarily in what is referred to as a “web server log file”. The following information is processed automatically until it is deleted:

  • IP-address of your end device,

  • date and time of the visit,

  • name and URL of the requested data,

  • website, from which the request (Referrer-URL),

  • used browser and the operating system of your end device and the name of your access-provider.

This information is processed for the following reasons:

  • to ensure a smooth connection to our website,

  • to ensure a smooth use of our website,

  • evaluation of the system security and stability

  • and other administrative functions.

The legal basis for the processing is based on (point f) of Article 6 (1) GDPR. The legitimate interests pursued by us or any third party are the aforementioned reasons for the data processing. We do not use the processed data to draw conclusions about your identity.

In order to facilitate an informational use of the website, we use Cookies on the websites and web analysis and web tracking technologies. You can find further information about cookies and web analysis tools below (fig. 4, 5 of this privacy policy).

b) Receiving our newsletters

If you agree to receive our e-mail newsletter, the legal basis to process your data is based on (point a) of Article 6 (1) GDPR. We inform you in the newsletter about legal issues. To subscribe to our newsletter, we only need your e-mail address.

You can unsubscribe from our newsletter at any time, for example by using the link at the bottom of each newsletter. Alternatively, you can also send your request at any time by e-mail to datenschutz@schlatter.law or info@schlatter.law. The withdrawal of your consent does not affect the legitimacy of the processing that occurred based on your consent until the withdrawal.

c) Contacting us using our contact form

You can contact us using our contact form on our website. To process your contact request and to answer it, we need your e-mail-address. All other information is optional. The legal basis to process your data is based on (point a) of Article 6 (1) GDPR (your consent). Your data will be deleted as soon as your contact request was successfully processed and is not needed any more for this reason.

You have the right to withdraw your consent at any time. The withdrawal of your consent does not affect the legitimacy of the processing that occurred based on your consent until the withdrawal. To withdraw your consent, please send an e-mail to datenschutz@schlatter.law or info@schlatter.law

d) When you visit our LinkedIn presence through our websites.

On our websites, we only set links to make it easy to find our LinkedIn presence. A direct connection to LinkedIn (a US subsidiary in the EU) is not automatically established when you visit our website. 

Rather, you can click on the link to our presence in the LinkedIn network if you agree to the information on data processing by LinkedIn. 

e) When you access and view our LinkedIn presence and Page Insights.

Use and communication among members
As a LinkedIn member, we process your comments and messages and social actions ("likes") provided to us as a LinkedIn member within the LinkedIn network and the technical environment of the network specified by LinkedIn in order to contact you at your request, if applicable, and to exchange social actions and/or messages.

When you visit, follow or engage with our LinkedIn presence as a LinkedIn member, LinkedIn Ireland Unlimited Company (hereinafter: LinkedIn) and its affiliates process personal data to provide you with LinkedIn page insights. In particular, LinkedIn processes data that you have provided to LinkedIn as a member, such as function, country, industry, length of service, company size, and employment status data from your profile as a member. In addition, LinkedIn processes information about how a member has interacted with our company page, such as whether a member is a follower.

As a rule, you agree to data processing by LinkedIn (LinkedIn Ireland Unlimited Company) if you yourself have a LinkedIn account, you are already aware of and have accepted LinkedIn's terms of use and privacy rules:

User Agreement | LinkedIn https://www.linkedin.com/legal/user-agreement 
LinkedIn Privacy Policy | https://de.linkedin.com/legal/privacy-policy?trk=homepage-basic_footer-privacy-policy  
Cookie Policy | LinkedIn https://de.linkedin.com/legal/cookie-policy?trk=lithograph_footer-cookie-policy 
Cookie Table (linkedin.com) https://de.linkedin.com/legal/l/cookie-table
Data transfer from the EU, EEA and Switzerland | LinkedIn Help https://www.linkedin.com/help/linkedin/answer/62533   

You will also be redirected to LinkedIn's website when clicking on the above links. To this extent, LinkedIn is responsible for data processing.

Information on Page Insights
LinkedIn processes and stores personal data for Page Insights in accordance with its user agreement and privacy policy. You can also view the regulations on joint responsibility once again here: legal.linkedin.com/pages-joint-controller-addendum However, we essentially reproduce the information given there in English once again below:

The so-called Page Insights provided to us are data aggregated by LinkedIn. LinkedIn will not, however, provide us with any personal data of individual members in relation to Page Insights or enable us to link Page Insights and data collected thereon with individual members. We are therefore only responsible for this Page Insights data anonymized for us by LinkedIn. LinkedIn is responsible for Page Insights and the associated data processing.

In this context, LinkedIn alone ensures the security of the processing of member data and the provision of Page Insights through appropriate technical and organizational measures; further information can be found by LinkedIn here: https://security.linkedin.com/ . 

As a LinkedIn member, you can exercise your data subject rights via your account settings or by contacting LinkedIn directly.

Data transfer to third countries
LinkedIn also transfers data from the European Union (EU), the European Economic Area (EEA) and Switzerland to the United States of America (USA) and back. LinkedIn relies on standard contractual clauses approved by the European Commission as the legal instrument for data transfers from the European Union (e.g., between LinkedIn Ireland Unlimited Company or its customers and LinkedIn Corporation in the United States; https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_de ). The LinkedIn data centers for storing its members' information are currently located in the USA. Further information on this can be found here: https://www.linkedin.com/help/linkedin/answer/62533 

3. Data recipients

We do not submit data to third parties for any other as the following reasons:

  • you gave your consent (point a) of Article 6 (1) GDPR),

  • the submission is necessary for the establishment, exercise or defense of legal claims and no reason seems to apply that you have an overriding interest not to submit the data (point f) of Article 6 (1) GDPR),

  • the submission is necessary to fulfill a legal obligation (point c) of Article 6 (1) GDPR),

  • to fulfill our contractual obligations with you (point b) of Article 6 (1) GDPR).


4. Cookies

We use Cookies on our websites. Cookies are small text files with information that can be stored on a user’s end device through its browser when a website is visited. When the website is visited again with the same end device, the cookie and the information it contains can be retrieved.

Most browsers accept Cookies automatically. However, you can configure your browser so it does not store any Cookies on your device/browser or you are asked before any Cookie is stored. However, we would like to point out that some functions of the website may not work properly or at all if you deactivate Cookies in general in your browser.

In the Cookies information is stored about your end device. However, this does not mean we know you identity. To improve the website and better achieve the objectives of the website, the behavior of users on our Website is recorded and analyzed in pseudonymized form. The objective of this process is to examine where users come from, which areas of the website they visit and how often and how long which subpages and categories are looked at. The Cookies are deleted when you leave the website (session cookies).

To optimize the usability, we use Cookies that are stored temporarily for a defined period of time. Users of the Website are marked in pseudonymized form so that they can be recognized again on the Website. Pseudonymized usage profiles are created from this information. If you visit our website again, the Cookie helps us to recognize you and what preferences you have when visiting the website.

Also, we use Cookies to evaluate the use of our website statistically and to optimize our website (s. also fig. 5). These Cookies allow us to mark you in pseudonymized form so that we can be recognized again on the Website. These Cookies are deleted after a defined period of time.

On our websites we use the following cookies:

Name of Cookie

Description

Storage duration/deletion

pk_id

 
  • used for “Matomo“ (s. fig. 5):

    • „statistic cookie” (helps us to understands a website-user’s preferences by collecting anonymized information);

    • registers a User-ID to generate statistical data about the user’s preferences

 

13 months

pk_ref

 
  • used for “Matomo“ (s. fig. 5):

    • „statistic cookie”;

    • stores URL of the page that was viewed prior to the current page (Referrer URL)

 

6 months

_pk_ses,

_pk_cvar

 

 
  • used for “Matomo“ (s. fig. 5):

    • „statistic cookie”;

    • registers a User-ID to generate statistical data about the user’s preferences

 

30 minutes

piwik_ignore

 
  • used for “Matomo“ (s. fig. 5):

    • is used when User activates the Opt-Out-Cookie

 

Until User deletes Cookie (s. fig. 5)


5. Analyze-/Tracking-Tool: Matomo

We use Cookies for the Analysis-/Tracking-Tool „Matomo“ (formerly known as Piwik). This data process is based on (point f) of Art. 6 (1) GDPR: Our legitimate interests for this date process: With the tracking-tool „Matomo“ we want to optimize our website and usability of our website www.kanzlei-schlatter.de and www.schlatter.law and landing pages. Also, we use „Matomo“ to evaluate the use of our website statistically and to optimize our website for our users.

„Matomo“ is an open source web analysis-software. Anonymized user profiles are created and Cookies (s. fig. 4) are stored. The IP-address will be anonymized (IP-masking). This means we store through Matomo in the database each new visitor IP address (ipv4 or ipv6 format) with the last components removed to protect the website user’s privacy.

In the Cookies Matomo uses the following information is stored:

  • anonymized IP-address/pseudonymized User-ID,

  • browsertype/-version,

  • used operating system,

  • referrer-URL (website visited before our website),

  • date and time of the server-request,

  • title of the page being viewed (Page Title),

  • URL of the page being viewed (Page URL),

  • URL of the page that was viewed prior to the current page (Referrer URL),

  • screen resolution being used,

  • time in local user’s timezone,

  • pages generation time (the time it takes for webpages to be generated by the webserver and then downloaded by the user),

  • location of the user: country, region, city, approximate latitude and longitude,

  • main language of the browser being used.

The information is sent to and stored by our data processor (web host in Germany). The information is then used to evaluate the use of the website, to generate a report about the website-activities and to analyze the use of the website-services related to market research and demand-driven design of the website. The information might only be submitted to third parties to the extent that legal obligations have to be met or a data processor (like a web host) is commissioned.

However, you can configure your browser so it does not store any Cookies on your device/browser or you are asked before any Cookie is stored. If you activate the “Do-Not Track”-option in your browser, we do not use the Matomo Cookies. We would like to point out that some functions of the website may not work properly or at all if you deactivate Cookies in your browser.

As an alternative to the browser add-on, especially for browsers on mobile devices, you can also prevent the collection by Matomo by not checking the "Statisics" box in the cookie banner when you first visit the website and clicking on "Save and close" or by not editing the cookie banner. Cookies are only set when you check the box "Statistics".

If you do not check the "Statistics" box, an opt-out cookie will be set to prevent the future collection of your data when you visit this website. However, the opt-out cookie is only valid in the browser used at the time of activation and only for our website and is stored on your device. If you delete the cookies in this browser, you must set the opt-out cookie again.


6. Information about your rights

As a data subject you have the following rights:

  • Art. 15 GDPR: you have a right to obtain access and information. This includes information regarding the purposes of the processing, the categories of personal data that are being processed and the recipients or categories of recipients to whom the personal data have been or will be disclosed, storage duration, existence of a right to rectification, erasure, restriction of processing, data portability, object and the right to lodge a complaint with the supervisory authority and the right to learn about the origin of the data as well as the existence of an automated decision making (profiling) and its details;

  • Art. 16 GDPR: right to rectification;

  • Art. 17 GDPR: right to erasure to the extent that the data is not needed for the exercising of the right to free speech and information, to fulfill legal obligations, for reasons of public interest or of public policy or for the establishment, exercise or defense of legal claims;

  • Art. 18 GDPR: right to restriction of data processing to the extent that you question the accuracy of the processed data or the legality of the data processing, and you do not request the erasure although we do not need the data anymore and you need the data for the establishment, exercise or defense of legal claims or you have objected according to Art. 21 GDPR;

  • Art. 20 GDPR: right to receive your date in a portable (standard, machine-readable) form (data portability) and the right to demand to submit your data to another data controller;

  • Art. 7 Abs. 3 GDPR: right to withdraw your consent with effect for the future at any time. The withdrawal of your consent does not affect the legitimacy of the processing that occurred based on your consent until the withdrawal.

  • Art. 77 GDPR: right to lodge a complaint with the competent supervisory authority. You can address the supervisory authority of your usual residence or work place or place of business of the data controller.


7. Right to object

If we processed data on the basis of our interest (point f) of Art. 6 (1) GDPR), you have the right to object according to Art. 21 GDPR to the extent we cannot demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims. You also have the right to object at any time to processing of your personal data for direct marketing, which includes profiling to the extent that it is related to such direct marketing.

You can send your objection request at any time by e-mail to datenschutz@schlatter.law or info@schlatter.law


8. Data security

When you visit our website we use the commonly used SSL-encryption (Secure Socket Layer) in combination with the highest rate of encryption you browser allows (usually 256-Bit encryption/ in case your browser does not support this rate: 128-Bit v3-technology). The green locket symbol in your browser shows that we use this technique.

We use appropriate technical and organizational security measures, and protect the data which we process against accidental or deliberate manipulation, loss, destruction or access by unauthorized persons. Our safety precautions are continually being improved and maintained corresponding to technological development as well as being adapted to the internal IT security concepts.


9. Effective date and changes to this Privacy Policy

The effective date of this Privacy Policy is May 2018. It may be necessary to modify this Privacy Policy due to technical developments and/or amendment of statutory or official requirements. An up-to-date version of this Privacy Policy can be retrieved and printed at any time: www.schlatter.law/datenschutz or www.schlatter.law/en/privacy-policy