As of: May 2018
Controller in the sense of the General Data Protection Regulation and further national data protection acts of the Member States as well as further data protection regulations is:
Fleischer, Engels & Partner mbB, Patentanwälte
Braunsberger Feld 29
51429 Bergisch Gladbach
+49 2204 98560
The data protection officer of the controller is:
Dr. Patrick Schweisthal
+49 89 740045840
The following list comprises all rights of the data subjects according to the GDPR. Rights which are not relevant for the own website do not have to be mentioned. In this respect, the list can be shortened.
If personal data relating to you is processed, you are data subject in the sense of the GDPR and have the following rights versus the controller:
You can demand the controller to provide a confirmation whether personal data relating to you are processed by us.
If there is such processing, you may request the controller to provide information on the following:
(1) the purposes for which the personal data are processed;
(2) the categories of personal data which are processed;
(3) the recipients or categories of recipients of the personal data to which the respective personal data have been disclosed or will be disclosed;
(4) the period for which the personal data concerning you will be stored, or if concrete information hereon is not possible, the criteria used to determine that period;
(5) the existence of a right to request rectification or erasure of personal data concerning you, of a right to a restriction of the processing through the controller or of a right to object to this processing;
(6) the existence of a right to lodge a complaint with a supervisory authority;
(7) all available information on the origin of the data, in case the personal data are not collected from the data subject;
(8) the existence of an automated decision-making, including profiling, according to Article 22(1) and (4) GDPR and, at least in these cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
You have the right to ask for information whether the personal data concerning you are transferred to a third country or to an international organization. In this context, you can demand to be informed on suitable safeguards according to Article 46 GDPR in connection with the transfer.
You have a right to obtain rectification and/or completion versus the controller, in case the processed personal data concerning you are incorrect or incomplete. The controller shall make the rectification without delay.
You have the right to obtain restriction of the processing of the personal data concerning you where one of the following applies:
(1) the accuracy of the personal data is contested by you, for a period enabling the controller to verify the accuracy of the personal data;
(2) the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;
(3) the controller no longer needs the personal data for the purposes of the processing, but you require them for the establishment, exercise or defense of legal claims;
(4) you have objected to processing pursuant to Article 21(1) GDPR and it is not yet verified whether the legitimate grounds of the controller override those of you.
Where processing of the personal data related to you has been restricted, such data shall - with exception of their storage – only be processed with your consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a member state.
If the processing has been restricted pursuant to the above conditions, you shall be informed by the controller before the restriction of processing is lifted.
a) Obligation to erasure of personal data
You have the right to obtain from the controller the erasure of personal data concerning you without undue delay and the controller is obliged to erase personal data without undue delay where one of the following grounds applies:
(1) The personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed.
(2) You withdraw your consent on which the processing is based according to point (a) of Article 6(1), or point (a) of Article 9(2) GDPR, and there is no other legal ground for the processing.
(3) You object to the processing pursuant to Article 21(1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Article 21(2) GDPR.
(4) The personal data concerning you have been unlawfully processed.
(5) The personal data concerning you have to be erased for compliance with a legal obligation according to Union or Member State law to which the controller is subject.
(6) The personal data concerning you have been collected in relation to the offer of information society services referred to in Article 8(1) GDPR.
b) Information to third parties
Where the controller has made the personal data public and is obliged pursuant to Article 17(1) GDPR to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that you as the data subject have requested the erasure of any links to, or copy or replication of, those personal data.
The right to erasure shall not apply to the extent that processing is necessary:
(1) for exercising the right of freedom of expression and information;
(2) for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
(3) for reasons of public interest in the area of public health in accordance with points (h) and (i) of Article 9(2) as well as Article 9(3) GDPR;
(4) for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) GDPR in so far as the right referred to under section a) is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
(5) for the establishment, exercise or defense of legal claims.
In case you have enforced the right to rectification, erasure or restriction of the processing, the controller is obliged to communicate any rectification or erasure of the personal data or restriction of the processing to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort. The controller shall inform you about those recipients if you request it.
You have the right to receive the personal data concerning you, which you have provided to the controller, in a structured, commonly used and machine-readable format. Moreover, you have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where:
(1) the processing is based on a consent pursuant to point (a) of Article 6(1) GDPR or point (a) of Article 9(2) GDPR or on a contract pursuant to point (b) of Article 6(1) GDPR; and
(2) the processing is carried out by automated means.
In exercising this right, you have further the right to have the personal data transmitted directly from one controller to another, where technically feasible. Rights and freedoms of others shall not be adversely affected hereby.
The right to data portability shall not apply to a processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
You have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you which is based on point (e) or (f) of Article 6(1) GDPR, including profiling based on those provisions.
The controller shall no longer process the personal data concerning you unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms or the processing is for the establishment, exercise or defense of legal claims.
Where personal data concerning you are processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing. This also applies to profiling to the extent that it is related to such direct marketing.
Where you object to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes.
In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you may exercise your right to object by automated means using technical specifications.
You have the right to revoke your data protection declaration of consent at any time. By revoking the consent, the legitimacy of the processing carried out on basis of this consent until revocation is not affected.
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.
This shall not apply if the decision
(1) is necessary for entering into, or performance of, a contract between you and the data controller,
(2) is authorized by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests; or
(3) is based on your explicit consent.
However, these decisions shall not be based on special categories of personal data referred to in Article 9(1) GDPR, unless point (a) or (g) of Article 9(2) GDPR applies and suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests are in place.
With respect to the case under (1) and (3), the data controller shall implement suitable measures to safeguard your rights and freedoms and legitimate interests, which includes at least the right to obtain human intervention on the part of the controller, to express the own point of view and to contest the decision
Without prejudice to any other administrative or judicial remedy, you have the right to appeal to a supervisory authority, in particular in the member state of your place of residence, place of work or the place of the alleged violation, if you are of the opinion that the processing of the personal data relating to you contravenes the GDPR. The supervisory authority where appeal was filed informs the appellant on the status and the results of the appeal including the possibility of judicial remedy according to Article 78 GDPR.
As a basic principle, we only process personal data of our users as far as required for providing an operational website as well as our contents and services. The processing of personal data of our users is regularly carried out upon receipt of the user's consent. An exception applies in the cases where preliminary obtaining a consent is not possible for actual reasons and processing of the data is permitted by law.
As far as we obtain consents of the data subjects for processing the personal data, Article 6(1), point (a) EU General Data Protection Regulation (GDPR) serves as legal basis.
Legal basis for processing necessary for the performance of a contract to which the data subject is party is Article 6(1), point (b) GDPR. This also applies to processing processes required for carrying out precontractual measures.
As far as processing of personal data is necessary for compliance with a legal obligation to which the controller is subject, Article 6(1), point (c) GDPR serves as legal basis.
If processing of personal data is necessary in order to protect the vital interests of the data subject or of another natural person, Article 6(1), point (d) GDPR serves as legal basis.
If processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject, then legal basis for processing is Article 6(1), point (f) GDPR.
The personal data of the data subject are deleted or locked as soon as the purpose of storage ceases to exist. Furthermore, storage can take place if this is required by European or national jurisdiction under Union regulations, laws or other provisions the controller is subject to. Locking or erasure of data is also carried out if a storage time prescribed by the mentioned norms expires, unless further data storage is required for contract conclusion or performance of a contract.
Upon each access to our internet site, our system automatically records data and information of the computer system of the calling computer.
The following data are recorded:
(1) information on browser type and used version
(2) the operating system of the user
(3) internet provider of the user
(4) IP address of the user
(5) date and time of the access
(6) websites from which the user's system accesses our internet site
(7) websites which are accessed by the user's system via through our website
The data is also stored in the log files of our system. A storage of these data together with other personal data of the user is not carried out.
Article 6(1), point (f) GPDR serves as legal basis for the temporary storage of the data and the log files.
The temporary storage of the IP address by the system is required to transmit the website to the computer of the user. The IP address of the user needs to be saved for the duration of the session. The storage in log files is carried out to ensure operability of the website. Further, the data are required for optimizing the website and ensuring the security of our information-technical system. A data analysis for marketing purposes is not carried out.
For these purposes, we also have a legitimate interest in the data processing according to Article 6(1), page 1, point (g) GPDR.
The data are deleted once they are no longer required for the purposes of their collection. In case of data collection for providing the website, this is once the respective session is closed. In case of data storage in log files, a further storage is possible. In this case, the IP addresses of the users are deleted or alienated such that an assignment of the calling client is no longer possible.
Data collection for providing the website and data storage in log files is mandatorily required for the operation of the website. Accordingly, there is no possibility of objection on the part of the user.
Our internet site offers the possibility of making contact via the indicated email address. In this case the personal data of the user transmitted with the email are stored. The data are not transmitted to third parties. The data are exclusively used for processing the conversation.
Article 6(1), page 1, point (f) GDPR serves as legal basis for the processing of data transmitted by sending an email. If the purpose of the email contact is the conclusion of a contract, then further legal basis for the processing is Article 6(1), page 1, point (b) GDPR.
The processing of the personal data originating from an email exclusively serves us for processing the contact process, which is also the required legitimate interest in the processing of data.
The data are deleted once they are no longer required for the purposes of their collection. In case of the personal data transmitted via email, this is the case once the communication with the user is closed. The conversation is closed once it can be taken from the circumstances that the issue in question has been finally clarified.
The user has anytime the possibility to revoke his or her consent for processing the personal data. In case the user contacts us via email, then he can oppose the storage of his or her personal data at any time. In such a case the conversation cannot be continued. All personal data stored during contact making are deleted in this case.
We use on our website the online map service Google Maps of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States. Through use of Google Maps, information on the use of our website, the data subject's IP address and addresses entered in the route map function are transmitted to a Google server in the USA and stored there. By using our website, you agree to the processing of your data collected by Google Maps.
The legal basis for the processing is Article 6(1), page 1, point (f) GPDR.
We have neither knowledge of the purpose of the data collection nor of the use of the data by Google.
We have no knowledge of the storage duration.
More information can be found on https://www.google.com/intl/de/policies/privacy/.
This data protection declaration was prepared with support of DataGuard.