Data Protection Declaration

As of: May 2018

I. Name and address of controller

Controller in the sense of the General Data Protection Regulation and further national data protection acts of the Member States as well as further data protection regulations is:

Fleischer, Engels & Partner mbB, Patentanwälte

Braunsberger Feld 29

51429 Bergisch Gladbach

Germany

+49 2204 98560

mail@fe-pat.de

www.fe-pat.de

II. Name and address of the data protection officer

The data protection officer of the controller is:

DataCo GmbH

Dr. Patrick Schweisthal

Siegfriedstraße 8
80803 Munich
Germany

+49 89 740045840

datenschutz@dataguard.de

www.dataguard.de

III. Rights of the data subject

The following list comprises all rights of the data subjects according to the GDPR. Rights which are not relevant for the own website do not have to be mentioned. In this respect, the list can be shortened.

If personal data relating to you is processed, you are data subject in the sense of the GDPR and have the following rights versus the controller:

1. Right to information

You can demand the controller to provide a confirmation whether personal data relating to you are processed by us.

If there is such processing, you may request the controller to provide information on the following:

(1) the purposes for which the personal data are processed;

(2) the categories of personal data which are processed;

(3) the recipients or categories of recipients of the personal data to which the respective personal data have been disclosed or will be disclosed;

(4) the period for which the personal data concerning you will be stored, or if concrete information hereon is not possible, the criteria used to determine that period;

(5) the existence of a right to request rectification or erasure of personal data concerning you, of a right to a restriction of the processing through the controller or of a right to object to this processing;

(6) the existence of a right to lodge a complaint with a supervisory authority;

(7) all available information on the origin of the data, in case the personal data are not collected from the data subject;

(8) the existence of an automated decision-making, including profiling, according to Article 22(1) and (4) GDPR and, at least in these cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.

You have the right to ask for information whether the personal data concerning you are transferred to a third country or to an international organization. In this context, you can demand to be informed on suitable safeguards according to Article 46 GDPR in connection with the transfer.

2. Right to rectification

You have a right to obtain rectification and/or completion versus the controller, in case the processed personal data concerning you are incorrect or incomplete. The controller shall make the rectification without delay.

3. Right to restriction of processing

You have the right to obtain restriction of the processing of the personal data concerning you where one of the following applies:

(1) the accuracy of the personal data is contested by you, for a period enabling the controller to verify the accuracy of the personal data;

(2) the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;

(3) the controller no longer needs the personal data for the purposes of the processing, but you require them for the establishment, exercise or defense of legal claims;

(4) you have objected to processing pursuant to Article 21(1) GDPR and it is not yet verified whether the legitimate grounds of the controller override those of you.

Where processing of the personal data related to you has been restricted, such data shall - with exception of their storage – only be processed with your consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a member state.

If the processing has been restricted pursuant to the above conditions, you shall be informed by the controller before the restriction of processing is lifted.

4. Right to erasure

a) Obligation to erasure of personal data

You have the right to obtain from the controller the erasure of personal data concerning you without undue delay and the controller is obliged to erase personal data without undue delay where one of the following grounds applies:

(1) The personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed.

(2) You withdraw your consent on which the processing is based according to point (a) of Article 6(1), or point (a) of Article 9(2) GDPR, and there is no other legal ground for the processing.

(3) You object to the processing pursuant to Article 21(1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Article 21(2) GDPR.

(4) The personal data concerning you have been unlawfully processed.

(5) The personal data concerning you have to be erased for compliance with a legal obligation according to Union or Member State law to which the controller is subject.

(6) The personal data concerning you have been collected in relation to the offer of information society services referred to in Article 8(1) GDPR.

b) Information to third parties

Where the controller has made the personal data public and is obliged pursuant to Article 17(1) GDPR to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that you as the data subject have requested the erasure of any links to, or copy or replication of, those personal data.

c) Exceptions

The right to erasure shall not apply to the extent that processing is necessary:

(1) for exercising the right of freedom of expression and information;

(2) for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;

(3) for reasons of public interest in the area of public health in accordance with points (h) and (i) of Article 9(2) as well as Article 9(3) GDPR;

(4) for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) GDPR in so far as the right referred to under section a) is likely to render impossible or seriously impair the achievement of the objectives of that processing; or

(5) for the establishment, exercise or defense of legal claims.

5. Right to notification

In case you have enforced the right to rectification, erasure or restriction of the processing, the controller is obliged to communicate any rectification or erasure of the personal data or restriction of the processing to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort. The controller shall inform you about those recipients if you request it.

6. Right to data portability

You have the right to receive the personal data concerning you, which you have provided to the controller, in a structured, commonly used and machine-readable format. Moreover, you have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where:

(1) the processing is based on a consent pursuant to point (a) of Article 6(1) GDPR or point (a) of Article 9(2) GDPR or on a contract pursuant to point (b) of Article 6(1) GDPR; and

(2) the processing is carried out by automated means.

In exercising this right, you have further the right to have the personal data transmitted directly from one controller to another, where technically feasible. Rights and freedoms of others shall not be adversely affected hereby.

The right to data portability shall not apply to a processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

7. Right to object

You have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you which is based on point (e) or (f) of Article 6(1) GDPR, including profiling based on those provisions.

The controller shall no longer process the personal data concerning you unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms or the processing is for the establishment, exercise or defense of legal claims.

Where personal data concerning you are processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing. This also applies to profiling to the extent that it is related to such direct marketing.

Where you object to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes.

In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you may exercise your right to object by automated means using technical specifications.

8. Right to revocation of the data protection declaration of consent

You have the right to revoke your data protection declaration of consent at any time. By revoking the consent, the legitimacy of the processing carried out on basis of this consent until revocation is not affected.

9. Automated individual decision-making, including profiling

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.

This shall not apply if the decision

(1) is necessary for entering into, or performance of, a contract between you and the data controller,

(2) is authorized by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests; or

(3) is based on your explicit consent.

However, these decisions shall not be based on special categories of personal data referred to in Article 9(1) GDPR, unless point (a) or (g) of Article 9(2) GDPR applies and suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests are in place.

With respect to the case under (1) and (3), the data controller shall implement suitable measures to safeguard your rights and freedoms and legitimate interests, which includes at least the right to obtain human intervention on the part of the controller, to express the own point of view and to contest the decision

10. Right to appeal to a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to appeal to a supervisory authority, in particular in the member state of your place of residence, place of work or the place of the alleged violation, if you are of the opinion that the processing of the personal data relating to you contravenes the GDPR. The supervisory authority where appeal was filed informs the appellant on the status and the results of the appeal including the possibility of judicial remedy according to Article 78 GDPR.

IV. General provisions with respect to data processing

1. Extent of processing of personal data

As a basic principle, we only process personal data of our users as far as required for providing an operational website as well as our contents and services. The processing of personal data of our users is regularly carried out upon receipt of the user's consent. An exception applies in the cases where preliminary obtaining a consent is not possible for actual reasons and processing of the data is permitted by law.

2. Lawfulness of personal data processing

As far as we obtain consents of the data subjects for processing the personal data, Article 6(1), point (a) EU General Data Protection Regulation (GDPR) serves as legal basis.

Legal basis for processing necessary for the performance of a contract to which the data subject is party is Article 6(1), point (b) GDPR. This also applies to processing processes required for carrying out precontractual measures.

As far as processing of personal data is necessary for compliance with a legal obligation to which the controller is subject, Article 6(1), point (c) GDPR serves as legal basis.

If processing of personal data is necessary in order to protect the vital interests of the data subject or of another natural person, Article 6(1), point (d) GDPR serves as legal basis.

If processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject, then legal basis for processing is Article 6(1), point (f) GDPR.

3. Data erasure and storage time

The personal data of the data subject are deleted or locked as soon as the purpose of storage ceases to exist. Furthermore, storage can take place if this is required by European or national jurisdiction under Union regulations, laws or other provisions the controller is subject to. Locking or erasure of data is also carried out if a storage time prescribed by the mentioned norms expires, unless further data storage is required for contract conclusion or performance of a contract.

V. Provision of the website and creation of log files

1. Description and extent of data processing

Upon each access to our internet site, our system automatically records data and information of the computer system of the calling computer.

The following data are recorded:

(1) information on browser type and used version

(2) the operating system of the user

(3) internet provider of the user

(4) IP address of the user

(5) date and time of the access

(6) websites from which the user's system accesses our internet site

(7) websites which are accessed by the user's system via through our website

The data is also stored in the log files of our system. A storage of these data together with other personal data of the user is not carried out.

2. Legal basis for data processing

Article 6(1), point (f) GPDR serves as legal basis for the temporary storage of the data and the log files.

3. Purpose of data processing

The temporary storage of the IP address by the system is required to transmit the website to the computer of the user. The IP address of the user needs to be saved for the duration of the session. The storage in log files is carried out to ensure operability of the website. Further, the data are required for optimizing the website and ensuring the security of our information-technical system. A data analysis for marketing purposes is not carried out.

For these purposes, we also have a legitimate interest in the data processing according to Article 6(1), page 1, point (g) GPDR.

4. Duration of storage

The data are deleted once they are no longer required for the purposes of their collection. In case of data collection for providing the website, this is once the respective session is closed. In case of data storage in log files, a further storage is possible. In this case, the IP addresses of the users are deleted or alienated such that an assignment of the calling client is no longer possible.

5. Opposition and remedy possibility

Data collection for providing the website and data storage in log files is mandatorily required for the operation of the website. Accordingly, there is no possibility of objection on the part of the user.

VI. Email contact

1. Description and extent of data processing

Our internet site offers the possibility of making contact via the indicated email address. In this case the personal data of the user transmitted with the email are stored. The data are not transmitted to third parties. The data are exclusively used for processing the conversation.

2. Legal basis of the data processing

Article 6(1), page 1, point (f) GDPR serves as legal basis for the processing of data transmitted by sending an email. If the purpose of the email contact is the conclusion of a contract, then further legal basis for the processing is Article 6(1), page 1, point (b) GDPR.

3. Purpose of the data processing

The processing of the personal data originating from an email exclusively serves us for processing the contact process, which is also the required legitimate interest in the processing of data.

4. Duration of storage

The data are deleted once they are no longer required for the purposes of their collection. In case of the personal data transmitted via email, this is the case once the communication with the user is closed. The conversation is closed once it can be taken from the circumstances that the issue in question has been finally clarified.

5. Opposition and remedy possibility

The user has anytime the possibility to revoke his or her consent for processing the personal data. In case the user contacts us via email, then he can oppose the storage of his or her personal data at any time. In such a case the conversation cannot be continued. All personal data stored during contact making are deleted in this case.

VII. Use of Google Maps Plugin

1. Extent of the processing of personal data

We use on our website the online map service Google Maps of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States. Through use of Google Maps, information on the use of our website, the data subject's IP address and addresses entered in the route map function are transmitted to a Google server in the USA and stored there. By using our website, you agree to the processing of your data collected by Google Maps.

2. Legal basis for the processing of personal data

The legal basis for the processing is Article 6(1), page 1, point (f) GPDR.

3. Purpose of the data processing

We have neither knowledge of the purpose of the data collection nor of the use of the data by Google.

4. Duration of storage

We have no knowledge of the storage duration.

5. Opposition and remedy possibility

More information can be found on https://www.google.com/intl/de/policies/privacy/.

This data protection declaration was prepared with support of DataGuard.

 
top