Privacy statement
activeMind.legal Rechtsanwaltsgesellschaft mbH operates a website with general information as well as an interactive area for downloading templates and checklists. activeMind.legal places great importance on the protection of privacy and complies with the statutory data protection regulations. The following is an explanation of how we handle your personal data.
1. Who is the controller?
The controller pursuant to data protection law is:
activeMind.legal Rechtsanwaltsgesellschaft mbH
Potsdamer Straße 3
80802 Munich
Germany
Phone: +49 (0)89 / 91 92 94 – 900
E-mail: request@activemind.legal
As our data protection officer, we have appointed:
Data protection officer of activeMind.legal
Potsdamer Straße 3
80802 Munich
Phone: +49 (0)89 / 91 92 94 - 900
E-Mail: privacy@activemind.legal
2. Which processing activities are carried out?
Newsletter mailing
Purpose and legal basis
Your data will only be used to send you the newsletter you have subscribed to by E-Mail and, if you have additionally consented to it, evaluate how you interact with the newsletter and, if applicable, the contents linked therein. Your name is given in order to be able to address you personally in the newsletter and, if applicable, to identify you if you wish to exercise your rights as a data subject.
In order to verify that a registration is actually made by the respective owner of an E-Mail address, we use the "double opt-in" procedure (DOI procedure) for an online registration. This means that you will receive an E-Mail after your newsletter registration in which you must confirm your newsletter registration once again.
At the time of the DOI confirmation, the following data will also be stored:
- Location, date and time of registration
- IP address
- E-Mail address
- If applicable, title, first name, last name
The legal basis for this processing activity is in each case your consent, Art. 6 (1) (a) GDPR (EU General Data Protection Regulation).
Recipients of the data
We use service providers who act as our data processors for the dispatch and any evaluations that may take place.
All service providers are contractually obligated to treat your data confidentially.
Storage duration
Data will only be processed in this context as long as the corresponding consent is available.
Provision prescribed or required
The provision of your personal data is voluntary, based solely on your consent. There will be no disadvantages for you. Without valid consent, we can unfortunately not send you our newsletter.
Withdrawal of consent
You can withdraw your consent to the storage of your personal data and its use for the newsletter mailing by activeMind at any time. There is a corresponding link in each newsletter. In addition, the withdrawal can be made via the other contact options provided on the website.
Profiling
Provided that you have given us your consent, we evaluate your interaction with the newsletters sent and evaluate the subsequent visits to our website in order to further improve the newsletter and the website and to optimize it according to the actual interests of the visitors.
Contact
Purpose, legal basis and legitimate interest
On our website there is a contact form which can be used for electronic contact. If a user takes advantage of this option, the data entered in the input mask will be transmitted to us and stored.
At the time the message is sent, the following data is also stored:
- Date and time of the message
- URL from which the message was sent
- IP address from which the message was sent
- Web browser and operating system used
Alternatively, it is possible to contact us via the E-Mail addresses provided. In this case, the user's personal data transmitted with the E-Mail will be stored. This includes the date and time the E-Mail was sent, E-Mail address, IP addresses and information about the servers involved in the E-Mail communication.
In addition, you can contact us via the telephone number provided. In this case, we collect log data that includes your telephone number and the duration of the call. As a matter of principle, we do not record conversations.
Regardless of the type of communication you choose, we collect the content of your inquiry. Your data is stored for the purpose of individual communication with you.
The processing of the data entered in the contact form is based on a legitimate interest (Art. 6 (1) (f) GDPR).
Our legitimate interest in processing your data is the facilitation of uncomplicated contact with us.
If you contact us to request a quote, the data entered in the contact form is processed to carry out pre-contractual measures (Art. 6. (1) (b) GDPR).
Recipients of the data
Our website is maintained by service providers who act as our data processors.
If you send us an inquiry regarding an offer, service providers used by us may receive data for these purposes if they need the data to fulfill their respective service (e.g. IT services).
In addition, we are supported by an externally contracted call center for your telephone inquiries.
All service providers are contractually obligated to treat your data confidentially.
Storage duration
Data will be deleted no later than 6 months after processing the request.
If a contractual relationship is established, we are subject to the statutory retention periods and delete your data after six to ten years.
Provision prescribed or required
The provision of your personal data is voluntary. However, we can only process your request if you provide us with the required data and the reason for the request.
Objection
Please read the information about your right to object according to Art. 21 GDPR below.
Accessing our website
Purpose, legal basis and legitimate interest
When you access our website, i.e. even if you do not register or otherwise submit information, information of a general nature is automatically collected. This information (server log files) includes, for example, the type of web browser, the operating system used, the domain name of your Internet service provider, your IP address, referrer URL, date and time of access and the like.
In particular, they are processed for the following purposes:
- Ensuring a smooth connection setup of the website,
- Ensuring the smooth use of our website, and
- Ensuring and evaluating system security and stability, in particular for abuse detection as well as
- for the technically error-free presentation and optimization of our website.
We do not use your data to draw conclusions about you personally. However, we reserve the right to check the server log files retrospectively if there are concrete indications of unlawful use.
The processing is carried out in accordance with Art. 6 (1) (f) GDPR on the basis of our legitimate interest in improving the stability and functionality of our website and ensuring system security and abuse detection.
Recipients of the data
We use service providers for the operation and maintenance of our website, who act as our data processors.
All service providers are contractually obligated to treat your data confidentially.
Storage duration
Data is stored in server log files in a form that allows identification of the data subjects for a maximum period of 7 days; unless a security-related event occurs (e.g. a DDoS attack).
In the event of such an event, server log files are stored until the elimination and complete clarification of the security-related event.
Provision prescribed or required
The provision of the aforementioned personal data is neither legally nor contractually required. However, without the IP address and the cookie identifier, the service and functionality of our website is not guaranteed. In addition, individual services and services may not be available or may be limited.
Objection
Please read the information about your right to object according to Art. 21 GDPR below.
Compliance-Portal for clients
Purpose, legal basis and legitimate interest
Personal data is collected for the operation of our Compliance Portal.
For this purpose, we collect the following data:
- IP address
- Login data (E-Mail address, name, password)
- Access log
- Change log in the event of data changes (journal)
The legal basis for the processing is the fulfilment of the contract concluded with you pursuant to Art. 6 (1) (b) GDPR as well as our legitimate interest in improving the stability and functionality of the Compliance Portal pursuant to Art. 6 (1) (f) GDPR.
Recipients of the data
We use service providers for the operation and maintenance of our Compliance Portal who act as our data processors.
All service providers are contractually obligated to treat your data confidentially.
Storage duration
The data is deleted as soon as it is no longer required for the purpose for which it was collected. The personal data collected as part of the Compliance Portal will be stored for the duration of the contractual relationship and beyond for three years.
Provision prescribed or required
Within the scope of the fulfillment of our contractual obligations, the processing of the above-mentioned data is necessary.
Without the provision of your personal data we cannot offer the Compliance Portal.
Objection
Please read the information about your right to object according to Art. 21 GDPR below.
Webinars via ClickMeeting
Purpose, legal basis and legitimate interest
To conduct the live webinars, we use the webinar solution of the video conferencing tool ClickMeeting (ClickMeeting Spółka z ograniczoną odpowiedzialnością located at ul. Arkońska 6/A4, 80-387 Gdańsk, Poland).
An encrypted connection is established between you and ClickMeeting. Further information on encryption technology can be viewed here. A detailed list of the categories of data collected and processed by ClickMeeting, as well as the exact purpose of the processing in each case, can be found at https://knowledge.clickmeeting.com/privacy-security/.
The personal data provided during registration is processed exclusively for the purpose of conducting the webinar. The legal basis for this is, in the case of free webinars, Art. 6 (1) (f) GDPR, in the practicable and user-friendly implementation of the webinar, including a good user experience for the purpose of external presentation of the company. For paid webinars, the legal basis is Art. 6 (1) (b) GDPR.
Recipients of the data
Recipients are technical service providers for the implementation of the webinar within the framework of commissioned processing. In the case of the ClickMeeting solution, ClickMeeting Sp. z o.o., Arkonska 6/A4, 80-387 Gdansk, Poland.
With regard to the transfer of data to recipients outside our company, it should first be noted that we only transfer necessary personal data in compliance with applicable data protection regulations. Under these conditions, recipients of personal data may include:
- Public bodies and institutions (e.g. tax authorities, law enforcement agencies) if there is a legal or regulatory obligation;
- Credit and financial services institutions (processing of payment transactions);
- Tax consultants, business and payroll tax auditors (statutory audit mandate).
Furthermore, technical service providers for registration management as part of data processing.
All service providers are contractually obligated to treat your data confidentially.
Storage duration
In the case of free webinars, your data will only be collected by us in the context of the respective live session. The recording enabled by the system via ClickMeeting is prevented for all participants. Registration data is deleted after the purpose has been fulfilled. This usually takes place after a maximum storage period of six months in our system.
In the case of paid webinars, we process and store your personal data as long as this is necessary for the fulfilment of our contractual and legal obligations. If the data is no longer required for the fulfilment of contractual or legal obligations, it is regularly deleted.
Exceptions to the above deletion criteria arise for data,
- which are required for the fulfillment of statutory retention periods, e.g. the German Commercial Code (HGB) and the German Fiscal Code (AO). The periods specified therein for retention and/or documentation are generally six to ten years,
- for the preservation of evidence within the framework of the statutory limitation provisions. According to Sections 195 et seq. of the German Civil Code (BGB), these limitation periods can be up to 30 years, with the regular statutory limitation period being three years.
Provision prescribed or required
The provision of the aforementioned personal data is neither legally nor contractually required. However, we can only offer the webinars if we can carry out the associated processing.
Objection
Please read the information about your right to object according to Art. 21 GDPR below.
Webinars over Zoom
Purpose, legal basis and legitimate interest
To conduct the live webinars, we use the webinar solution of the Zoom video conferencing tool. The tool is precisely tailored to the needs of conducting a webinar. It allows effective delivery of content to a larger number of participants over the Internet and helps maintain the quality of the webinars. After the webinar, we may provide participants with the presentation and additional information via a download link.
A detailed list of the categories of data collected and processed by Zoom, as well as the exact purpose of the processing in each case, can be found at: https://zoom.us/privacy.
Zoom offers administrators the possibility to configure extensive settings relevant to data protection. We configure the tool in such a way that only the personal data that is absolutely necessary for the implementation of the webinar is processed and that the collected data is protected in the best possible way. In this way, we enable the most data protection-friendly and secure use possible.
An acceptable level of data protection is ensured by means of end-to-end encryption enforced by the system. This limits the transmission of data to the service provider to the data provided by the user during registration and the metadata associated with participation in the seminar. The registered user is responsible for the data he or she discloses during registration. Pseudonymous use is generally possible. Further information on encryption technology can be found here.
The webinar is not recorded.
Zoom is used on the basis of a legitimate interest (Art. 6 (1) (f) GDPR) in the practical and user-friendly implementation of the webinar, including a good user experience for the purpose of client acquisition and external presentation of the company.
Recipients of the data
Recipients are also technical service providers. In the case of the Zoom Webinar Solution, Zoom Video Communications, Inc, 55 Almaden Blvd, Suite 600, San Jose, CA 95113.
Furthermore, technical service providers for registration management as part of data processing.
All service providers are contractually obligated to treat your data confidentially.
Third country transfer
Processing also takes place outside the EU, namely in the U.S. Guarantees exist in the form of concluded standard contractual clauses. The guarantee of an approximately equal level of data protection as within the EU is carried out as best as possible via the technical restriction of the data transfer. The standard contractual clauses can be viewed under "EXHIBIT C" here: https://zoom.us/docs/doc/Zoom_GLOBAL_DPA.pdf
Storage duration
Data is only collected by us in the context of the respective live session. As a rule, no recording takes place or only in the case of prior, separate consent of the participants. The recording enabled by the system via Zoom is prevented for all participants. Registration data is deleted after the end of the session. This usually takes place after a maximum storage period of 6 months in our system.
Provision prescribed or required
The provision of the aforementioned personal data is neither legally nor contractually required. However, we can only offer the webinars if we can carry out the associated processing.
Objection
Please read the information about your right to object according to Art. 21 GDPR below.
Reach measurement
Purpose, legal basis and legitimate interest
We evaluate user behavior with the help of analysis tools.
A more detailed description of the tools can be found in the chapter Analysis tools of this privacy statement.
The processing is carried out in accordance with Art. 6 (1) (f) GDPR on the basis of our legitimate interest. The measurement of the reach and the resulting information are suitable for adjusting the web offer.
Recipients of the data
We use technical service providers for the operation and maintenance of our website, who act as our data processors.
All service providers are contractually obligated to treat your data confidentially.
Storage duration
The data is anonymized immediately after collection.
Provision prescribed or required
The provision of the data is neither legally nor contractually required.
Objection
Please read the information about your right to object according to Art. 21 GDPR below.
Use of Cookies
General Information
A cookie is a small data set that is created when a website is visited and is temporarily stored on the website user's system. If the server of this website is called up again by the user of the website, the browser of the user of the website sends the previously received cookie back to the server. The server can evaluate the information obtained through this procedure. Cookies can, in particular, make it easier to navigate a website.
Detailed information on the subject of cookies, and which cookies are used on this website (after consent), can be found in our Cookie Consent Tool, which you can access at any time by clicking on the icon at the bottom left of your web browser.
Deletion of Cookies
You can reject any cookie category, except for the technically necessary cookies. To do this, click on the icon at the bottom left of your web browser and change the desired settings in the cookie consent banner that opens.
You can also delete individual cookies or the entire cookie inventory via your browser settings. In addition, you will receive information and instructions on how to delete these cookies or block their storage in advance. Depending on the provider of your browser, you can find the necessary information under the following links:
- Mozilla Firefox: https://support.mozilla.org/kb/clear-cookies-and-site-data-firefox
- Internet Explorer: https://support.microsoft.com/help/17442/windows-internet-explorer-delete-manage-cookies
- Google Chrome: https://support.google.com/accounts/answer/61416
- Opera: http://www.opera.com/help
- Safari: https://support.apple.com/en-gb/guide/safari/sfri11471/mac
Additionally, you can prevent loading of so-called scripts by default. NoScript allows JavaScript, Java and other plugins to run only on trusted domains of your choice. For information and instructions on how to edit this feature, contact your browser vendor (e.g. for Mozilla Firefox: https://addons.mozilla.org/en-GB/firefox/addon/noscript/).
Use of technically necessary cookies
Purpose, legal basis and legitimate interest
We use cookies to make our website more user-friendly. Some elements of our website require that the calling browser can be identified even after a page change.
The following data is stored and transmitted in the cookies:
- Language settings
- Consent management
Technically necessary cookies help to make a website usable by enabling basic functions such as page navigation and access to secure areas of the website. Some functions of our website cannot be offered without the use of cookies. For these, it is necessary that the browser is recognized even after a page change.
The processing is carried out in accordance with Art. 6 (1) (f) GDPR on the basis of our legitimate interest in a user-friendly design of our website and in the documentation of consent.
Recipients of the data
We use technical service providers for the operation and maintenance of our website, who act as our data processors.
All service providers are contractually obligated to treat your data confidentially.
Storage duration
Details on the storage duration of cookies can be found in our Cookie Consent Tool, which you can access by clicking on the icon at the bottom left of the screen.
Provision prescribed or required
The provision of the aforementioned personal data is neither legally nor contractually required. However, without this data, the service and functionality of our website cannot be guaranteed. In addition, individual services and services may not be available or may be limited.
Objection
Please read the information about your right to object according to Art. 21 GDPR below.
Use of technically unnecessary cookies
Purpose and legal basis
We also use such cookies on the website that enable an analysis of the user's surfing behavior. These cookies are used to make the use of the website more efficient and attractive.
We use web analytic technologies from the following providers:
- etracker
The legal basis for these processing operations is in each case your consent, Art. 6 (1) (a) GDPR.
Recipients of the data
We use technical service providers for the operation and maintenance of our website, who act as our data processors.
All service providers are contractually obligated to treat your data confidentially.
Further recipients and details about the technical functioning of the tools used and information on how you can prevent the transfer of data (tracking) can be found in our Cookie Consent Tool, which you can access by clicking on the icon at the bottom left of the screen.
Storage duration
For details on the storage duration of cookies and the technologies used as part of these tracking tools, please refer to our Cookie Consent Tool, which you can access by clicking on the icon at the bottom left of the screen.
Provision prescribed or required
The provision of your data is voluntary, based solely on your consent. However, we would like to point out that in this case you may not be able to use all functions of this website to their full extent.
Withdrawal of consent
You can withdraw your consent at any time. To do so, click on the icon at the bottom left of the screen and make the desired settings in the cookie consent banner that opens.
Profiling
With the help of web analytics tools, the behavior of visitors to the website can be evaluated and interests can be analyzed. For this purpose, we create a pseudonymous user profile.
Objection
Please read the information about your right to object according to Art. 21 GDPR below.
Analysis tools in use
etracker (without Cookies)
We use the services of the German company etracker GmbH, Erste Brunnenstraße 1, 20459 Hamburg, Germany.
By default, etracker does not use cookies for tracking on a website, as this has been implemented in the so-called cookieless mode by privacy-by-design.
In cookieless mode, there is neither "storage of information" nor "access to information already stored in the end device of a participant or user". Only website data from web servers is used, as well as certain information that the web browser transmits to the web server to retrieve websites. This information makes it possible to link individual page views to related sessions. By linking them with a time stamp, it is excluded that page views beyond a 24-hour time window can be linked to customer journeys or user profiles.
This is therefore not device fingerprinting according to "Opinion 9/2014 on the application of Directive 2002/58/EC to the use of virtual fingerprints", but an aggregated statistical evaluation of website use.
When using etracker in cookieless mode, the legal basis is the legitimate interest according to Art. 6 (1) (f) GDPR. Our legitimate interest is based on the optimisation of our online offer and our website. We receive analysis reports on how you use our website in order to better adapt our offer to your wishes.
The data generated by etracker is processed and stored on our behalf by etracker exclusively in Germany. It is not used in any other way, merged with other data or passed on to third parties.
Our website is maintained by service providers who act as our order processors. All service providers are contractually obliged to treat your data confidentially.
The provision of the aforementioned personal data is neither legally nor contractually required. However, without this information we cannot improve and optimise our services and performance.
You can object to the range measurement by etracker at any time by deactivating the following slider. This sets a so-called opt-out cookie, which is valid for two years. As a result, etracker will not register your further visits. Please note, however, that the opt-out cookie will be deleted if you delete all cookies.
If no switch is displayed at this point, the reach measurement is already blocked by other measures.
etracker (with Cookies)
We use the services of the German company etracker GmbH, Erste Brunnenstraße 1, 20459 Hamburg, Germany.
We use etracker to increase the quality of our website and our offer. Cookies are used to enable a statistical coverage analysis of this website, a measurement of the success of our online marketing measures, e.g. to test and optimise different versions of our online offer or its components.
When using etracker with analysis and optimisation cookies, the legal basis for this processing is in each case your consent, Art. 6 (1) (a) GDPR.
The data generated with etracker is processed and stored by etracker on our behalf exclusively in Germany. It is not used in any other way, merged with other data or passed on to third parties. Furthermore, the data is anonymised directly after collection.
Our website is maintained by service providers who act as our order processors.
All service providers are contractually obliged to treat your data confidentially.
The provision of your personal data is voluntary, based solely on your consent. You will not suffer any disadvantages.
You can revoke your consent at any time. To do so, click on the icon at the bottom left of the screen and make the desired settings in the cookie consent banner that opens.
WiredMinds
Our website uses the pixel-counting technology of WiredMinds GmbH (www.wiredminds.de) to analyze visitor behavior. In this process, the IP address of a visitor is processed. The processing takes place exclusively for the purpose of collecting company-relevant information such as the company name. IP addresses of natural persons are excluded from further use (whitelist procedure). The IP address is not stored in LeadLab under any circumstances.
When processing the data, it is our particular interest to protect the data protection rights of natural persons. Our interest is based on Art. 6 (1) (f) GDPR. The data we collect does not allow any conclusion to be drawn about an identifiable person at any time.
WiredMinds GmbH uses this information to create anonymous usage profiles related to visitor behavior on our website. The data obtained in this way is not used to personally identify visitors to our website.
What data protection rights do you have?
Every data subject has the right to access under Article 15 of the GDPR, the right to rectification under Article 16 of the GDPR, the right to erasure under Article 17 of the GDPR, the right to restriction of processing under Article 18 of the GDPR, the right to object under Article 21 of the GDPR and the right to data portability under Article 20 of the GDPR.
With regard to the right to information and the right to erasure, the restrictions pursuant to Sections 34 and 35 BDSG apply.
You may withdraw your consent to the processing of personal data at any time. This also applies to the withdrawal of declarations of consent given to us before the applicability of the General Data Protection Regulation, i.e. before May 25, 2018. Please note that the withdrawal is only effective for the future. Processing that took place before the withdrawal is not affected.
In addition, you have the right to lodge a complaint with a competent data protection supervisory authority (Art. 77 GDPR in conjunction with Section 19 BDSG). A list of supervisory authorities (for the non-public sector) with address can be found at: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.
Data security
We only handle personal data to the extent that this is in accordance with data protection regulations. In doing so, we also strive to take all necessary technical and organizational security measures to adequately protect your personal data from unauthorized access and misuse at all times.
Insofar as we store or process personal data, this is done within a high-security data center. To protect the security of your data during transmission, we use encryption methods (e.g. SSL) via HTTPS. Our servers are secured by means of firewall and virus protection. Back-up and recovery procedures as well as role and authorization concepts are a matter of course for us.
Our employees are obliged to observe the regulations of the GDPR and the BDSG when handling data.
Changes to our privacy statement
We reserve the right to adapt this pirvacy statement to ensure that it always complies with the current legal requirements or to implement changes to our services in the pirvacy statement, e.g. when introducing new services. The new privacy statement will then apply to your next visit.
Currently, the version dated 28 April 2023 applies.
Information regarding your right to object in terms of Art. 21 GDPR
Right to object on a case-by-case basis
You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Art. 6(1)(f) GDPR (data processing on the basis of a balance of interests); this also applies to profiling based on this provision within the meaning of Art. 4 No. 4 GDPR.
If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate interests for the processing that override your interests, rights and freedoms, or the processing serves the assertion, exercise or defense of legal claims.
Recipients of an objection
The objection can be made informally with the subject "Objection", stating your name, address or other identifying information to:
activeMind.legal Rechtsanwaltsgesellschaft mbH
Potsdamer Strasse 3
80802 Munich
Germany
E-mail: privacy@activemind.legal
