Privacy Statement

The responsible party pursuant to data protection law is:

activeMind.legal Rechtsanwaltsgesellschaft mbH
Potsdamer Straße 3
80802 Munich
Germany

Phone: +49 (0)89 / 91 92 94 – 900

As our data protection officers, we have appointed:

Data protection officer of the activeMind.legal
Phone: +49 (0)89 / 91 92 94 – 900
E-mail: privacy@activemind.legal

Purpose and legal basis

Your data will be used only to send you the subscribed newsletter by e-mail and, if you have given your consent, to evaluate how you use the newsletter and any linked content. Your name will be entered in order to address you personally in the newsletter and, if necessary, to identify you if you wish to exercise your rights as a data subject.

The legal basis for these processing operations is your consent, Art. 6(a) GDPR (EU General Data Protection Regulation).

Recipient of the data

We use a service provider, who acts as our data processor, for the mailing and any evaluations.

Storage duration

Data is processed in this context only as long as the corresponding consent exists. Then it is deleted.

Provision required or needed

The provision of your personal data is voluntary, solely on the basis of your consent. Unfortunately, we cannot send you our newsletter without your consent.

Withdrawal of consent

You can withdraw your consent to the storage of your personal data and its use for the newsletter mailing by activeMind at any time. In every newsletter, there is a corresponding link. The withdrawal can also be made by unsubscribing from the newsletter on the website and through the other contact options indicated on the website.

Profiling

If you have given us your consent, we evaluate your use of the newsletters sent and evaluate subsequent visits to the activeMind.legal website to further improve the newsletter and website and to optimize the actual interests of the visitors accordingly.

Purpose and legal basis

The data entered by you will be stored for the purpose of individual communication with you.

The data entered in the contact form will be processed on the basis of a legitimate interest (Art. 6(1)(f) GDPR).

By providing the contact form, we would like to make it easy for you to contact us. The information you provide will be stored for the purpose of processing your inquiry and for possible follow-up questions.

If you contact us to request an offer, the data entered in the contact form will be processed for the purpose of implementing pre-contractual measures (Art. 6(1)(b) GDPR).

Data recipients

Our website is maintained by a service provider, who acts as our processor.

If you send us an inquiry regarding an offer, service providers used by us may receive data for these purposes if they require the data to perform their respective services (e.g., IT services).

All service providers are contractually obliged to treat your data confidentially.

Retention period

Data will be deleted no later than 6 months after processing the inquiry.

If it comes to a contractual relationship, we are subject to the legal retention periods and delete your data after six or ten years.

Mandatory or required provision

The provision of your personal data is voluntary. However, we can only process your request if you provide us with your name, e-mail address and the reason for the inquiry.

Objection

Please read the information on your right to object according to Art. 21 GDPR below.

Purpose, legal basis and legitimate interest

There is a voluntary comment function for articles in our magazine, so you can express your opinion on an article. The comment is released after a positive review and appears publicly on the page on which the comment was sent. There is no right to release a comment.

Your personal data, which you provide in the course of the comment function, is based on a legitimate interest (Art. 6(1)(f) GDPR).

If you leave your comment on our website, your username will be collected and publicly displayed. In addition, your e-mail address will be collected. This is to inform you about the status of your comment. The e-mail address will not be displayed publicly and will not be passed on to third parties and will not be evaluated manually. In addition to this information, the time of creation and your IP address will also be stored. This serves the security of the website operator in order to be able to take action against the author in the event of rights violations, such as insults or propaganda.

Data recipient

Our website is maintained by a service provider, who acts as our processor.

Retention period

Your comment will be stored and published indefinitely. We reserve the right to delete the data without giving reasons and without prior or subsequent notice.

You can also have your comment deleted by us at any time. To do so, please use the contact details below and submit the link to your comment and, for identification purposes, the email address used to create the comment.

Provision required or needed

The provision of your personal data is voluntary. However, we can publish your comment only if you provide us with the information marked as mandatory.

Objection

Please read the information on your right to object according to Art. 21 GDPR below.

Purpose, legal basis and legitimate interest

When you access our website, i.e., even if you do not register or submit information, information of a general nature will be collected automatically. This information (server log files) contains the type of web browser, the operating system used, the domain name of your Internet service provider, your IP address and the like.

It is processed in particular for the following purposes:

• ensuring an unproblematic website connection
• ensuring seamless use of our website
• analysis of system security and stability as well as
• for additional administrative purposes

We also reserve the right to review the server log files retrospectively, should concrete evidence point to illegal use.

The processing occurs according to Art. 6(1)(f) GDPR, based on our legitimate interest in improving the stability and functionality of our website.

Data recipients

We use technical service providers for the operation and maintenance of our website, who are commissioned as our processors.

Retention period

The data will be deleted as soon as it is no longer required for the reason it was collected. This is generally the case for the data used to make the website available when the respective session has ended.

Mandatory or required provision

The provision of the aforementioned personal data is neither legally nor contractually required. However, without the IP address and cookie ID, the service and functionality of our website are not guaranteed. Further, individual services may be unavailable or limited.

Purpose, legal basis and legitimate interest

Personal data is collected for the operation of our compliance portal. We collect the following data for this purpose:

• IP address
• Login data (e-mail address, name, password)
• Access log
• Change log for data changes (journal)

The legal basis of the processing is the fulfilment of the contract concluded with you pursuant to Art. 6 (1)(b) GDPR as well as our legitimate interest in improving the stability and functionality of the website pursuant to Art. 6 (1)(f) GDPR.

Data recipients

We use technical service providers for the operation and maintenance of our Compliance Portal who act as our processors.

Retention period

The data is deleted as soon as it is no longer required for the purpose for which it was collected. The personal data collected as part of the compliance portal will be stored for the duration of the contractual relationship and beyond for three years.

Mandatory or required provision

The provision of the aforementioned personal data is neither legally nor contractually required. Without this, the service and functionality of our website is not guaranteed. In addition, individual services may not be available or may only be usable to a limited extent.

Purpose, legal basis and legitimate interest

We use the video conference tool Zoom for our live webinars. This tool is exactly suited for a webinar as content can be shared effectively with many participants over the internet and webinar quality can be maintained. After the webinar, we provide the participants a presentation link as well as further information, if applicable.

You can find a complete listing of the categories of data that Zoom collects and processes, as well as the specific purpose for processing, at https://zoom.us/privacy.

Zoom offers administrators the option to apply data protection relevant settings. We configure Zoom such that only personal data that are absolutely necessary for the webinar are processed and data collected are protected at the highest possible level to ensure a very data protection friendly and secure application.

System enforced end-to-end encryption is used to ensure acceptable data protection. The transfer of data to the service provider is limited to registration and seminar-related metadata provided by the user. The registered user is responsible for the data he or she discloses. Anonymity is possible. Further encryption techniques can be found here. The webinar will not be recorded.

Using Zoom is made on the basis of legitimate interest (GDPR Art. 6, paragraph 1 point f) to carry out a practical and user-friendly webinar for the purpose of company customer acquisition and public image.

Data recipients

Recipients are also technical service providers; in the case of Zoom: Zoom Video Communications, Inc. 55 Almaden Blvd., Suite 600, San Jose, CA 95113. Other technical service providers include those for registration administration within a processing agreement.

Third country transfer

Processing takes place outside the EU, namely in the US. There are guarantees in the form of standard contractual clauses. Ensuring data protection levels similar to the EU is done through technical limitations of data transfer. The standard contractual clauses can be found here under “Exhibit C”: https://zoom.us/docs/doc/Zoom_GLOBAL_DPA.pdf.

Retention period

We only collect data during the respective live session. A recording will generally not take place; if the session is to be recorded, this will only be done with prior and separate consent of the participant. Participants will not be able to record, even though Zoom makes it technically possible. Registration data will be deleted when they are no longer necessary. Data are generally stored for a maximum of six months in our system.

Mandatory or required provision

Providing your personal data is voluntary. We can only offer the webinar, however, with the associated data processing.

Objection

Please read the information on your right to object according to Art. 21 GDPR below.

Like many other websites, we use so-called “cookies”. Cookies are small text files that are stored on your device (laptop, tablet, smartphone, etc.) when you visit our website.

Purpose, legal basis and legitimate interest

We use cookies to make our website more user-friendly. Some elements of our website require that the respective browser be identified, even after a page change.

The following data will be saved and transmitted in the cookies:

• Language settings

The purpose of using technically required cookies is to simplify the use of websites for users. Some features of our website cannot be provided without the use of cookies. For these features, identifying the browser again is necessary, even after a page change.

We require cookies for the following applications:

• Applying language settings

The processing occurs according to Art. 6(1)(f) GDPR, based on our legitimate interest in the user-friendly design of our website.

Data recipients

Recipients of the data may be technical service providers, who work on the operation and maintenance of our website as the processor. For this, we have the corresponding data processing agreements with the service providers.

Retention period

For the details on the retention period of the cookies and the technologies used within the scope of these tracking tools, see the cookie and opt-out notices.

Mandatory or required provision

The provision of the aforementioned personal data is neither legally nor contractually required. However, without this data the service and functionality of our website are not guaranteed. Further, individual services may be unavailable or limited.

Purpose and legal basis

Parts of our websites use “cookies”. These are small text files, hidden behind this standard technology, which are stored on the device you are using and–among other things–make visiting a website more comfortable or more secure. Cookies can also be used to better tailor the offering on a website to the interests of the visitors or generally to improve the offer on the basis of statistical evaluations.

We use the web-analysis technologies of the following providers:

• Google Analytics
• Matomo

The respective legal basis for this processing is your consent (Art. 6 (1)(a) GDPR).

Data recipients

Recipients of the data may be technical service providers, who work on the operation and maintenance of our website as processors. For this, we have corresponding data processing agreements with the service providers.

In the cookie and opt-out notices, you will find additional recipients and the details on the technical functionality of the tools and information used as well as how you can prevent the data transfer (tracking).

Retention period

For the details on the retention period of the cookies and the technologies used within the scope of these tracking tools, see the cookie and opt-out notices.

Third-country transfers

Information on third-country transfers can also be found in the cookie and opt-out notices.

Mandatory or required provision

Of course, you can view our website without cookies. Internet browser are regularly configured to accept cookies. In general, you can disable the use of cookies via your browser settings at any time (see “Withdrawal of consent”).

Please keep in mind that individual features of our website may not work if you have disabled the use of cookies.

Withdrawal of consent

You will find details on the available opt-out options with these tracking tools in the cookie and opt-out notices.

Profiling

With the assistance of the tracking tools, the browsing behavior of the website visitors can be evaluated and their respective interests analyzed. For this analysis, we create a pseudonymous user profile.

Every data subject has the right of access (according to Art. 15 GDPR), right to rectification (Art. 16 GDPR), right to erasure (Art. 17 GDPR), right to restriction of processing (Art. 18 GDPR), right to object (Art. 21 GDPR) as well as the right to data portability (Art. 20 GDPR).

Regarding the right of access and the right of erasure, the restrictions according to sections 34 and 35 of the Bundesdatenschutzgesetz (BDSG, German Data Protection Act) apply.

You may withdraw from us your consent to process personal data at any time. This also applies to the withdrawal of declarations of consent that were given to us before the effective date of the General Data Protection Regulation, i.e., prior to 25 May 2018. Please note that the withdrawal is valid only for the future. Processing that occurred before the withdrawal is not affected.

Further, there is a right to lodge a complaint with a data protection supervisory authority (Art. 77 GDPR, in connection with 19 BDSG). You will find a list of supervisory authorities (for the non-public sector) with their addresses at https://www.bfdi.bund.de/DE/Service/Anschriften/Laender/Laender-node.html.

We handle personal data only as permitted by data protection regulations. We also endeavor to provide all necessary, technical and organizational security measures to adequately protect your personal data at all times against unauthorized access and misuse.

If we store or process personal data, it occurs in a high-security data center. In order to protect the security of your data during transfer, we use encryption techniques (e.g., SSL) over HTTPS. Our servers are secured by firewall and virus protection. Back-up and recovery procedures as well as roles and authorization policies are a given for us.

When handling data, our employees are obliged to comply with the regulations of the GDPR and the BDSG.