Privacy statement
activeMind.legal Rechtsanwaltsgesellschaft mbH operates a website with general information as well as an interactive area for downloading templates and checklists. activeMind.legal places great importance on the protection of privacy and complies with the statutory data protection regulations. The following is an explanation of how we handle your personal data.
1. Who is the controller?
The controller pursuant to data protection law is:
activeMind.legal Rechtsanwaltsgesellschaft mbH
Potsdamer Straße 3
80802 Munich
Germany
Phone: +49 (0)89 / 91 92 94 – 900
E-mail: request@activemind.legal
As our data protection officer, we have appointed:
Data protection officer of activeMind.legal
Potsdamer Straße 3
80802 Munich
Phone: +49 (0)89 / 91 92 94 - 900
E-Mail: privacy@activemind.legal
2. Which processing activities are carried out?
Newsletter mailing
Purpose and legal basis
Your data will only be used to send you the newsletter you have subscribed to by E-Mail and, if you have additionally consented to it, evaluate how you interact with the newsletter and, if applicable, the contents linked therein. Your name is given in order to be able to address you personally in the newsletter and, if applicable, to identify you if you wish to exercise your rights as a data subject.
In order to verify that a registration is actually made by the respective owner of an E-Mail address, we use the "double opt-in" procedure (DOI procedure) for an online registration. This means that you will receive an E-Mail after your newsletter registration in which you must confirm your newsletter registration once again.
At the time of the DOI confirmation, the following data will also be stored:
- Location, date and time of registration
- IP address
- E-Mail address
- If applicable, title, first name, last name
The legal basis for this processing activity is in each case your consent, Art. 6 (1) (a) GDPR (EU General Data Protection Regulation).
Recipients of the data
We use service providers who act as our data processors for the dispatch and any evaluations that may take place.
All service providers are contractually obligated to treat your data confidentially.
Storage duration
Data will only be processed in this context as long as the corresponding consent is available.
Provision prescribed or required
The provision of your personal data is voluntary, based solely on your consent. There will be no disadvantages for you. Without valid consent, we can unfortunately not send you our newsletter.
Withdrawal of consent
You can withdraw your consent to the storage of your personal data and its use for the newsletter mailing by activeMind at any time. There is a corresponding link in each newsletter. In addition, the withdrawal can be made via the other contact options provided on the website.
Profiling
Provided that you have given us your consent, we evaluate your interaction with the newsletters sent and evaluate the subsequent visits to our website in order to further improve the newsletter and the website and to optimize it according to the actual interests of the visitors.
Contact
Purpose, legal basis and legitimate interest
On our website there is a contact form which can be used for electronic contact. If a user takes advantage of this option, the data entered in the input mask will be transmitted to us and stored.
At the time the message is sent, the following data is also stored:
- Date and time of the message
- URL from which the message was sent
- IP address from which the message was sent
- Web browser and operating system used
Alternatively, it is possible to contact us via the E-Mail addresses provided. In this case, the user's personal data transmitted with the E-Mail will be stored. This includes the date and time the E-Mail was sent, E-Mail address, IP addresses and information about the servers involved in the E-Mail communication.
In addition, you can contact us via the telephone number provided. In this case, we collect log data that includes your telephone number and the duration of the call. As a matter of principle, we do not record conversations.
Regardless of the type of communication you choose, we collect the content of your inquiry. Your data is stored for the purpose of individual communication with you.
The processing of the data entered in the contact form is based on a legitimate interest (Art. 6 (1) (f) GDPR).
Our legitimate interest in processing your data is the facilitation of uncomplicated contact with us.
If you contact us to request a quote, the data entered in the contact form is processed to carry out pre-contractual measures (Art. 6. (1) (b) GDPR).
Recipients of the data
Our website is maintained by service providers who act as our data processors.
If you send us an inquiry regarding an offer, service providers used by us may receive data for these purposes if they need the data to fulfill their respective service (e.g. IT services).
In addition, we are supported by an externally contracted call center for your telephone inquiries.
All service providers are contractually obligated to treat your data confidentially.
Storage duration
Data will be deleted no later than 6 months after processing the request.
If a contractual relationship is established, we are subject to the statutory retention periods and delete your data after six to ten years.
Provision prescribed or required
The provision of your personal data is voluntary. However, we can only process your request if you provide us with the required data and the reason for the request.
Objection
Please read the information about your right to object according to Art. 21 GDPR below.
Accessing our website
Purpose, legal basis and legitimate interest
When you access our website, i.e. even if you do not register or otherwise submit information, information of a general nature is automatically collected. This information (server log files) includes, for example, the type of web browser, the operating system used, the domain name of your Internet service provider, your IP address, referrer URL, date and time of access and the like.
In particular, they are processed for the following purposes:
- Ensuring a smooth connection setup of the website,
- Ensuring the smooth use of our website, and
- Ensuring and evaluating system security and stability, in particular for abuse detection as well as
- for the technically error-free presentation and optimization of our website.
We do not use your data to draw conclusions about you personally. However, we reserve the right to check the server log files retrospectively if there are concrete indications of unlawful use.
The processing is carried out in accordance with Art. 6 (1) (f) GDPR on the basis of our legitimate interest in improving the stability and functionality of our website and ensuring system security and abuse detection.
Recipients of the data
We use service providers for the operation and maintenance of our website, who act as our data processors.
All service providers are contractually obligated to treat your data confidentially.
Storage duration
Data is stored in server log files in a form that allows identification of the data subjects for a maximum period of 7 days; unless a security-related event occurs (e.g. a DDoS attack).
In the event of such an event, server log files are stored until the elimination and complete clarification of the security-related event.
Provision prescribed or required
The provision of the aforementioned personal data is neither legally nor contractually required. However, without the IP address and the cookie identifier, the service and functionality of our website is not guaranteed. In addition, individual services and services may not be available or may be limited.
Objection
Please read the information about your right to object according to Art. 21 GDPR below.
Compliance-Portal for clients
Purpose, legal basis and legitimate interest
Personal data is collected for the operation of our Compliance Portal.
For this purpose, we collect the following data:
- IP address
- Login data (E-Mail address, name, password)
- Access log
- Change log in the event of data changes (journal)
The legal basis for the processing is the fulfilment of the contract concluded with you pursuant to Art. 6 (1) (b) GDPR as well as our legitimate interest in improving the stability and functionality of the Compliance Portal pursuant to Art. 6 (1) (f) GDPR.
Recipients of the data
We use service providers for the operation and maintenance of our Compliance Portal who act as our data processors.
All service providers are contractually obligated to treat your data confidentially.
Storage duration
The data is deleted as soon as it is no longer required for the purpose for which it was collected. The personal data collected as part of the Compliance Portal will be stored for the duration of the contractual relationship and beyond for three years.
Provision prescribed or required
Within the scope of the fulfillment of our contractual obligations, the processing of the above-mentioned data is necessary.
Without the provision of your personal data we cannot offer the Compliance Portal.
Objection
Please read the information about your right to object according to Art. 21 GDPR below.
Webinars via ClickMeeting
Purpose, legal basis and legitimate interest
To conduct the live webinars, we use the webinar solution of the video conferencing tool ClickMeeting (ClickMeeting Spółka z ograniczoną odpowiedzialnością located at ul. Arkońska 6/A4, 80-387 Gdańsk, Poland).
An encrypted connection is established between you and ClickMeeting. Further information on encryption technology can be viewed here. A detailed list of the categories of data collected and processed by ClickMeeting, as well as the exact purpose of the processing in each case, can be found at https://knowledge.clickmeeting.com/privacy-security/.
The personal data provided during registration is processed exclusively for the purpose of conducting the webinar. The legal basis for this is, in the case of free webinars, Art. 6 (1) (f) GDPR, in the practicable and user-friendly implementation of the webinar, including a good user experience for the purpose of external presentation of the company. For paid webinars, the legal basis is Art. 6 (1) (b) GDPR.
Recipients of the data
Recipients are technical service providers for the implementation of the webinar within the framework of commissioned processing. In the case of the ClickMeeting solution, ClickMeeting Sp. z o.o., Arkonska 6/A4, 80-387 Gdansk, Poland.
With regard to the transfer of data to recipients outside our company, it should first be noted that we only transfer necessary personal data in compliance with applicable data protection regulations. Under these conditions, recipients of personal data may include:
- Public bodies and institutions (e.g. tax authorities, law enforcement agencies) if there is a legal or regulatory obligation;
- Credit and financial services institutions (processing of payment transactions);
- Tax consultants, business and payroll tax auditors (statutory audit mandate).
Furthermore, technical service providers for registration management as part of data processing.
All service providers are contractually obligated to treat your data confidentially.
Storage duration
In the case of free webinars, your data will only be collected by us in the context of the respective live session. The recording enabled by the system via ClickMeeting is prevented for all participants. Registration data is deleted after the purpose has been fulfilled. This usually takes place after a maximum storage period of six months in our system.
In the case of paid webinars, we process and store your personal data as long as this is necessary for the fulfilment of our contractual and legal obligations. If the data is no longer required for the fulfilment of contractual or legal obligations, it is regularly deleted.
Exceptions to the above deletion criteria arise for data,
- which are required for the fulfillment of statutory retention periods, e.g. the German Commercial Code (HGB) and the German Fiscal Code (AO). The periods specified therein for retention and/or documentation are generally six to ten years,
- for the preservation of evidence within the framework of the statutory limitation provisions. According to Sections 195 et seq. of the German Civil Code (BGB), these limitation periods can be up to 30 years, with the regular statutory limitation period being three years.
Provision prescribed or required
The provision of the aforementioned personal data is neither legally nor contractually required. However, we can only offer the webinars if we can carry out the associated processing.
Objection
Please read the information about your right to object according to Art. 21 GDPR below.
Webinars over Zoom
Purpose, legal basis and legitimate interest
To conduct the live webinars, we use the webinar solution of the Zoom video conferencing tool. The tool is precisely tailored to the needs of conducting a webinar. It allows effective delivery of content to a larger number of participants over the Internet and helps maintain the quality of the webinars. After the webinar, we may provide participants with the presentation and additional information via a download link.
A detailed list of the categories of data collected and processed by Zoom, as well as the exact purpose of the processing in each case, can be found at: https://zoom.us/privacy.
Zoom offers administrators the possibility to configure extensive settings relevant to data protection. We configure the tool in such a way that only the personal data that is absolutely necessary for the implementation of the webinar is processed and that the collected data is protected in the best possible way. In this way, we enable the most data protection-friendly and secure use possible.
An acceptable level of data protection is ensured by means of end-to-end encryption enforced by the system. This limits the transmission of data to the service provider to the data provided by the user during registration and the metadata associated with participation in the seminar. The registered user is responsible for the data he or she discloses during registration. Pseudonymous use is generally possible. Further information on encryption technology can be found here.
The webinar is not recorded.
Zoom is used on the basis of a legitimate interest (Art. 6 (1) (f) GDPR) in the practical and user-friendly implementation of the webinar, including a good user experience for the purpose of client acquisition and external presentation of the company.
Recipients of the data
Recipients are also technical service providers. In the case of the Zoom Webinar Solution, Zoom Video Communications, Inc, 55 Almaden Blvd, Suite 600, San Jose, CA 95113.
Furthermore, technical service providers for registration management as part of data processing.
All service providers are contractually obligated to treat your data confidentially.
Third country transfer
Processing also takes place outside the EU, namely in the U.S. Guarantees exist in the form of concluded standard contractual clauses. The guarantee of an approximately equal level of data protection as within the EU is carried out as best as possible via the technical restriction of the data transfer. The standard contractual clauses can be viewed under "EXHIBIT C" here: https://zoom.us/docs/doc/Zoom_GLOBAL_DPA.pdf
Storage duration
Data is only collected by us in the context of the respective live session. As a rule, no recording takes place or only in the case of prior, separate consent of the participants. The recording enabled by the system via Zoom is prevented for all participants. Registration data is deleted after the end of the session. This usually takes place after a maximum storage period of 6 months in our system.
Provision prescribed or required
The provision of the aforementioned personal data is neither legally nor contractually required. However, we can only offer the webinars if we can carry out the associated processing.
Objection
Please read the information about your right to object according to Art. 21 GDPR below.
Reach measurement
Purpose, legal basis and legitimate interest
We evaluate user behavior with the help of analysis tools.
A more detailed description of the tools can be found in the chapter Analysis tools of this privacy statement.
The processing is carried out in accordance with Art. 6 (1) (f) GDPR on the basis of our legitimate interest. The measurement of the reach and the resulting information are suitable for adjusting the web offer.
Recipients of the data
We use technical service providers for the operation and maintenance of our website, who act as our data processors.
All service providers are contractually obligated to treat your data confidentially.
Storage duration
The data is anonymized immediately after collection.
Provision prescribed or required
The provision of the data is neither legally nor contractually required.
Objection
Please read the information about your right to object according to Art. 21 GDPR below.
Use of Cookies
General Information
A cookie is a small data set that is created when a website is visited and is temporarily stored on the website user's system. If the server of this website is called up again by the user of the website, the browser of the user of the website sends the previously received cookie back to the server. The server can evaluate the information obtained through this procedure. Cookies can, in particular, make it easier to navigate a website.
Detailed information on the subject of cookies, and which cookies are used on this website (after consent), can be found in our Cookie Consent Tool, which you can access at any time by clicking on the icon at the bottom left of your web browser.
Deletion of Cookies
You can reject any cookie category, except for the technically necessary cookies. To do this, click on the icon at the bottom left of your web browser and change the desired settings in the cookie consent banner that opens.
You can also delete individual cookies or the entire cookie inventory via your browser settings. In addition, you will receive information and instructions on how to delete these cookies or block their storage in advance. Depending on the provider of your browser, you can find the necessary information under the following links:
- Mozilla Firefox: https://support.mozilla.org/kb/clear-cookies-and-site-data-firefox
- Internet Explorer: https://support.microsoft.com/help/17442/windows-internet-explorer-delete-manage-cookies
- Google Chrome: https://support.google.com/accounts/answer/61416
- Opera: http://www.opera.com/help
- Safari: https://support.apple.com/en-gb/guide/safari/sfri11471/mac
Additionally, you can prevent loading of so-called scripts by default. NoScript allows JavaScript, Java and other plugins to run only on trusted domains of your choice. For information and instructions on how to edit this feature, contact your browser vendor (e.g. for Mozilla Firefox: https://addons.mozilla.org/en-GB/firefox/addon/noscript/).
Use of technically necessary cookies
Purpose, legal basis and legitimate interest
We use cookies to make our website more user-friendly. Some elements of our website require that the calling browser can be identified even after a page change.
The following data is stored and transmitted in the cookies:
- Language settings
- Consent management
Technically necessary cookies help to make a website usable by enabling basic functions such as page navigation and access to secure areas of the website. Some functions of our website cannot be offered without the use of cookies. For these, it is necessary that the browser is recognized even after a page change.
The processing is carried out in accordance with Art. 6 (1) (f) GDPR on the basis of our legitimate interest in a user-friendly design of our website and in the documentation of consent.
Recipients of the data
We use technical service providers for the operation and maintenance of our website, who act as our data processors.
All service providers are contractually obligated to treat your data confidentially.
Storage duration
Details on the storage duration of cookies can be found in our Cookie Consent Tool, which you can access by clicking on the icon at the bottom left of the screen.
Provision prescribed or required
The provision of the aforementioned personal data is neither legally nor contractually required. However, without this data, the service and functionality of our website cannot be guaranteed. In addition, individual services and services may not be available or may be limited.
Objection
Please read the information about your right to object according to Art. 21 GDPR below.
Use of technically unnecessary cookies
Purpose and legal basis
We also use such cookies on the website that enable an analysis of the user's surfing behavior. These cookies are used to make the use of the website more efficient and attractive.
We use web analytic technologies from the following providers:
- Matomo
The legal basis for these processing operations is in each case your consent, Art. 6 (1) (a) GDPR.
Recipients of the data
We use technical service providers for the operation and maintenance of our website, who act as our data processors.
All service providers are contractually obligated to treat your data confidentially.
Further recipients and details about the technical functioning of the tools used and information on how you can prevent the transfer of data (tracking) can be found in our Cookie Consent Tool, which you can access by clicking on the icon at the bottom left of the screen.
Storage duration
For details on the storage duration of cookies and the technologies used as part of these tracking tools, please refer to our Cookie Consent Tool, which you can access by clicking on the icon at the bottom left of the screen.
Provision prescribed or required
The provision of your data is voluntary, based solely on your consent. However, we would like to point out that in this case you may not be able to use all functions of this website to their full extent.
Withdrawal of consent
You can withdraw your consent at any time. To do so, click on the icon at the bottom left of the screen and make the desired settings in the cookie consent banner that opens.
Profiling
With the help of web analytics tools, the behavior of visitors to the website can be evaluated and interests can be analyzed. For this purpose, we create a pseudonymous user profile.
Objection
Please read the information about your right to object according to Art. 21 GDPR below.
Analysis tools in use
Matomo (based on logfiles)
With the help of the locally installed analysis tool Matomo, we evaluate user behavior locally on the server. Matomo does not collect the data itself, but accesses the database of the web server.
The web server truncates each requesting IP address before storing it in the log file. Thus, the database is sufficiently anonymized and it is not possible to draw conclusions about individual persons.
Matomo (based on cookies)
This website uses Matomo (formerly Piwik), an open source software for statistical analysis of visitor access. The provider of the Matomo software is InnoCraft Ltd, 150 Willis St, 6011 Wellington, New Zealand.
Matomo uses cookies that enable an analysis of your use of the website. The information generated by the cookie about your use of the website is stored on a server in Germany. We have configured Matomo so that no profiling takes place.
The IP address is anonymized immediately after processing and before storage by truncating the last 2 bytes.
You have the option to prevent the installation of cookies by changing the settings of your browser software. We would like to point out that if you change your settings accordingly, not all functions of this website may be available.
For more information on the privacy settings of the Matomo software, please see the following link: https://matomo.org/docs/privacy/.
The data is deleted as soon as it is no longer required for our recording purposes. In our case, this is done automatically after 6 months.
First, you can completely prevent the storage of cookies in your browser. However, this may mean that you can no longer use some functions of our website that require identification. Secondly, you can activate the "Do-not-track" setting in your browser. We have configured Matomo to respect this setting.
In addition, you can create a so-called opt-out cookie with a mouse click below, which is valid for two years. It has the consequence that Matomo will not register your further visits. Note, however, that the opt-out cookie will be deleted if you delete all cookies.
WiredMinds
Our website uses the pixel-counting technology of WiredMinds GmbH (www.wiredminds.de) to analyze visitor behavior. In this process, the IP address of a visitor is processed. The processing takes place exclusively for the purpose of collecting company-relevant information such as the company name. IP addresses of natural persons are excluded from further use (whitelist procedure). The IP address is not stored in LeadLab under any circumstances.
When processing the data, it is our particular interest to protect the data protection rights of natural persons. Our interest is based on Art. 6 (1) (f) GDPR. The data we collect does not allow any conclusion to be drawn about an identifiable person at any time.
WiredMinds GmbH uses this information to create anonymous usage profiles related to visitor behavior on our website. The data obtained in this way is not used to personally identify visitors to our website.
What data protection rights do you have?
Every data subject has the right to access under Article 15 of the GDPR, the right to rectification under Article 16 of the GDPR, the right to erasure under Article 17 of the GDPR, the right to restriction of processing under Article 18 of the GDPR, the right to object under Article 21 of the GDPR and the right to data portability under Article 20 of the GDPR.
With regard to the right to information and the right to erasure, the restrictions pursuant to Sections 34 and 35 BDSG apply.
You may withdraw your consent to the processing of personal data at any time. This also applies to the withdrawal of declarations of consent given to us before the applicability of the General Data Protection Regulation, i.e. before May 25, 2018. Please note that the withdrawal is only effective for the future. Processing that took place before the withdrawal is not affected.
In addition, you have the right to lodge a complaint with a competent data protection supervisory authority (Art. 77 GDPR in conjunction with Section 19 BDSG). A list of supervisory authorities (for the non-public sector) with address can be found at: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.
Data security
We only handle personal data to the extent that this is in accordance with data protection regulations. In doing so, we also strive to take all necessary technical and organizational security measures to adequately protect your personal data from unauthorized access and misuse at all times.
Insofar as we store or process personal data, this is done within a high-security data center. To protect the security of your data during transmission, we use encryption methods (e.g. SSL) via HTTPS. Our servers are secured by means of firewall and virus protection. Back-up and recovery procedures as well as role and authorization concepts are a matter of course for us.
Our employees are obliged to observe the regulations of the GDPR and the BDSG when handling data.
Changes to our privacy statement
We reserve the right to adapt this pirvacy statement to ensure that it always complies with the current legal requirements or to implement changes to our services in the pirvacy statement, e.g. when introducing new services. The new privacy statement will then apply to your next visit.
Currently, the version dated February 27, 2022 applies.
Information regarding your right to object in terms of Art. 21 GDPR
Right to object on a case-by-case basis
You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Art. 6(1)(f) GDPR (data processing on the basis of a balance of interests); this also applies to profiling based on this provision within the meaning of Art. 4 No. 4 GDPR.
If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate interests for the processing that override your interests, rights and freedoms, or the processing serves the assertion, exercise or defense of legal claims.
Recipients of an objection
The objection can be made informally with the subject "Objection", stating your name, address or other identifying information to:
activeMind.legal Rechtsanwaltsgesellschaft mbH
Potsdamer Strasse 3
80802 Munich
Germany
E-mail: privacy@activemind.legal
