A. General Information
1. Controller
2. Data Protection Officer
3. Disclosure of data to third parties
4. Storage period
5. Your rights
B. Data processing absolutely essential for the provision of the website
1. Logs
2. Consent Management Tool
3. Cookies to provide the website
C. Data processing after consent via the CMT
1. Matomo
D. Data processing when contacting us and using functions
1. Contact
2. Advertising measures
E. Data processing on our social media company pages
1. General information about company pages, legal basis
2. Agreements according to Art. 26 GDPR
The simultaneous use of masculine and feminine forms of speech is waived for reasons of better readability. All personal designations nevertheless apply to all genders.
A. General Information
1. Controller
Responsible for the processing of personal data is:
BRP Renaud und Partner mbB
Rechtsanwälte Patentanwälte Steuerberater
Königstraße 28, D-70173 Stuttgart
T +49 711 16445-0
F +49 711 16445-100
Beethovenstraße 12–16, D-60325 Frankfurt/Main
T +49 69 133734-0
F +49 69 133734-34
info[at]brp.de
2. Data Protection Officer
You can reach our data protection officer at:
BRP Renaud und Partner mbB
Datenschutzbeauftragte
Königstraße 28, D-70173 Stuttgart
T +49 711 16445-0
F +49 711 16445-100
datenschutzbeauftragte[at]brp.de
3. Disclosure of data to third parties
Your personal data will only be disclosed to third parties if this is permitted by data protection law, in particular if you have consented to the disclosure (§ 25 para. 1 p. 1 TTDSG or Art. 6 para. 1 S. 1 lit. a GDPR), the disclosure is necessary for the purpose of contract performance (Art. 6 para. 1 S. 1 lit. b GDPR) or is absolutely essential in order to provide you with an expressly requested service (§ 25 para. 2 Nr. 2 TTDSG).
In addition to the recipients mentioned above, personal data may be passed on to our website administrator, anders und sehr GmbH, Heßbrühlstraße 7, 70565 Stuttgart, Germany. The website is hosted exclusively on servers within the EU via a German service provider Host Europe GmbH, Hansestraße 111, 51149 Cologne. In both cases, the service providers are not only bound by instructions in accordance with data protection law but also not permitted to use the data for any other purpose.
4. Storage period
The personal data processed by us will be stored for as long as required for the respective purpose – in particular the processing of your request or your contract – in compliance with the statutory retention periods (e.g. in accordance with the German Commercial Code and the German Fiscal Code, ten years for tax-relevant documents and six years for other business letters) (Art. 6 para. 1 p. 1 lit. c GDPR). Storage beyond the statutory retention periods is possible if you have consented to this in accordance with Art. 6 para. 1 p. 1 lit. a GDPR or § 25 para. 1 p. 1 TTDSG or the purpose of the data processing has not yet ceased.
5. Your rights
5.1 Disable cookies
Some of the processing operations explained previously use cookies. If you do not want this, you can disable the storage of cookies on your hard drive in your browser settings. You can also delete cookies from your browser settings at any time. However, in this case you may not be able to use all functions of our website to their full extent.
5.2 Right of withdrawal
Some of the processing operations explained above are only carried out with your consent. You can withdraw your consent to the performance of these processing operations at any time with effect for the future. In this case, you may no longer be able to use our services as usual until you have again consented to the respective data processing. You can exercise your right of withdrawal via our Consent Management Tool (CMT). In this way, you can also consent again to individual data processing operations. You can open the CMT at any time via the "fingerprint icon ".
5.3 Right of objection
You may object to the use of personal data for direct marketing purposes at any time; you may also object to the use of personal data on the basis of Art. 6 para. 1 p. 1 lit. f GDPR for reasons arising from your particular situation at any time with effect for the future, without incurring any transmission costs other than those according to the basic rates.
5.4 Right of access, rectification, erasure or restriction and portability
Under the conditions of Art. 15 to 20 GDPR, you have the right to receive information free of charge about the data we have stored about you, to have incorrect data rectified and to demand erasure, restriction of precessing and portability of your personal data. In some cases, however, we are not allowed to delete user data completely due to legal retention obligations.
5.5 Right of appeal
You have a right of appeal to a supervisory authority. The supervisory authority responsible for us is: Der Landesbeauftragte für den Datenschutz und die Informationsfreiheit Baden-Württemberg, Lautenschlagerstraße 20, 70173 Stuttgart.
B. Data processing absolutely essential for the provision of the website
In some cases, the processing of data is absolutely essential in order to be able to provide our website without technical or functional restrictions and in accordance with legal requirements. In these cases, data is also processed if you have refused any additional data processing via the Consent Management Tool.
1. Logs
When our website is visited, a so-called "log file" is automatically created by the server. This contains, among other information, the date and time of access, browser type and version, operating system and version, IP address, requested domain and the previously visited website.
The data processing is absolutely necessary to ensure the availability and correct display of our website on your end device. In addition, the log files can be used to identify cyber attacks and thus ensure the accessibility of our websites. The legal basis for the data processing is Art. 6 para. 1 p. 1 lit. b DSGVO.
2. Consent Management Tool
Our website uses a Consent Management Tool ("CMT") to obtain and document your consent to data processing by various services.
When you open our website, you can give consent via the CMT for individual data processing, which is stored by the CMT. For this purpose, the CMT generates a so-calles "Controller ID" and also stores information in session storage and local storage of your browser:
Session-Storage:
- uc_user_country: Records your country and region in order to display the output language of the Usercentrics interface in the appropriate language; Deleted after the session expires; There is no access by third parties to the processed data.
Local-Storage:
- uc_tcf: Helps to request and transmit the user consent; Deleted the next time your browser cache is cleared; There is no access by third parties to the processed data.
- uc_settings: Contains your settings in Usercentrics for consenting to different data processing operations as well as the time of your consent/refusal; Deleted the next time your browser cache is cleared; There is no access by third parties to the processed data.
- uc_user_interaction: Stores whether you have already selected a setting for your data processing preferences (i.e. whether you have already interacted with the CMT); Deleted the next time your browser cache is cleared; There is no access by third parties to the processed data.
This information, which is linked to the Controller ID, can be used to track which data processing by which services you have consented to or not consented to when you reopen the website. This way, you do not have to enter your settings for consenting to individual data processing operations again with each visit. For this purpose, the storage of the listed information on your end device is absolutely necessary (Section 25 para. 2 nr. 2 TTDSG (German Act to regulate data protection and priacy in telecommunications and telemedia).
Of course, you can also change your selection subsequently via the settings. You can open the CMT at any time via the "fingerprint icon".
3. Cookies to provide the website
When you open our website, cookies, i.e. small text files, may be stored on your computer:
- PHPSESSID: Assignment of an ID for the current session - this is standard for PHP-based websites; cookie and session ID are deleted again when the website is closed; third parties have no access to the processed data.
The data processing by these cookies is absolutely essential for the provision of our website. The legal basis for the data processing is § 25 para. 2 Nr. 2 TTDSG.
C. Data processing after consent via the CMT
We have integrated the service listed below into our website. Data processing by this service only takes place if you have consented via the Consent Management Tool (CMT). You can use the CMT to withdraw your consent at any time, see also section A.5.2.
1. Matomo
The service Matomo is is an open source software that we have integrated on our website by ourselves. Data processing by the service only takes place after you have consented to this via the CMT.
The service collects this information about your end device and your visit to our website: Your end device's IP address (anonymized immediately after collection), date and time of first, last, and current access to our website, total number of visits to our website, location, and language settings of your end device. In addition, the service assigns a user ID to your terminal device. For this purposes, cookies are stored on your computer. These are the following cookies:
- _pk_id...: Stores the visitor's session ID associated with Matomo; Storage period: 13 months; There is no access by third parties to the processed data.
- _pk_ses...: Stores information about the current session; Deleted after the session expires; There is no access by third parties to the processed data.
- _pk_ref..: Stores the website that the user visited before our website (referrer); storage period: 6 months; There is no access by third parties to the processed data.
- MATOMO_SESSID: Temporary cookie needed for security reasons for the execution of the opt-out; Deleted after the session expires; There is no access by third parties to the processed data.
The legal basis for the access to stored information as well as the storage of information on your terminal device by the service is your consent (Section 25 para. 1 p. 1 TTDSG).
The data collected is used to create and evaluate pseudonymous usage profiles. The pseudonymous usage profiles only refer to our website. Tracking across services and websites does not take place. Likewise, no personal identification of the individual visitor takes place. The legal basis for the generation of the pseudonymous usage profiles is your consent (Art. 6 para. 1 p. 1 lit. a GDPR).
For more information on data processing by Matomo, see:
- matomo.org/gdpr-analytics
- matomo.org/faq/general/faq_18254
D. Data processing when contacting us and using functions
Read here what data is processed when you contact us or use functions of the website.
1. Contact
We collect personal data when you provide it to us. This can be, for example, data that you transmit to us in the course of contacting us.
The processing of this data is based on Art. 6 para. 1 p. 1 lit. b GDPR, insofar as this is necessary for the execution of a measure requested by you. In all other cases, the processing is based on our legitimate interest in the effective processing of requests addressed to us (Art. 6 para. 1 p. 1 lit. f GDPR).
2. Advertising measures
We have a legitimate interest in the use of your data for direct marketing purposes within the meaning of Art. 6 para. 1 p. 1 lit. f GDPR.
If you have consented (Art. 6 para. 1 p. 1 lit. a GDPR), your data will also be processed for the sending of an e-mail-newsletter. CleverReach GmbH & Co. KG, Mühlenstr. 43, 26180 Rastede, Germany, is used in part for sending newsletters by e-mail. Winkhardt + Spinder GmbH & Co. KG, Ernsthaldenstraße 53, 70565 Stuttgart, Germany, is used in part for sending newsletters by mail. In each case, this is a service provider bound by instructions, which is obligated in accordance with the data protection regulations and may not use the data for any other purpose.
You can unsubscribe from an e-mail-newsletter at any time and thus withdraw your consent to the sending of the newsletter with effect for the future by contacting us either via the link provided for this purpose in every e-mail-newsletter or directly via newsletter-cancel(at)brp.de. In addition, you can object to the processing of your personal data for advertising purposes with effect for the future in writing, by fax, by e-mail or by telephone, without incurring any costs other than the transmission costs according to the basic rates. The lawfulness of the data processing operations already carried out remains unaffected by this.
If you exercise your right to object, we will store the address data mentioned in a "block list" to implement your objection. If you wish your data to be deleted completely, we would like to point out that if your data is collected again, processing for advertising purposes may occur again due to lack of knowledge of your objection.
E. Data processing on our social media company pages
We operate a so-called "company page" on these social media platforms:
- "Facebook" Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Irland
- "LinkedIn": LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Irland
- "Xing": New Work SE, Dammtorstraße 30, 20354 Hamburg, Deutschland
1. General information about company pages, legal basis
When visiting a company page, the respective provider collects information that enables it to recognize users and comprehensively analyze user behavior. Based on the data collected in this way, the operator of the social media platform can also create user profiles. If you are logged in with your corresponding social media account when visiting a company page, the respective provider can also assign this visit to your account.
The respective provider merely provides us with an anonymized statistical evaluation of the use of our company website based on the information obtained. This enables us to make our contributions even more targeted in the future. In this respect, we have a legitimate interest in collecting and processing this information. In addition, we have a legitimate interest in being able to use as many communication options as possible and thus reach as many interested parties personally as possible. The legal basis for the operation of a company page is in this respect Art. 6 para. 1 p. 1 lit. f GDPR.
We do not ourselves pass on to third parties any personal data that we collect via our company pages. However, we can neither influence nor exclude the possibility that the named providers transmit the collected data to third parties - in particular to their partner companies, which may also be based in countries outside the EU. In many third countries outside the EU, there is currently no level of data protection that corresponds to the EU.
In principle, you can assert your data subject rights (see also under A.5) with regard to data processing by our company pages both against us and against the respective provider. However, we would like to point out that these can be asserted most effectively with the respective provider. This is because only the respective provider has access to the users' data and can take appropriate measures and provide information directly.
For more information on data processing by the respective provider, see:
Facebook:
- www.facebook.com/settings?tab=ads
- www.facebook.com/policies/cookies
- de-de.facebook.com/about/privacy
LinkedIn:
- https://www.linkedin.com/legal/privacy-policy
- https://www.linkedin.com/legal/cookie-policy?trk=homepage-basic_footer-cookie-policy
- https://www.linkedin.com/psettings/guest-controls?trk=homepage-basic_footer-guest-controls
Xing:
- https://privacy.xing.com/de
- https://privacy.xing.com/de/datenschutzerklaerung
2. Agreements according to Art. 26 GDPR
We have concluded an agreement with Facebook and LinkedIn pursuant to Art. 26 GDPR in which the data protection obligations arising from the operation of our company website are divided between us and the respective provider. The providers have thereby assumed a large part of the data protection obligations, such as the fulfillment of the data subject rights pursuant to Art. 12-23 GDPR, the obligation to provide suitable technical and organizational measures to protect the security of personal data, and the reporting and notification obligations in the event of a data protection breach. If you contact us regarding your data subject rights, we will immediately forward your request to the respective provider. We are obligated to do so under the agreement with the respective provider.
For more information on the agreement between us and the respective provider, please see:
- https://www.facebook.com/legal/terms/page_controller_addendum
- https://www.linkedin.com/help/linkedin/answer/124838?lang=de
- https://legal.linkedin.com/pages-joint-controller-addendum