1. Scope, Purposes and Legal Bases of our Processing on this Web Site
Whenever you visit our website, our web server will log the below communication and usage data:
- IP address of requesting terminal device
- Time and date of access
- Name and URL of the data accessed on our web server
- Transferred data volume
- Confirmation that request was processed successfully, or error status information
- Header information identifying the requesting browser and operating system
Our web server is operated by a service provider based in Germany. The communication and usage data will normally be deleted within 7 days. In case of a suspected security incident, the relevant data will be retained until the incident is solved and will be transferred to the competent authorities.
We also use a session cookie. The cookie is a small text file that our web server provides to your terminal device. Our cookie is technically required to properly present our web site; it does not enable us to track you. The cookie will not be stored persistently but will be deleted automatically once you terminate your session or close your browser (at the latest). You may of course block cookies using the settings of your browser – however that may result in an incorrect presentation of this website.
We process this data only to the extent required for the purposes of providing secure access to our web content (making connection, correct transmission and display of content, securing our systems). The legal basis of our processing is our legitimate interest in the public presentation of our firm, statutory and law society publication requirements and the legal requirement to protect visitors from potential security threats on our website.
Our website can be used without submitting personal data. If such data (for example name, address or email-address) is requested,this is always on a voluntary basis. This data will not be passed on to third parties wihout your explicit consent.
There is no further processing of your data by this website. Any further processing will be in relation to client relationships and we will inform you about the details separately, as required from time to time. However, as a general information, we would like to point out that we process the personal data of our clients only to the extent required under contract, as legally required, to pursue the legitimate interest of our clients, or as allowed pursuant to consent that may be withdrawn at any time with effect for the future.
2. Links to Web Sites of Third Parties
This privacy statement only applies to our web site. If and to the extent our web site contains links to third party web sites, we would like to point to the following: This web site does not automatically load any content from third party servers; neither is such content required to use our web site. The respective links indicate that they take you to third party web sites. You transfer your personal data to the third party web server, if you follow such a link. We do not have any influence whatsoever on such third party providers and do not control whether they comply to relevant regulations.
3. Controller, Contacts, Encryption
The controller as defined in the GDPR is:
Xenion Legal GmbH
WeWork Goetheplatz Neue Rothofstraße 13-19
You may approach Dr. Reimann and Dr. Schumacher and you will find their details on our Contact page.
4. Your Rights
You have the following rights, each in accordance with applicable statutory law:
- Access: You may request information on the data processed about you, and to obtain a copy thereof. For clarification, we will not be able to provide access or information to the extent the affected data is subject to our professional secrecy or must be kept secret due to another statutory provision or the nature of the data, in particular due to an overriding interest of an affected third party.
- Rectification: Upon request, we will rectify inaccurate data and complete incomplete personal data.
- Deletion and Restriction: Upon request, we delete your personal data or restrict our processing of it.
- Data Portability: You may receive any personal data you provided to us under contract or consent in a structured, commonly used and machine-readable format.
- Objection: To the extent we process your personal data based on a legitimate interest, you may object to such processing.
- Consent withdrawal: You may withdraw your consents at any time without affecting the lawfulness of processing based on consent before its withdrawal. We will inform you on how to withdraw when we obtain your consent.
- Automated decisions: We do not use any automated individual decision making processes pursuant to Art 22 GDPR.
- Complaint: You may to lodge a complaint with a competent authority, e.g. at the place of your habitual residence.
Unless otherwise stated, to exercise your rights please contact us using the contact details given in point 3 above.
5. Google Analytics
This website uses Google Analytics, a web analytics service of Google Inc, (1600 Amphitheatre Parkway Mountain View, CA 94043, USA (“Google”). Its purpose is the analysis of user activities across websites and devices by assigning data, sessions and interactions across several devices to a pseudonymous user ID.
Google Analytics uses “cookies”. Cookies are small text files placed on your computer, to allow us to analyse the user behaviour on our site. The information generated by the cookie about your use of this website is usually transferred to a Google server in the USA and stored there. However, we have activated the IP anonymisation, so that Google will reduce your IP address in European Union or in other states party to the Agreement on the European Economic Area. It is only in exceptional cases that the full IP address is transmitted to a Google server in the USA and shortened there. Your IP address is not merged with other Google data. Google will use this information on our behalf as our data processor to analyse your use of the website, to compile reports on website activity and to provide us with other services related to your website and Internet use.
This processing is based on Section 15 Para. 3 TMG and Art. 6 (1) (f) GDPR that allows data processing if is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.
Our legitimate interest in this data processing are the analysis of the behaviour of the users of our services as described in the purposes. The data sent by us and linked to cookies, user-identifiers (e.g. User-IDs) or advertising-identifiers are automatically deleted after fourteen (14) months within a month.