PRIVACY POLICY

1.    An Overview

​​​​

1.1     General information

​​

The following information provides a general overview of how your personal data is processed when you visit this website or any of the external online platforms associated with it, such as social media profiles (hereinafter collectively referred to as the 'website'). Personal data is any information that can be used to identify you personally (hereinafter referred to as 'personal data' or 'data' the 'website'). Further detailed information on data protection can be found in the privacy policy below.

​

1.2.   Data collection on this website

​​​

Who is responsible for data collection on this website (the 'controller')?

​​

The website operator is responsible for data processing on this website. The operator's contact details can be found in the 'Information on the controller' section of the privacy policy.

​

How is your data collected?

​​

Your data is collected as a result of your sharing of your data with us. This may, for instance be information you enter into our contact form. Other data shall be collected by our IT systems automatically or after you consent to its recording during your website visit. This data comprises primarily technical information (e.g., web browser, operating system, or time the site was accessed). This information is recorded automatically when you access this website.

​

What are the purposes your data is used for?

​​

Part of the data collected ensures that the website is provided without errors. Other data may be used to analyse your user behaviour, provided you give your consent. If you use the website to conclude or initiate contracts, the transmitted data will also be processed for contract offers or other order enquiries.

​​

What rights do you have regarding your data?

 

You have the right to receive information about the source, recipients, and purposes of your archived personal data at any time without having to pay a fee for such disclosures. You also have the right to demand that your data are rectified or eradicated. If you have consented to data processing, you have the option to revoke this consent at any time, which shall affect all future data processing. Moreover, you have the right to demand that the processing of your data be restricted under certain circumstances. Furthermore, you have the right to log a complaint with the competent supervising agency.

​

Please do not hesitate to contact us at any time if you have questions about this or any other data protection related issues.

​

Third-party tools and analysis-tools

​

When you visit this website, your browsing behaviour may be analysed for statistical purposes. This is primarily achieved using analysis programmes. You can find detailed information on these programmes in this privacy policy.

​​

2.    Hosting

​​

The content of this website is hosted by the following provider: Wix.com Ltd.

​

2.1.   External Hosting

​​

The provider is Wix.com Ltd, 40 Namal Tel Aviv St. Tel Aviv 6350671, Israel (hereafter referred to as 'Wix'). WIX is a tool for creating and hosting websites. When you visit our website, WIX may use cookies to analyse user behaviour, visitor sources, the region of website visitors and visitor numbers. WIX stores cookies on your browser that are required to display the website and ensure security. The data collected by WIX may be stored on various servers worldwide. WIX servers are located in the USA, among other places. Further details can be found in the WIX privacy policy: https://de.wix.com/about/privacy. According to WIX, data transfer to the USA and other third countries is based on standard contractual clauses of the EU Commission or comparable guarantees in accordance with Art. 46 GDPR. Further details can be found here: https://de.wix.com/about/privacy-dpa-users.

​

The use of WIX is based on Art. 6(1) f GDPR. 1(f) GDPR. The legitimate interest is to present the website in the most reliable way possible. If consent has been obtained, processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR and Section 25(1) of the German Act on Data Protection and the Protection of Privacy in Telecommunications and Digital Services (hereinafter referred to as 'TDDDG), provided that the consent authorises the storage of cookies or access to information on the user's end device (e.g. device fingerprinting), as defined by the TDDDG. Consent can be withdrawn at any time. The company is certified in accordance with the 'EU-US Data Privacy Framework' (DPF). The DPF is an agreement between the European Union and the USA which aims to ensure that data processing in the USA complies with European data protection regulations. Every company certified under the DPF undertakes to comply with these data protection standards. Further information can be obtained from the provider via the following link: https://www.dataprivacyframework.gov/participant/5626.

​

A data processing agreement (DPA) has been concluded for the use of the aforementioned service. This agreement is required by data protection law and ensures that the provider only processes the personal data of website visitors in accordance with the client's instructions and in compliance with the GDPR.

 

3.    General information and mandatory information

 

3.1.   Information on the controller

​​

The controller responsible for data processing is:

 

HERSEMEYER LEGAL

Guillaume Hersemeyer
Wielandstr. 41
10629 Berlin
Germany
privacy@hersemeyer.legal

 

The controller is the natural person or legal entity that single-handedly or jointly with others makes decisions as to the purposes of and resources for the processing of personal data (e.g., names, e-mail addresses, etc.).

​

3.2.  Retention periods​

 

Unless this privacy policy states a more specific storage period, your personal data will be stored until the purpose of processing the data no longer applies. If you submit a justified request for erasure or withdraw your consent to data processing, your data will be deleted unless there are other legally permissible reasons for retaining it (e.g. retention periods under tax or commercial law). In the latter case, deletion will take place once these reasons no longer apply.

​

3.3   General Information on the legal bases for the data processing on this website

​​

If you have consented to the processing of your personal data, it will be processed on the basis of Art. 6(1)(a) or Art. 9(2)(a) GDPR, provided that special categories of data are processed in accordance with Art. 9(2) GDPR. If you have given express consent for your personal data to be transferred to third countries, data processing will also be carried out on the basis of Art. 49(1)(a) GDPR. If you have consented to cookies being stored or to access being granted to information on your end device (e.g. via device fingerprinting), data processing will also be carried out on the basis of Section 25(1) TDDDG. Consent can be withdrawn at any time. If your data is required to fulfil a contract or carry out pre-contractual measures, it will be processed on the basis of Art. 6(1)(b) GDPR. Furthermore, your data will be processed if this is necessary to fulfil a legal obligation under Art. 6(1)(c) GDPR. Data processing may also be carried out on the basis of legitimate interests in accordance with Art. 6(1)(f) GDPR. The relevant legal basis for each case is provided in the following paragraphs of this privacy policy.

​

​3.4.  Recipients of personal data​

​​

As part of our business activities, we collaborate with various external parties. This sometimes requires us to transfer personal data to these organisations. We only pass on personal data to external organisations if it is necessary to fulfil a contract, if we are legally obliged to do so (e.g. transferring data to tax authorities), or if we have a legitimate interest in the transfer in accordance with Art. 6 para. 1 lit. f GDPR, or if another legal basis permits the transfer of data. When using processors, we only pass on our users' personal data on the basis of a valid data processing agreement. In the case of joint processing, a joint controller agreement is concluded.

​

Information on data transfer to the USA and other non-EU countries

​

Among other things, we use tools of companies domiciled in the United States or other from a data protection perspective non-secure non-EU countries. If these tools are active, your personal data may potentially be transferred to these non-EU countries and may be processed there. We must point out that in these countries, a data protection level that is comparable to that in the EU cannot be guaranteed. For instance, U.S. enterprises are under a mandate to release personal data to the security agencies and you as the data subject do not have any litigation options to defend yourself in court. Hence, it cannot be ruled out that U.S. agencies (e.g., the Secret Service) may process, analyze, and permanently archive your personal data for surveillance purposes. We have no control over these processing activities.

 

​3.5.  Your rights

​

As a data subject, you have the following rights:

​

• in accordance with Art. 15 GDPR, the right to request information about and the right to receive a copy of the personal data that we are processing;

• in accordance with Art. 16 GDPR, the right to demand the immediate rectification of incorrect or incomplete personal data stored by us;

• in accordance with Art. 17 GDPR, the right to request the erasure of your personal data stored by us, unless further processing is necessary 

  • to exercise the right to freedom of expression and information;

  • for the fulfilment of a legal obligation;

  • for reasons of public interest;

  • processing is necessary for the establishment, exercise or defence of legal claims;

• in accordance with Art. 18 GDPR, the right to demand the restriction of the processing of your personal data, insofar as

  • you dispute the accuracy of the data;

  • the processing is unlawful but you oppose the erasure of the data;

  • we no longer need the data, but you need it for the establishment, exercise or defence of legal claims; or

  • you have objected to processing pursuant to Art. 21 GDPR;

• in accordance with Art. 20 GDPR, the right to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format or to request that it be transferred to another controller;

• in accordance with Art. 77 GDPR, the right to lodge a complaint with a supervisory authority. Generally, you can contact the supervisory authority in the area where you live or work, or where our company is based.

​

​3.6. Right to object

​

If, as explained above, we process personal data in order to safeguard our legitimate interests, which outweigh your interests, you can object to this processing with effect for the future. If processing is carried out for direct marketing purposes, you can exercise this right at any time, as described above. However, if the processing is carried out for other purposes, you only have the right to object if there are grounds relating to your particular situation.

 

Once you have exercised your right to object, we will no longer process your personal data for these purposes, unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms. The same applies if the processing serves the establishment, exercise or defence of legal claims. This does not apply if the processing is for direct marketing purposes. In this case, we will no longer process your personal data for this purpose. 

 

​3.7   SSL/TLS Encryption

​

For security reasons and to protect the transmission of confidential content, such as orders or enquiries sent to the site operator, this site uses SSL or TLS encryption. You can recognise an encrypted connection by the address line of the browser changing from 'http://' to 'https://' and by the lock symbol in the browser bar. If SSL or TLS encryption is activated, any data you send us cannot be read by third parties.

 

4.    Data collection on this website

​​

4.1.   Server log files

​

The provider of this website and its pages automatically collects and stores information in so-called server log files, which your browser communicates to us automatically. The information comprises:

​

• The type and version of browser used;

• The used operating system;

• Referrer URL;

• The hostname of the accessing computer;

• The time of the server inquiry;

• The IP address.

​

This data is not merged with other data sources. This data is recorded on the basis of Art. 6(1)(f) GDPR. The operator of the website has a legitimate interest in the technically error free depiction and the optimization of the operator’s website. In order to achieve this, server log files must be recorded.

 

​4.2   Cookies

​

Our website uses cookies. These are small data files that do not cause any damage to your device. They are either stored temporarily for the duration of a session (session cookies) or permanently (permanent cookies). Session cookies are automatically deleted at the end of your visit. Permanent cookies remain stored on your device until you delete them or they are automatically deleted by your web browser.

​

Cookies may originate from us (first-party cookies) or from third-party companies (third-party cookies). Third-party cookies allow certain third-party services to be integrated into websites (e.g., cookies for processing payments).

​

Cookies have various functions. Many cookies are technically necessary for certain website functions to work (e.g. the shopping basket or video display functions). Other cookies can be used to evaluate user behaviour or for advertising purposes.

 

Necessary cookies, which are required to carry out the electronic communication process, provide certain functions that you have requested (e.g. the shopping basket function) or optimise the website (e.g. cookies to measure web traffic), are stored on the basis of Art. 6 (1)(f) GDPR, unless another legal basis is specified. The website operator has a legitimate interest in storing necessary cookies to provide its services technically error-free and optimised. If consent to the storage of cookies and comparable recognition technologies has been requested, processing is carried out exclusively on the basis of this consent (Art. 6(1)(a) GDPR and Section 25(1) TDDDG. Consent can be withdrawn at any time.

 

You can configure your browser to notify you when cookies are set, to allow cookies only in specific cases, to exclude acceptance of cookies in certain cases or in general, and to activate automatic deletion of cookies when you close your browser. Please note that if you deactivate cookies, this website may not function properly.

 

This website only uses cookies that are necessary for it to work properly. These cookies are set automatically when you access the website or a specific function, unless you have prevented cookies from being set in your browser settings. We process the data collected through the use of these cookies on the basis of Article 6(1)(f) GDPR.

​

​4.3.  Requests by email or telephone

 

If you get in touch via email or telephone, we will store and process your enquiry, along with any personal data resulting from it (e.g. your name and the details of your enquiry), in order to process your request. We will not pass on this data without your consent.

 

This data is processed on the basis of Art. 6(1)(b) GDPR if your enquiry relates to the fulfilment of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, processing is based either on our legitimate interest in effectively processing enquiries addressed to us (Art. 6(1)(f) GDPR), or on your consent (Art. 6(1)(a) GDPR) if requested. Consent can be withdrawn at any time.

 

Data sent to us via contact requests will be retained until you request its deletion, withdraw your consent for its storage, or the purpose for its storage no longer applies (e.g. once your request has been processed). Mandatory statutory provisions – in particular statutory retention periods – remain unaffected.

 

5.    Newsletter

​

If you register to receive a newsletter, data that you provide for this purpose will be used to send you our email newsletter on a regular basis, based on your consent in accordance with Art. 6(1)(a) GDPR. You can unsubscribe from the newsletter at any time by either sending a message via the contact details provided below or by clicking on the unsubscribe link in the newsletter. After unsubscribing, your email address will be deleted from the list of recipients unless you have expressly consented to us using your data further in accordance with Art. 6(1)(a) GDPR, or if further use of your data is permitted by law, as set out in this privacy policy.

 

If you have also given your consent to analyse the newsletter in accordance with Art. 6(1)(a) GDPR, we will analyse your interaction with the newsletter by measuring, storing and evaluating opening and click rates to design future newsletter campaigns ('newsletter tracking'). To carry out this analysis, emails sent contain single-pixel technologies (e.g. web beacons or tracking pixels), which are stored on our website. In particular, we link the following 'newsletter data' for the analyses: 

 

• Date and time of access;

• Browser type and version;

• IP address of the requesting computer;

• Your email address;

• Date and time of registration and confirmation.

 

as well as the single-pixel technologies with your e-mail address or your IP address and, if applicable, an individual ID. Links contained in the newsletter may also contain this ID. 

 

Unsubscribing from newsletter tracking is possible at any time and can be done either by sending a message to the contact option described here or via a link provided for this purpose in the newsletter.  The information will be stored for as long as you are subscribed to the newsletter. 

​

5.1.   Newsletter dispatch

 

The newsletter and the newsletter tracking described above may also be sent by service providers on our behalf ('processors'). If you have any questions about these service providers or our cooperation with them, please use the contact option described in this privacy policy. The service providers and/or servers used may be located in countries for which the European Commission has determined an adequate level of data protection: Israel, the United Kingdom and the USA. The adequacy decision for the USA applies as the basis for transfers to third countries, provided that the respective service provider is certified. We will inform you whether individual service providers are certified in accordance with the DPF and/or whether standard data protection clauses are in place. Further information on the DPF and a list of certified companies can be found on the US Department of Commerce's website at https://www.dataprivacyframework.gov/. Other service providers and/or servers may be located in the following countries: Brazil, Mexico, India and Ukraine. The European Commission has not made an adequacy decision for these countries. Where these service providers are involved, our cooperation with you is based on the European Union's standard data protection clauses.

 

6.    Presences in Social Media

 

We have publicly accessible profiles on social networks. The social networks we use can be found below.

 

When you visit a website with integrated social media content (e.g. like buttons or advertising banners), social networks such as LinkedIn can generally analyse your user behaviour extensively. Visiting our social media presences triggers numerous data protection-relevant processing operations. In detail:

 

If you are logged into your social media account and visit our social media presence, the operator of the social media portal can assign this visit to your user account. However, under certain circumstances, your personal data may also be collected if you are not logged in or do not have an account with the respective social media portal. This data collection can take place via cookies stored on your end device or by recording your IP address, for example.

 

The operators of the social media portals can use this data to create user profiles in which your preferences and interests are stored. This allows you to be shown interest-based advertising both on and off the respective social media platform. If you have an account with the relevant social network, this interest-based advertising may be displayed on all devices that you have used to log in.

 

Please note that we cannot track all processing on social media portals. Depending on the provider, the operators of the social media portals may therefore carry out further processing operations. For details, please refer to the terms of use and data protection provisions of the relevant social media portal. For detailed information on how the relevant social media operator processes and uses your data, your rights, and the options available to protect your privacy, please refer to the data protection notices of the providers in question, which are linked below. If you require further assistance, please contact us.

 

Our social media presences are intended to ensure the most comprehensive presence possible on the Internet. This is a legitimate interest within the meaning of Art. 6 (1)(f) GDPR. The analysis processes initiated by the social networks may be based on deviating legal bases to be specified by the operators of the social networks (e.g. consent within the meaning of Art. 6 (1)(a) GDPR.

​

If you visit one of our social media sites (e.g. LinkedIn), we are jointly responsible with the operator of the social media platform for the data processing operations triggered during this visit. In principle, you can assert your rights (information, correction, deletion, restriction of processing, data portability and complaint) both vis-à-vis us and vis-à-vis the operator of the respective social media portal (e.g. vis-à-vis LinkedIn). Please note that despite the joint responsibility with the social media portal operators, we do not have full influence on the data processing operations of the social media portals. Our options are largely determined by the corporate policy of the respective provider. For details, please contact the operators of the social networks directly (e.g. in their privacy policy, see below).

​

6.1.   Online presence on LinkedIn

​​

HERSEMEYER LEGAL maintains a social media profile on LinkedIn. LinkedIn is a service provided by LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Irland („LinkedIn“). The information automatically collected by LinkedIn about your use of our online presence on LinkedIn is usually transmitted to a server of LinkedIn Corporation, 1000 W. Maude Avenue, Sunnyvale, CA 94085, USA and stored there. If you would like to disable LinkedIn advertising cookies, please use the following link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

Data transfers to the USA in this context are based on the European Commission's adequacy decision and are protected by standard data protection clauses. Further details can be found here: https://www.linkedin.com/legal/l/dpa and https://www.linkedin.com/legal/l/eu-sccs. For more information about how LinkedIn processes data, please refer to the provider's privacy policy: https://www.linkedin.com/legal/privacy-policy.

​

7.    Conference tools

​

HERSEMEYER LEGAL uses online conference tools for communication with clients, among other things. The specific tools are listed below. If our communication involves a video or audio conference over the internet, your personal data will be collected and processed by the provider of the conference tool in question and by us. The conferencing tools collect all the information you provide or access in order to use the tools, such as your email address and/or phone number. Furthermore, the conferencing tools process the duration of the conference, the start and end times of your participation in the meeting, the number of participants, and other 'context information' related to the communication process (metadata).

 

The provider of the tool also processes all the technical data required for the online communication to be processed. This includes

​

• IP addresses,

• MAC addresses,

• device IDs,

• device type,

• operating system type and version,

• client version,

• camera type, microphone or loudspeaker, and

• connection type.

 

If you exchange, upload or otherwise make content available within the tool, it will also be stored on the tool provider's servers. This includes, but is not limited to,

​

• cloud recordings,

• chat/instant messages,

• voicemails,

• uploaded photos and videos, files, whiteboards and

• other information shared while using the service.

 

Please note that we do not have complete control over the data processing procedures of the tools used. Our options are largely determined by the provider's corporate policy. Further information on data processing by the conference tools can be found in the data protection declarations of the tools used, which we have listed below.

 

The conference tools are used to communicate with prospective or existing business partners and to provide certain services to our clients (Art. 6(1)(b) GDPR). Furthermore, using the tools generally simplifies and accelerates communication with us or our company (legitimate interest under Art. 6(1)(f) GDPR). Where consent has been requested, the tools will be used on this basis and consent may be withdrawn at any time.

 

Data collected directly by us via the video and conference tools will be deleted from our systems immediately when you request it, when you withdraw your consent for us to retain it, or when the reason for retaining it no longer applies. Stored cookies remain on your end device until you delete them. Mandatory legal retention periods remain unaffected.

 

We have no influence over how long the operators of the conference tools store your data for their own purposes. For details, please contact the operators of the conference tools directly.

 

We use the following conference tools:

​

Microsoft Teams

 

We use Microsoft Teams. The provider is Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland. For details on data processing, please refer to the Microsoft Teams privacy policy: https://privacy.microsoft.com/en-us/privacystatement. We have concluded a data processing agreement (DPA) for the use of the aforementioned service with Microsoft. This agreement, mandated by data privacy laws, guarantees that they will only process the personal data of our website visitors based on our instructions and in compliance with the GDPR.

​

8.    Contact

​​

If you have any questions about how we collect, process or otherwise use your personal data, or if you would like to access, correct, restrict or delete your data, or withdraw your consent or object to our use of your data, please contact us directly at privacy@hersemeyer.legal.