SKW Schwarz: Privacy Policy

Privacy Policy

This Privacy Policy aims to inform you about the collection of your personal data when you use our website or services. As per the General Data Protection Regulation (GDPR), personal data refers to any information relating to an identified or identifiable natural person, such as name, address, e-mail address, and user behavior.

Who is responsible for the collection of your data?

The party responsible for data processing according to Article 4 para 7 GDPR is SKW Schwarz Rechtsanwälte Steuerberater Partnerschaft mbB (hereinafter referred to as "SKW Schwarz").

Here are our contact details:

Address: Wittelsbacherplatz 1, 80333 Munich, Germany.
Telephone: +49 (0)89 2 86 40 - 0
E-mail: muenchen@skwschwarz.de

You can reach our external data protection officer here:

Name: Dr. Volker Wodianka
E-mail: volker.wodianka@privacy-legal.de
You can also send a letter to our address. Please write "Attn: Data Protection Officer" on the envelope.

What information do we collect?

We have compiled information on data processing separately for you according to data subject groups:

1. Website visitors

2. Visitors to the social media profiles of SKW Schwarz

3. Recipients of invitations and newsletters

4. Event participants

5. Interested parties and communication partners

6. Job applicants

7. General information and rights of the data subjects

1. Website Visitors

1.1 Informational use of our website

In cases of purely informational use of our website, we collect the following personal data transmitted by your browser to our server for the purpose of providing the website content accessed by you and ensuring the security of the IT infrastructure used. This data also helps with troubleshooting and enables a more efficient and user-friendly search on the website. The following personal data is transmitted from your browser to our server:

IP address,
Date and time of access,
Time zone difference from Greenwich Mean Time (GMT),
Content related to the request (specific page),
Access status/HTTP status code,
Amount of data transferred in each case,
Website from which the request came (referrer URL),
Browser,
Operating system and its interface,
Language and version of the browser software.

The legal basis for the processing is our legitimate interest in operating an internet presence to provide information about our services and events in accordance with Article 6 para 1 lit. f) GDPR.

The data is automatically provided by the browser of the website visitor. The processing of your data is technically necessary. Therefore, it is not possible to use the website without disclosing the listed personal data.

IP addresses are anonymized no later than 24 hours after collection. Pseudonymous usage data is deleted after six months.

1.2 Web Analysis

We use services from etracker GmbH, based in Hamburg, Germany (www.etracker.com), to analyze usage data. We do not use cookies for web analysis by default. If we employ analysis and optimization cookies, we obtain your explicit consent beforehand. Should this be the case and you consent, cookies are utilized to enable statistical coverage analysis of this website, measurement of the success of our online marketing measures, and testing procedures, for example, to test and optimize different versions of our online offering or its components. Cookies are small text files that the internet browser stores on the user's device. Etracker cookies do not contain any information that enables the identification of a user.

The data generated by etracker is processed and stored by etracker on behalf of the provider of this website exclusively in Germany, thereby adhering to strict German and European data protection laws and standards. Etracker has been independently audited and certified in this regard and awarded the ePrivacyseal data protection seal of approval.

Data processing takes place based on the legal provisions of Article 6 para 1 lit. f) (legitimate interest) of the GDPR. Our concern, in terms of the GDPR (legitimate interest), is the optimization of our online offer and our web presence. As the privacy of our visitors is crucial to us, data that could potentially enable a reference to an individual person, such as the IP address, login, or device identifiers, are anonymized or pseudonymized as soon as possible. No other use, combination with other data, or transfer to third parties will take place.

You can object to the aforementioned data processing at any time by clicking on the fingerprint icon in the lower-left half of the website. The objection will not result in any adverse consequences.

1.2 Usercentrics Consent Manager

We use the Consent Management Platform (CMP) of Usercentrics GmbH, Sendlinger Str. 7, 80331 Munich, Germany. This tool allows you to manage your consents conveniently for the setting of technically unnecessary cookies and to make changes - such as revoking previously granted consents or raising objections - via the tool.

The tool also includes the information required by Article 13 GDPR on the processing of your personal data by Usercentrics CMP and cookies that are not technically necessary.

You can access the settings of our CMP by clicking on the fingerprint icon in the lower-left half of the website.

1.3 LinkedIn Insight Tag

Additionally, the website uses the so-called LinkedIn Insight tag (or LinkedIn Pixel) of LinkedIn Ireland Unlimited Company ("LinkedIn"). The integration of this JavaScript tag allows us to show you, as a user of our website, interest-based advertisements ("Ads") that are relevant to you when you visit the LinkedIn social network or other websites that also use this method. We receive statistics about website visitors and demographics. We can evaluate your use of our LinkedIn Ads and interest in our offers by means of a conversion tracking function and display LinkedIn Ads to you on other websites via retargeting. In this way, we aim to improve the effectiveness of LinkedIn ads and make our website more interesting for you.

By integrating the LinkedIn Insight tag, your browser automatically establishes a direct connection with the LinkedIn server, both when visiting the LinkedIn website and websites that have the LinkedIn Insight tag built-in. LinkedIn and we are jointly responsible for the collection of your usage data when you visit our website and its transmission to the provider, but LinkedIn is solely responsible for the relevant processing to achieve the described objectives once the data has been transmitted. We have no influence on the scope and nature of LinkedIn's data use; therefore, we inform you according to our state of knowledge. Through the integration of the LinkedIn Insight tag, LinkedIn receives information that you have accessed the corresponding webpage of our website, or clicked on an ad from us. If you are registered with a LinkedIn service, LinkedIn can associate the visit with your account. Even if you are not registered with LinkedIn or have not logged in, it is possible that the provider acquires your IP address, time slot, and other identifying characteristics, and links them to the actions attributed to you.

Deactivation of the LinkedIn Insight tag and other advertising objections can be made in the advertisement settings at http://www.linkedin.com/help/linkedin/answer/62931?trk=microsites-frontend_legal_privacy-policy&lang=en and additionally at www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

You can find further setting options and information in the LinkedIn Privacy Center: privacy.linkedin.com/en?lr=1/

The legal basis for processing your data is Article 6 para 1 lit. a) GDPR, i.e., the integration only takes place with your consent. You can revoke your consent at any time, most easily via our Cookie Manager. LinkedIn also processes your personal data in the USA and has committed itself to a standard that corresponds to the former EU-US Privacy Shield. We have also agreed to so-called standard data protection clauses with LinkedIn, the purpose of which is to maintain an appropriate level of data protection in the third country.

Further information on data processing by LinkedIn can be obtained from the provider, LinkedIn Ireland Unlimited Company, Attn: Legal Dept. (Privacy Policy and User Agreement), Wilton Plaza, Wilton Place, Dublin 2, Ireland; information on the LinkedIn Insight tag: business.linkedin.com/en/marketing-solutions/insight-tag?lr=1/; privacy information: http://www.linkedin.com/legal/privacy-policy?trk=homepage-basic_footer-privacy-policy/

1.5 Integration of Social Media Plug-ins

This website uses so-called "social plug-ins" of the social media platforms LinkedIn, Instagram, Xing, Facebook, and Twitter, which are operated by:

LinkedIn Ireland Unlimited Company, Attn: Legal Dept. (Privacy Policy and User Agreement), Wilton Plaza, Wilton Place, Dublin 2, Ireland.
Facebook Inc, 1601 S. California Ave, Palo Alto, CA 94304, USA (Instagram, Facebook);
New Work SE, Dammtorstraße 30, 20354 Hamburg, Germany;
and Twitter Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107, USA

The website uses the so-called two-click solution. This means that when you visit our site, no personal data is initially passed on to the providers of the plug-ins. You can recognize the provider of the plug-in via the logo. We provide the possibility for you to communicate directly with the provider of the plug-in via the button. Only by clicking on the marked field and thereby activating it does the plug-in provider receive the information that you have accessed the relevant webpage of our online offering. In addition, the data mentioned under point 1.1 of this declaration is transmitted. In the case of Facebook and according to the respective providers in Germany, the IP address is anonymized immediately after collection. By activating the plug-in, personal data is therefore transmitted from you to the respective plug-in provider and stored there (in the case of US providers, in the USA).

We have no influence on the collected data and data processing operations, nor are we aware of the full scope of data collection, the purposes of processing, or the storage periods. We also have no information about the deletion of the collected data by the plug-in provider.

The plug-in provider stores the data collected about you as usage profiles and uses them for purposes of advertising, market research, and/or demand-oriented design of its website. Such an evaluation is carried out in particular (also for users who are not logged in) for the display of tailored advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, but to exercise this right, you must contact the respective plug-in provider. Through the plug-ins, we offer you the opportunity to interact with social networks and other users so that we can improve our offer and make it more interesting for you as a user. The legal basis for the use of the plug-ins is Article 6 para 1 lit. a) GDPR.

Data transfer takes place regardless of whether you have an account with the plug-in provider and are logged in there. If you are logged in to the plug-in provider, the data we collect is directly assigned to your account with the plug-in provider. If you click the activated button and, for example, link to the page, the plug-in provider also saves this information in your user account and shares it publicly with your contacts. We recommend that you regularly log out after using a social network, but especially before activating the button, as this helps you avoid an assignment to your profile with the plug-in provider.

For more information on the purpose and scope of data collection and processing by the plug-in provider, please refer to the privacy statements of these providers provided below. There you will also receive further information about your rights in this regard and setting options to protect your privacy.

Addresses of the respective plug-in providers and URL with their privacy notices:

www.linkedin.com/legal/privacy-policy?trk=homepage-basic_footer-privacy-policy/

http://www.facebook.com/policy.php;

https://privacy.xing.com/de/datenschutzerklaerung

www.twitter.com/privacy

2. Visitors to the social media profiles of SKW Schwarz

SKW Schwarz has profiles on various social media platforms. These platforms are operated by service providers who process data for the provision of these pages.

The purpose of data processing on our social media profiles is to provide interesting content and to interact with visitors on social media platforms. Depending on the social media service, usage data may be analyzed to optimize our social media presence.

The data processed include content data (e.g., posts, comments) and usage data (e.g., click behavior, length of stay) on our social media profiles.

Information and data displayed or shared on the social media profiles of SKW Schwarz may be accessible to the respective operator of the respective social media platform, its users or commissioned service providers.

Further details on data processing are presented below:

Instagram:

We and Meta Platforms Ireland Limited, 4 Grad Canal Square, Dublin 2, Ireland (hereinafter "Meta") as the provider of Instagram are jointly responsible for the processing of personal data via the Instagram profile of SKW Schwarz. The joint responsibility agreement is available at: https://www.facebook.com/legal/terms/page_controller_addendum. Pursuant to this agreement, Meta is responsible for informing data subjects about the data processing. Instagram's privacy policy is available at: https://privacycenter.instagram.com/policy/?entry_point=ig_help_center_data_policy_redirect. Data subjects may exercise their rights against either of the controllers, SKW Schwarz or Meta. For more information about the data Meta shares with SKW Schwarz, please visit https://privacycenter.instagram.com/policy/?entry_point=ig_help_center_data_policy_redirect. The legal basis for processing the data is our legitimate interest in analyzing usage data to improve SKW Schwarz's Instagram profile (Article 6 para 1 lit. f) GDPR).

LinkedIn:

We and LinkedIn (for users in the EU/EEA: LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland) are jointly responsible for the processing of personal data via the SKW Schwarz LinkedIn profile. The joint responsibility agreement is available at: https://legal.linkedin.com/pages-joint-controller-addendum. According to this agreement, LinkedIn is responsible for informing data subjects about the processing activities. LinkedIn's privacy policy is available at: https://www.linkedin.com/legal/privacy-policy. Data subjects may exercise their rights against either of the data controllers, SKW Schwarz or LinkedIn. For more information about the data LinkedIn shares with SKW Schwarz, please visit https://www.linkedin.com/help/linkedin/answer/a547077/viewing-company-page-analytics?lang=de. The legal basis for the processing of data by SKW Schwarz is the legitimate interest in analyzing usage data to improve the LinkedIn profile of SKW Schwarz (Article 6 para 1 lit. f) GDPR).

YouTube:

We operate a channel on the YouTube platform. The collection and processing of this data is the sole responsibility of Google (for EU/EEA: Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland and Google Ireland Limited uses Google LLC in the USA (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) as a service provider). We are not aware of any further details of the processing of personal data in the data control area of Google or any possible data processing in the USA. SKW Schwarz has no influence on the data processing of Google. Information on the processing of personal data by Google can be found in Google's privacy policy: https://policies.google.com/privacy

Facebook:

We and Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland (hereinafter "Meta") are jointly responsible for the processing of personal data via the Facebook profile of SKW Schwarz. The joint responsibility agreement can be viewed at: https://www.facebook.com/legal/terms/page_controller_addendum. According to this agreement, Meta is responsible for informing the data subjects about the data processing. Facebook's privacy policy can be found at: https://www.facebook.com/privacy/policy/. Data subjects may assert their rights against either SKW Schwarz or Meta. For more information about the data Meta shares with SKW Schwarz, please visit: https://www.facebook.com/privacy/policy/.

Xing:

We and New Work SE, Dammtorstraße 30, 20354 Hamburg, Germany (hereinafter "New Work SE") are jointly responsible for the processing of personal data via the Xing profile of SKW Schwarz. Pursuant to this agreement, New Work SE is responsible for informing the data subjects about the data processing. Xing's privacy policy is available at: https://privacy.xing.com/de/datenschutzerklaerung. Data subjects may assert their rights against either SKW Schwarz or New Work SE. For more information about the data that New Work SE shares with SKW Schwarz, please visit https://privacy.xing.com/de/datenschutzerklaerung.

Twitter:

We and Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland (hereinafter "Twitter") are jointly responsible for the processing of personal data via SKW Schwarz's Twitter profile. Under this agreement, Twitter is responsible for informing data subjects about the data processing. Twitter's privacy policy is available at: https://twitter.com/de/privacy. Data subjects may assert their rights against either SKW Schwarz or Twitter. For more information about the data that Twitter shares with SKW Schwarz, please visit: https://twitter.com/de/privacy.

3. Recipients of invitations and newsletters

We offer our clients and business contacts the opportunity to sign up for our newsletter, which we use to inform you about current developments in various areas of law and to draw your attention to events that we are hosting.

When you register, we collect the following personal data from you for the purpose of sending invitations and newsletters:

Salutation
First and last name
E-mail address
Company
Position and title
Location
Topics/legal areas on which you would like to receive our newsletter*.

The information marked with an asterisk (*) is mandatory, without which newsletters and invitations cannot be sent.

The legal basis for the processing of data for the aforementioned purposes is, in the case of contacting our clients, business contacts or their representatives, our legitimate interest in providing information about our service offerings and events in the context of existing business relationships pursuant to Article 6 para 1 lit. f) GDPR or otherwise your expressly granted consent pursuant to Article 6 para 1 lit. a) GDPR.

You have the right to object to the processing of your data at any time if the processing of your data is based on our legitimate interest, or to revoke your consent with effect for the future. To do this, you can write to us or our appointed data protection officer informally using the contact details provided above, or unsubscribe from the newsletter using the link contained in the newsletter email. Your data will be deleted immediately after unsubscribing from the newsletter.

We use service providers (CleverReach GmbH & Co. KG, Schafjückenweg 2, 26180 Rastede, Germany) by way of order processing when sending our newsletter.

4. Event participants

4.1 Registration

To register for our events, we either use a form on our website or the service guestoo (Code Piraten GmbH, Am Ruhmbach 44, 45149 Essen, Germany).

We process the following personal data for the purpose of organizing, preparing and conducting our event, and for related communication (e.g., registration confirmation, acceptance or cancellation, changes to event data, event reminder emails, sending event content, post-event thank you notes, and invitations to comparable events):

Salutation
First and last name of the participant(s)
Company
Contact details (address, telephone or mobile phone number, e-mail address)
Position and title
Booked parts of the event

4.2 Attendance events, image and sound recordings

We reserve the right to make visual and/or audio recordings of individual events for the purpose of conducting the event, documenting it, and using them for our press and public relations work. In such cases, we will inform you about the recording of the event in advance or when you register for participation.

The following data may be collected from you in this context:

Registration data (first and last name)
Position
Company
Picture or video recordings
Speech contributions made within the scope of our event.

The legal basis for processing this data is our legitimate interest in documenting the events we hold and presenting our firm through press and public relations work, in accordance with Article 6 para 1 lit. f) GDPR.

The image and sound recordings made may be transmitted to journalists, media companies, press and photo agencies, and social media platforms, even abroad, for the purpose of press and public relations, and published by us in printed or digital form.

If you object to the processing of your data as described, we ask you to provide reasons why we should not process your personal data as done so far. In the event of your justified objection, we will review the situation and either discontinue or adjust the data processing or show you our compelling legitimate grounds on the basis of which we will continue the processing.

Please note that if the recordings are published, for example, in print media or on the internet, it may not always be possible to remove your data.

Archived image and sound recordings of the event, as well as publications, are usually not deleted.

Making image and sound recordings is not mandatory for participation in the event. If you do not wish to be recorded, please inform our staff at the event location.

4.3 Digital events, image and sound recordings

If we hold webinars or digital events in which you participate, the information above under 4.1 also applies in addition to the following information. If a digital event is recorded, we point out the general conditions made for this at the beginning of the event.

We process your data for the purpose of conducting the event, as well as for documenting the event through image and sound recordings and using the resulting recordings for press and public relations.

Processed data are:

Your registration data (first and last name, position, company, e-mail address, according to your personal setting) as well as
Metadata (call history (date, time and duration of communication), name of the meeting, device/hardware data, connection data (call number, country name, start and end times, IP addresses), location data, support and feedback data
Image and sound recordings from the event.

If you activate the camera and/or microphone of your device, we also process the data transmitted via it.

If you participate in chats, whiteboards, or voting, this data is also processed.

The legal basis for processing the registration data and metadata of participants in events is Article 6 para 1 lit. b) GDPR (contract for the implementation of the event). The legal basis for potential data processing in third countries when using Microsoft Teams is your consent pursuant to Article 6 para 1 lit. a) in conjunction with Article 49 para 1 lit. a) GDPR. In the USA, there is no level of data protection comparable to the requirements of the GDPR. Despite security measures taken in the form of standard contractual clauses with supplementary security concessions, it is possible that government agencies access personal data without us or you knowing about it. Effective enforcement of your rights is unlikely to be possible in the United States. The legal basis for the production of image and sound recordings is your consent given by activating your camera and/ or microphone in accordance with Article 6 para 1 lit. a) GDPR.

The images and sound recordings made may be transmitted to journalists, media companies, press and photo agencies, as well as social media platforms, even abroad, for the purpose of press and public relations, and published by us in printed or digital form.

You have the right to revoke your consent to the processing of your image and/or sound recordings at any time with effect for the future. Please note that in the event of publication of the recordings, for example, in print media or on the internet, it may not always be possible to remove your data.

Archived images and sound recordings of the event and publications will generally not be deleted.

The processing of registration data and metadata is contractually obligatory for participation in events. Without this processing, participation in events is not possible. The making of image and sound recordings is not mandatory for participation in the event. If you do not wish to have images and sound recorded, please deactivate your camera and microphone.

5. Interested parties and communication partners

You can send us an inquiry via e-mail or web form to our communication e-mail address at any time. If you make use of this option, we will process your e-mail address, along with all the information you provide to us, such as title, first and last name, and message content, for the purpose of the communication exchange.

We use an external service provider, Bryter GmbH, Linienstr. 71, 10119 Berlin, for the provision of web forms in the IP protection rights tool and in the M&A checklist. We have concluded an order processing contract with the service provider, including EU standard contractual clauses.

The legal basis for this is initially your express consent in accordance with Article 6 para 1 lit. a) GDPR and, if applicable, the initiation of a contractual relationship in accordance with Article 6 para 1 lit. b) GDPR.

Inquiries and communications are stored differently depending on their content. However, in the absence of a legal retention period, they are deleted immediately after their purpose ceases to exist.

6. Job applicants

You can send us application documents by mail, post, or fax.

We will store your data required for contacting us and for an application process for the purpose of carrying out an application procedure in compliance with the statutory provisions. The legal basis for this is Article 6 para 1 lit. b) GDPR and Section 26 para 1 in conjunction with para 8 S. 2 Federal Data Protection Act (implementation of pre-contractual measures).

The following data may be processed by us during the application process:

Master data (title, first name, last name, date of birth, if applicable)
Contact data (address, telephone or mobile phone number, private e-mail address)
Application data (e.g., profile picture as well as other documents such as CV, cover letter, overall application, certificates).

In the event of employment, the data will be transferred to the HR file. Information on the storage period can be found in the information on the processing of personal data of our employees.

If an application for a specific job posting is unsuccessful, your data will remain stored for evidentiary purposes for up to 6 months after the conclusion of the application process for the purpose of asserting, exercising, or defending any legal claims. In the event of expressed interest in other positions as well, the data will remain stored for up to 12 months after the last job offer or the last concrete expression of interest.

The provision of the data is not required by law or contract. You are not obliged to provide the data. However, if you do not provide the data, it will not be possible to carry out an application procedure and, if applicable, to hire you.

7. General information and rights of the data subjects

Pursuant to Article 15 et seq. GDPR, you have the following rights concerning personal data about you:

Right to information,
Right to rectification or deletion,
Right to restriction of processing,
Right to object to processing,
Right to revoke consent given,
Right to data portability.

If you have any questions regarding the processing of your data or if you wish to assert your rights, you can contact our external data protection officer in confidence at any time via the contact channel specified above.

You also have the right to complain to a data protection supervisory authority about the processing of your personal data by us.

Status: July 2023