Privacy Policy

This Privacy Policy serves to inform you about the collection of your personal data when using our website or offerings. According to the General Data Protection Regulation (GDPR), personal data means any information relating to you as an identified or identifiable person, such as name, address, email address, or user behavior.

The data controller pursuant to Article 4 (7) GDPR is SKW Schwarz Rechtsanwälte Steuerberater Wirtschaftsprüfer Partnerschaft mbB, Wittelsbacherplatz 1, 80333 Munich, Germany, phone: +49 (0)89 2 86 40 - 0, email: muenchen@skwschwarz.de (hereinafter referred to as “SKW Schwarz”).

You may contact our external data protection officer Volker Wodianka by email at volker.wodianka@privacy-legal.de or by postal mail at our street address with the addition “Data Protection Officer.”

Below we have compiled the most important information on typical data processing operations broken down by data subject groups. The information requirements for certain data processing operations that only affect specific groups are met separately.

1. Website visitors

2. Recipients of invitations and newsletters

3. Event participants

4. Interested parties and communication partners

5. Applicants for employment

6. General information and rights of data subjects

1. Website Visitors

1.1 Informational use of our website

In cases of purely informational use of our website, we collect the following personal data as transmitted by your browser to our server for the purpose of providing the website content accessed by you and to ensure the security of the IT infrastructure used, for troubleshooting purposes, and to enable and simplify website searches:

  • IP address
  • date and time of access
  • time zone difference from Greenwich Mean Time (GMT)
  • content for the request (specific page)
  • access status/ http status code
  • amount of data transferred in each case
  • website from which the request originates (referrer URL)
  • browser
  • operating system and its interface
  • language and version of the browser software

The legal basis for the processing is our legitimate interest in operating an internet presence to provide information about our services and events in accordance with Article 6 (1) (f) GDPR.

The data is provided automatically by the website visitor’s browser. The processing of your data is technically necessary. Therefore, it is not possible to use the website without providing the personal data listed.

IP addresses will be anonymized after no more than 24 hours. Pseudonymous usage data will be deleted after six months.

1.2 Usercentrics Consent Manager

We use the Consent Management Platform (CMP) of Usercentrics GmbH, Sendlinger Str. 7, 80331 Munich, Germany. The tool allows you to conveniently manage your consent to the setting of cookies that are technically not necessary and to make relevant changes such as revocations of consent or objections.

The tool also includes the information required by Article 13 GDPR on the processing of your personal data by Usercentrics CMP and cookies that are technically not necessary.

You may access our CMP settings by clicking on the fingerprint icon in the lower left of the web page.

  1.3 Integration of social media plug-ins

This website uses “social plug-ins” of the social networks Instagram, Xing, Facebook, and Twitter as operated by

  • Facebook Inc, 1601 S. California Ave, Palo Alto, CA 94304, USA (Instagram, Facebook);
  • New Work SE, Dammtorstraße 30, 20354 Hamburg, Germany;
  • and Twitter Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107, USA,

The website uses the “two-click solution” meaning that when you visit our site, no personal data is initially passed on to the plug-in providers, which may be identified by their logos. The button offers you the opportunity to communicate directly with the plug-in provider. Only by clicking on the marked field and thereby activating it, the plug-in provider will receive the information that you have accessed the relevant web page of our online offering. In addition, the data mentioned under section 1.1 of this Privacy Policy will be transmitted. In the case of Facebook, according to the respective providers in Germany, the IP address will be anonymized immediately after collection. By activating the plug-in, your personal data is transmitted to the respective plug-in provider and stored there (in the case of US providers, in the USA).

We have no influence on the collected data and data processing procedures and we are unaware of the full extent of the data collection, the purposes of the processing, and the storage periods. We have no information about the erasure of the collected data by the plug-in provider either.

The plug-in provider stores the data collected about you as usage profiles for purposes of advertising, market research and/or demand-oriented design of its website. Such evaluations are performed in particular (including for non-logged-in users) for the display of needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles by contacting the respective plug-in provider. Via the plug-ins, we offer you the opportunity to interact with the social networks and other users to improve our offering and to make it more interesting for you as a user. The legal basis for the use of the plug-ins is Article 6 (1) (a) GDPR.

The data is transferred irrespective of whether you have an account with the plug-in provider and are logged in there. If you are logged in to the plug-in provider, your data collected by us will be directly assigned to your account with the plug-in provider. If you click the activated button and, for example, link to the page, the plug-in provider will also store this information in your user account and share it publicly with your contacts. We recommend logging out regularly after using a social network, but especially prior to activating the button, as this allows you to avoid an allocation to your profile with the plug-in provider.

Additional information on the purpose and scope of the data collection and its processing by the plug-in provider is available in the Privacy Policies of these providers as communicated below. There you will also receive further information about your rights and setting options to protect your privacy.

Addresses of the respective plug-in providers and URLs with their privacy policies:

http://www.facebook.com/policy.php;

https://privacy.xing.com/de/datenschutzerklaerung

www.twitter.com/privacy

   

2. Recipients of invitations and newsletters

We offer you the opportunity to subscribe to our newsletter which serves to inform you about current developments in various areas of law and to draw your attention to events hosted by us.

Upon your registration, we collect the following personal data from you for the purpose of sending the newsletter:

  • salutation
  • first and last name*
  • email address*
  • company name
  • position and title
  • location
  • topics/legal areas for which you would like to receive our newsletter*.

Information marked with an asterisk (*) is mandatory for sending out newsletters and invitations.

In addition, we take the liberty of informing our clients and business contacts about important legal developments by way of newsletters and invitations to events.

The legal basis for the processing of data for the aforementioned purposes is, in the case of contacting our clients, business contacts or their contact persons, our legitimate interest in providing information about our service offerings and events as part of existing business relationships in accordance with Article 6 (1) (f) GDPR or otherwise your expressly given consent in accordance with Article 6 (1) (a) GDPR.

You have the right to object to the processing of your data at any time, where the processing of your data is based on our legitimate interest, or to revoke your consent with effect for the future. In such event, write to us or our appointed data protection officer informally using the contact details given above or unsubscribe from the newsletter via the link contained in the newsletter email. Your data will be deleted without delay after unsubscribing from the newsletter.

For sending our newsletters we use service providers (CleverReach GmbH & Co. KG, Schafjückenweg 2, 26180 Rastede, Germany) by way of processing on behalf of others.  

   

3. Event participants

3.1 Registration

For the registration to our events we use either a form on our website or the guestoo service (Code Piraten GmbH, Am Ruhmbach 44, 45149 Essen, Germany).

We process the following personal data for the purpose of organizing, preparing, and holding our events and for related communication (e.g., confirmation of registration, acceptance, or cancellation, changes to the event data, email reminders about the event and sending event content and thank-you notes after the event):

  • salutation
  • first and last name of the participant(s)
  • company name
  • contact details (address, telephone or mobile number, email address)
  • position and title
  • booked parts of the event

Legal basis for the processing of data of event participants is Article 6 (1) (b) GDPR (establishment and implementation of a contractual relationship regarding participation in the event) The processing of your data using cookies when registering via guestoo is based on our legitimate interest in the use of technically secure registration technology that optimizes our attendee management, Article 6 (1) (f) GDPR.

The data provided will be stored for the duration of the event and will be deleted without delay after completion.

Session cookies will be deleted after seven days, cookies to control the cookie notice after 12 months.

It is contractually obligatory to provide the data for event participation. Participation in events is not possible without providing data.

3.2 Face-to-face events, video and audio recordings

We reserve the right to make visual and/or audio recordings of individual events for the purpose of holding and documenting our event and using it for our press and public relations work. In this case, we will inform you about the recording of the event in advance or when you register for participation.

The following data may be collected from you in this case:

  • registration data (first and last name)
  • position
  • company name
  • image or video recording
  • speeches that you may have given in the course of our event

The legal basis for processing this data is our legitimate interest in documenting the events we hold and presenting our firm via press and public relations work in accordance with Article 6 (1) (f) GDPR.

The image and sound recordings may be transmitted to journalists, media companies, press and photo agencies, and social media platforms, including abroad, for the purpose of press and public relations work and may be published by us in printed or digital form.

You have the right to object to the processing of your data as described. When exercising such an objection, we ask you to explain the reasons why we should not process your personal data. In the event of your justified objection, we will review the merits of the case and either cease or adapt the data processing or show you our compelling legitimate grounds on the basis of which we will continue the processing. Please note that in the event of publication of the recordings in, for example, print media or on the internet, it will not always be possible to remove your data.

Archived images and sound recordings of the event and publications will generally not be deleted.

Image and sound recordings are not obligatory for participation in the event. If you do not wish to have images and sound recorded, please notify our staff at the venue.

3.3 Digital events, image and sound recordings

When holding webinars or digital events in which you participate, the information in section 1.1 above applies in addition to the following information. If a digital event is recorded, we will explicitly point this out in the invitation and at the beginning of the event.

We process your data for the purpose of conducting and documenting the event through image and sound recordings and the use of the resulting recordings for the purpose of press and public relations.

The following data will be processed:

  • your login data (first and last name, position, company name, email address, according to your personal setting)
  • metadata (access history (date, time and duration of communication), meeting name, device/hardware data, connection data (phone number, country name, start and end times, IP addresses), location data, support and feedback data
  • image and sound recordings of the event.

If you activate the camera and/or the microphone of your device, we will also process the transmitted data.

Data on your participation in chats, whiteboards or polls will also be processed.

The legal basis for the processing of registration data and metadata of participants at events is Article 6 (1) (b) GDPR (contract for the implementation of the event). The legal basis for possible data processing in third countries when using Microsoft Teams is your consent pursuant to Article 6 (1) (a) in conjunction with Article 49 (1) (a) GDPR. In the USA, there is no level of data protection that is comparable to the requirements of the GDPR. Despite security measures taken in the form of standard contractual clauses with supplementary security concessions, it may be possible for government agencies to access personal data without our or you knowledge. It is unlikely that effective enforcement of your rights will be possible in the USA. The legal basis for the recording of images and sounds is your consent given by activating your camera and/or microphone in accordance with Article 6 (1) (a) GDPR.

The image and sound recordings made may be transmitted to journalists, media companies, press and photo agencies and social media platforms, including abroad, for the purpose of press and public relations and may be published by us in printed or digital form.

You have the right to revoke your consent to the processing of your image and/or sound recordings at any time with effect for the future. Please note that in the event of publication of the recordings in, for example, print media or on the internet, it will not always be possible to remove your data.

Archived images and sound recordings of the event and publications will generally not be deleted.

It is contractually obligatory to process registration data and metadata for participation in events. Without this processing, participation in events is not possible. The making of image and sound recordings is not obligatory for participation in the event. If you do not wish to have images and sound recorded, please deactivate your camera and microphone.

   

4. Interested parties and email inquiries

You may send us an inquiry via email to our communication email address at any time. If you use this option, we will process your email address together with all the information provided by you, such as title, first and last name and message content, for the purpose of the communication exchange.

The legal basis for this is your express consent in accordance with Article 6 (1) (a) GDPR and, where applicable, the initiation of a contractual relationship in accordance with Article 6 (1) (b) GDPR.

Depending on their content, inquiries and communications will be stored differently but in the absence of a legal retention period will be erased without delay after the end of their purpose.

   

5. Applicants for Employment

You may send us application documents by email, postal mail or fax.

Your data required for contacting us and for an application process will be stored for the purpose of carrying out an application process in compliance with the statutory provisions. The legal basis for this is Article 6 (1) (b) GDPR and Section 26 (1) in conjunction with (8) sentence 2 Federal Data Protection Act (implementation of pre-contractual measures).

The following data may be processed by us as part of the application process:

  • master data (title, first name, last name, possibly date of birth)
  • contact details (address, telephone or mobile number, private email address)
  • application data (e.g., profile picture and additional documents such as CV, cover letter, overall application, certificates).

In the event of employment, the data will be transferred to the HR file. Information on the storage period can be found in the information on the processing of personal data of our employees.

If an application for a specific job advertisement is not successful, your data will be stored for evidentiary purposes for up to 6 months after completion of the application process for the purpose of asserting, exercising, or defending legal claims. In cases where an interest in other positions is expressed, the data will remain stored for up to 12 months after the last job offer or the last specific expression of interest.

Data provision is not required by law or contract. You are not obligated to provide the information.

Unless the information is provided, however, it will not be possible to carry out an application process and, where appropriate, recruitment.

   

6. General Information and Rights of Data Subjects

In accordance with Articles 15 et seqq. GDPR, you have the following rights with respect to personal data concerning you:

  • right of access,
  • right to rectification or erasure,
  • right to restriction of processing,
  • right to object,
  • right to withdraw consent given,
  • right to data portability.

If you have any questions regarding the processing of your data or if you wish to assert your rights, you may contact our external data protection officer in confidence at any time using the contact details above.

You also have the right to lodge a complaint with a data protection supervisory authority about our processing of your personal data.

Last updated November 19, 2021