1 – General information about data processing
Personal information is any information that helps to uniquely identify a person. It is, therefore, data that can be traced back to a person.
These personal details include the first name and last name, the telephone number and the email address of the concerned person. Personal details also include information on hobbies, memberships and preferences as well as websites that are accessed.
Processing refers to any single or series of operations, related to personal data and performed with or without the aid of automated procedures, such as collecting, recording, organising, filing, storing, adapting or modifying, reading, querying, using, disclosure by submission, dissemination or other form of provision, synchronisation or linking, restriction, deletion or destruction.
Personal details will only be processed by us if the law permits this, or the user agrees to the collection, use and disclosure of the data.
1a – Scope of processing of personal data
In principle, we process personal data of our users only insofar as this is necessary to provide a functioning website and our content and services. The personal data of our users is typically collected and used only with the consent of the user. An exception applies to cases where obtaining prior consent is not possible for factual reasons and the processing of the data by law is permitted.
1b – Legal basis for the processing of personal data
Art. 6 para. 1 line 1 lit. a GDPR applies as legal basis insofar as we obtain the consent of the concerned person for processing of personal data.
Art. 6 para. 1 line 1 lit. b GDPR applies as legal basis to the processing of personal data necessary for the fulfilment of a contract to which the concerned person is a party. This also applies to processing operations required to carry out pre-contractual actions.
Art. 6 para. 1 line 1 lit. c GDPR applies as legal basis to the processing of personal data required to fulfil any of our mandatory legal obligations.
Art. 6 para. 1 line 1 lit. d GDPR applies as legal basis if vital interests of the concerned or another natural person require the processing of personal data.
Art. 6 para. 1 line 1 lit. f GDPR applies as legal basis to the processing of data required to safeguard the legitimate interests of our company or of a third party, unless the interests, fundamental rights and freedoms of the concerned person outweigh the interests of our company.
1c – Data economy
We store personal data according to the principles of data reduction and data economy only as long as it is required or legally prescribed (statutory retention period). We block or delete the data if the purpose of the information collected no longer exists or the retention period ends.
1d – Data deletion and storage duration
The personal data of the concerned person will be deleted or blocked once the purpose of the storage no longer exists. Data may also be stored if specified by the European or national legislation in EU regulations, laws or other regulations, governing the responsible party (e.g. Art. 50 para. 1 Rules of Professional Practice – Berufsordnung für Rechtsanwälte). Blocking or deletion of the data also takes place when a storage period prescribed by the mentioned standards expires, unless there is a need for further storage of the data for conclusion or fulfilment of the contract.
1e – Your rights to information, correction, blockage, deletion and objection
You have the right:
- pursuant to Art. 15 GDPR to request information free-of-charge about your personal data processed by us. In particular, you can demand information on the processing purposes, the category of personal data, the categories of recipients, to whom your data is disclosed, the planned retention period, the right to correction, deletion, limitation of processing or objection, the existence of the right to lodge a complaint, the source of your data, unless collected by us, and the existence of automated decision-making, including profiling and, where appropriate, plausible information about their details;
- pursuant to Art. 16 GDPR, to demand the prompt supplementation or correction of incorrect personal data, stored by us;
- pursuant to Art. 17 GDPR, to demand the deletion of your personal data stored by us, unless the processing is required for exercising the right to freedom of expression and information, for the fulfilment of a legal obligation, for reasons of public interest or for the assertion, exercise or defence of legal claims;
- pursuant to Art. 18 GDPR, to demand the restriction of the processing of your personal data, as far as the accuracy of the data is disputed by you, or if the processing is unlawful, but you reject deletion of data and we no longer need the data but you need such data to assert, exercise or defend any legal claims, or you have objected to processing pursuant to Art. 21 GDPR;
- pursuant to Art. 20 GDPR, to obtain your personal data provided to us in a structured, common and machine-readable format or to request the transfer to another responsible party;
- pursuant to Art. 7 para. 3 GDPR, to informally revoke your once granted consent to us at any time. As a result, we are no longer allowed to continue the data processing that is based on this consent, and
- pursuant to Art. 77 GDPR, to complain to a supervisory authority. As a rule, you can contact the supervisory authority of your usual place of residence or workplace, or our office.
The competent supervisory authority for the state of Hessen is:
PO box 3163
T +49 611 1408 - 0
F +49 611 1408 - 900
Furthermore, you have the right to object to the processing of your personal data at any time.
To this end, please contact our Data Protection Officer or write an email to email@example.com.
It is necessary to keep the data in a lock file for inspection purposes to allow consideration of a data lock at any time. Unless there is a legal obligation to archive, you can also request the deletion of this data. Otherwise, we will block the data if you want.
2 –Collecting general information in access logs (so-called log files)
When you visit our website, the browser used on your device automatically sends information to the server of our website. This information is temporarily stored in the log file. The following information will be collected without any action on your part and stored until automated deletion:
- IP address of the requesting computer (in anonymised form),
- date and time of access,
- name and URL of the retrieved file,
- transferred amount of data,
- website from where it is accessed (referrer URL),
- browser used and, if necessary, the operating system of your computer as well as the name of your access provider.
The data mentioned is processed by us for the following purposes:
- ensuring a smooth connection of the website,
- ensuring comfortable use of our website,
- evaluation of system security and stability as well as
- for further administrative purposes.
The legal basis for data processing is Art. 6 para. 1 line 1 lit. f GDPR. Our legitimate interest follows from the data collection purposes mentioned above. We do not use the data collected in any way to draw conclusions about your personal details.
Without this data, it would not be unlimited technically possible to deliver and display the contents of the website. In this respect, the collection of data is necessary. They help us to optimise the website and the technology. We also reserve the right to subsequently check the log files in case of suspected illegal use of our website.
The data will be deleted as soon as it becomes unnecessary for fulfilling the purpose of its collection.
The IP addresses in log files are anonymised so that identification of the calling client is not possible. In addition, log files are deleted after 60 days.
3 – Disclosure of data
We will not disclose your personal data to third parties for purposes other than those listed below.
We only share your personal information with third parties if:
- you have given your express consent to this pursuant to Art. 6 para. 1 line 1 lit. a GDPR,
- the disclosure pursuant to Art. 6 para. 1 line 1 lit. f GDPR is required to assert, exercise or defend legal claims and there is no reason to assume that you have a predominant legitimate interest in not disclosing your data,
- in the case of a legal obligation to disclose pursuant to Art. 6 para. 1 line 1 lit. c GDPR, as well as
- this is legally permissible and is required for the settlement of contractual relationships with you pursuant to Art. 6 para. 1 line 1 lit. b GDPR.
4 – Memory location
Unless described otherwise in this data protection statement, personal data is processed exclusively in data centres that are within the scope of the EU General Data Protection Regulation.
5 – Data security
We use appropriate technical and organisational security measures to protect your data against accidental or intentional manipulation, partial or total loss, destruction or against unauthorised access of third parties to it. Our security measures are continuously improved in line with technological developments.
6 – Applications
On our website, you have the option to contact us to send us your applications online. The personal data transmitted to us during the application process will be used exclusively to process the relevant applications.
The legal basis for processing the data is Art. 6 para. 1 line 1 lit. b or f, Art. 88 GDPR.
Personal data that we receive as part of an application will first be saved for the duration of the application process and additionally for 6 months thereafter, and then deleted. Deviating from this, our confirmation of receipt is stored as a commercial letter (Handelsbrief) for six years. In other words, we will store the information contained in this confirmation of receipt, in particular names, contact details, date of application and the position applied. This extended storage serves to fulfil legal obligations and is based on Art. 6 para. 1 line 1 lit. c GDPR, Sec. 257 HGB (German Commercial Code).
If the personal data is required beyond this time (for example, to assert or defend against civil law claims in connection with the application), deletion will take place as soon as the further storage of the data for these purposes is no longer necessary. In this case storage is based on Art. 6 para. 1 line 1 lit. 1 f GDPR as well.
We will additionally ask for your consent if we want to process your details further (e.g. saving an application for later consideration).
In this context, we do not disclose any details to third parties. The data is used exclusively for the above purposes.
You also have the option to revoke your consent to the processing of your personal data at any time.
7 – Integration of services and contents of third parties
Our website includes services and contents of other providers. These are, for example, maps provided by Google Maps. The transmission of the IP address is absolutely necessary for this data to be accessed and displayed in the user's browser. Thus, the providers (hereinafter referred to as "third-party providers") record the IP address of the relevant user.
Although we endeavour to use only third-party providers, who only need the IP address to deliver content, we have no control over eventual storage of the IP address. This process may also be used for statistical purposes. We will inform our users of any known storage of IP address.
8 – Amendment to our data protection statement
This data protection statement is currently applicable and up to date as of May 2018.
Amendment to this data protection statement may be necessary due to the further development of our website and offers thereof, or changed legal or official requirements. You can view and print the currently applicable data protection statement at any time at www.metis-legal.de/privacy.
9 – Questions for the Data Protection Officer
If you have any questions about data protection, please write us an email (firstname.lastname@example.org) or contact our Data Protection Officer directly:
Dr. Eva Breitenfeld
60329 Frankfurt am Main
T +49 69 271 38 89 0
F +49 69 271 38 89 70