PRIVACY STATEMENT & COOKIES

I. Name and contact details of the person responsible

This data protection information applies to data processing by the following person responsible:

FINIENS LEGAL Freiling Hartmann Rechtsanwälte PartG, represented by the partners York Freiling and Alexander Hartmann, Markgrafenstr. 4, 60487 Frankfurt/Main, Germany, email: welcome@finiens.eu, telephone:  49 (0)69 209 758 900.

II. General information on data processing

Scope of processing of personal data

In principle, we only process the personal data of our users to the extent that this is necessary to provide a functional website and our content and services. The processing of personal data of our users takes place regularly only with the consent of the user. An exception applies in such cases in which it is not possible to obtain prior consent for actual reasons and the processing of the data is permitted by statutory provisions.

Legal bases for the processing of personal data

Insofar as we obtain the consent of the data subject for the processing of personal data, Article 6 (1) (a) of the EU General Data Protection Regulation (GDPR) serves as the legal basis.

• Article 6 (1) (b) GDPR serves as the legal basis for the processing of personal data required to fulfill a contract to which the data subject is a party. This also applies to processing operations that are necessary to carry out pre-contractual measures.
• Insofar as processing of personal data is necessary to fulfill a legal obligation to which our company is subject, Article 6 (1) (c) GDPR serves as the legal basis.
• In the event that vital interests of the data subject or another natural person require the processing of personal data, Article 6 Paragraph 1 lit. d GDPR serves as the legal basis.
• If the processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and fundamental freedoms of the person concerned do not outweigh the first interest, Article 6 Paragraph 1 Letter f GDPR serves as the legal basis for the processing.

DATA PROCESSING IN THIRD COUNTRIES

If we process data in a third country outside the European Union (EU) or the European Economic Area (EEA) or if third-party services we use process or disclose data to other persons, bodies or companies, this is done in accordance with the legal requirements. Unless you have given your separate consent or we process contractually or legally required transfers, we only have the data processed in third countries with a recognized level of data protection, contractual obligation through so-called standard protection clauses of the EU Commission, if certifications or binding internal data protection regulations are available (Art. 44 to 49 GDPR).

Data Erasure and Storage Duration

The personal data of the person concerned will be deleted or blocked as soon as the purpose of storage no longer applies. Storage can also take place if this has been provided for by the European or national legislator in EU regulations, laws or other regulations to which the person responsible is subject. The data will also be blocked or deleted if a storage period prescribed by the standards mentioned expires, unless there is a need for further storage of the data for the conclusion or fulfillment of a contract. If the data of the person concerned is not deleted because it is required for other and legally permissible purposes, its processing will be restricted. This means that the data will be blocked and not processed for other purposes. This applies, for example, to the data of the person concerned that must be retained for commercial or tax reasons (six years in accordance with Section 257 (1) HGB and ten years in accordance with Section 147 (1) AO).

III. When visiting the website

When you visit our website, your web browser transmits usage data. These are technically necessary in order to enable a connection to be established between the accessing computer and the server and thus make our website available to you. 

Types of data processed are usage data (e.g. websites visited, amounts of data transferred, interest in content, access times,  Website from which the request comes (referrer URL), information about the browser and browser settings, operating system and its interface,   Meta/communication data (e.g. device information, IP addresses).

Affected persons are users (e.g. website visitors, users of online services).

Purposes of processing are the provision of our online offer and user-friendliness; Safety measures; Initiation and provision of contractual services.

The legal basis is our legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR).

 Log file information is stored for a maximum of 30 days and then deleted or made anonymous if special purposes (e.g. evidence) require longer storage. 

HOSTING

This website is hosted by an external service provider (hoster): 1&1 IONOS SE, Elgendorfer Str. 57, 56410 Montabaur. The personal data collected on this website is stored on the host's servers. This can primarily be IP addresses, contact requests, meta and communication data, contract data, contact data, names, website access and other data generated via a website.

The hoster is used in the legitimate interest of a secure, fast and efficient provision of our online offer by a professional provider (Art. 6 Para. 1 lit. f DSGVO).

Our hoster will only process your data to the extent that this is necessary to fulfill his performance obligations and will follow our instructions in accordance with a concluded order processing contract with regard to this data. Data protection: https://www.ionos.de/terms-gtc/terms-privacy.

IV. Further data collection and functions (with consent) / COOKIES

GENERAL INFORMATION ON THE USE OF COOKIES

Our website uses cookies. Cookies are text files that are stored in the internet browser or by the internet browser on the user's computer system. If a user calls up a website, a cookie can be stored on the user's operating system. This cookie contains a characteristic character string that enables the browser to be clearly identified when the website is called up again. This website uses the following types of cookies, the scope and functionality of which are explained below:

• Transient cookies
• Persistent cookies
• First Party Cookies
• Third Party Cookies.

Transient cookies are automatically deleted when you close your browser. These include in particular the session cookies. These store a so-called session ID, with which various requests from your browser can be assigned to the joint session. This allows your computer to be recognized when you return to our website. The session cookies are deleted when you log out or close the browser.

 Persistent cookies are automatically deleted after a specified period, which can vary depending on the cookie. You can delete the cookies in the security settings of your browser at any time.

First-party cookies are set by ourselves, while third-party cookies are used by a third party to process user information. 

We use cookies on our website for various functions, including enabling an analysis of the surfing behavior of users. 

In this way, for example, the following data can be transmitted:

• Entered search terms
• Frequency of page views
• Use of website functions

When accessing our website, the user is informed about the various uses of cookies and his/her consent(s) to the various processing of the personal data used in this context is obtained. In this context, there is also a reference to this data protection declaration. 

The legal basis for the processing of personal data using technically required cookies within the meaning of Section 25 (2) TTDSG is Article 6 (1) (f) GDPR.

The legal basis for the processing of personal data using cookies for other purposes is Article 6(1)(a) GDPR if the user has given their consent. Otherwise, the legal basis for the processing of personal data using technically necessary cookies is Art. 6 (1) (f) GDPR.

The purpose of using technically necessary cookies is to enable the use of websites for users. Some functions of our website cannot be offered without the use of cookies. For these it is necessary that the browser is recognized even after a page change. The user data collected by technically necessary cookies are not used to create user profiles. The purposes of the non-essential cookies are listed individually below and in our consent tool (see fingerprint button at the bottom left of our website).

Cookies are stored on the user's computer and transmitted to our site. Therefore, as a user, you also have full control over the use of cookies. You can deactivate or restrict the storage of cookies by changing the settings in your Internet browser or in our consent tool (see fingerprint button at the bottom left of our website). Cookies that have already been saved can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to use all the functions of the website to their full extent.

You can view and revoke your consent using the consent tool (see fingerprint button at the bottom left of our website).

 If the user does not delete it, the cookie will be stored as long as it is used for the purpose (see table). It is automatically deleted according to the expiry date (see table).

 You can also object to the use of cookies from various providers on the websites   https://optout.aboutads.info   and   https://www.youronlinechoices.com/   contradict. In addition, we will inform you separately about the possibility of objecting to individual providers used here.

 If the user does not delete it, the cookie will be stored as long as it is used for the respective purpose. It is automatically deleted according to the expiration date (see fingerprint button at the bottom left of our website).

NEWSLETTER 

This website uses the provider Sendinblue GmbH (formerly Newsletter2Go), Köpenicker Straße 126, 10179 Berlin, Germany, to send newsletters. The e-mail address you provide for the purpose of subscribing to the newsletter will be stored on the Sendinblue servers in Germany. Sendinblue is prohibited from using your data for any purpose other than sending our newsletters. Newsletter2Go is a German, certified provider, which was selected according to the requirements of the General Data Protection Regulation (in particular agreement on order processing Art. 28 DSGVO).

 If you would like to receive our newsletter, we need an e-mail address from you. The newsletters contain a pixel-sized file that is retrieved from the Sendinblue server when the newsletter is opened. With this retrieval, the following data is collected and processed in relation to the email address you provided:

• Mail client/browser (user agent)
• Device specific information
• IP address
• Time and place of retrieval (regional)
• clicked links.

With the help of Sendinblue it is possible for us to analyze our newsletter campaigns. For detailed information on Sendinblue's features, see:   https://us.sendinblue.com/newsletter-software/. We use statistical evaluations of these surveys exclusively to improve our offers.  
By registering for a newsletter, you agree to the data processing described above. Data processing is therefore based on your consent (Article 6 (1) (a) GDPR). You can revoke the declaration of consent at any time for the future, for example by clicking on the "Unsubscribe" link in the newsletter or by sending an e-mail to datenschutz@finiens.eu.

The data you provide for the purpose of receiving the newsletter will be stored by us or the newsletter service provider until you unsubscribe from the newsletter and will be deleted from the newsletter distribution list after you unsubscribe from the newsletter. Data that has been stored by us for other purposes remains unaffected by this.
After your cancellation, your e-mail address will be stored by us or the newsletter service provider in a so-called blacklist, if necessary, to prevent future mailings. The data from the blacklist will only be used for this purpose and will not be merged with other data. This serves both your interest and our interest in complying with legal requirements when sending newsletters (legitimate interest within the meaning of Art. 6 (1) lit. f GDPR). The storage in the blacklist is not limited in time. You can object to the storage if your interests outweigh our legitimate interest.
For more details, please refer to the Sendinblue privacy policy at: https://de.sendinblue.com/datenschutz-uebersicht/.

USERCENTRICS

We use the cookie consent tool of Usercentrics GmbH, Sendlinger Str. 7, 80331 Munich, Germany, on our website to obtain and document your consent(s) to the storage of certain cookies. Usercentrics is prohibited from using your data for purposes other than. Usercentrics is a German, certified provider, which was selected in accordance with the requirements of the General Data Protection Regulation (in particular agreement on commissioned processing Art. 28 GDPR).
When you enter our website, the following personal data is transferred to Usercentrics:

• Your IP address
• Information about your browser
• Information about your terminal device
• Time of your visit to the website
• Your consent(s) or the revocation of your consent(s).

Furthermore, Usercentrics stores a cookie in your browser to be able to assign your consent(s) or their revocation. The data collected in this way is stored until you request us to delete it, delete the Usercentrics cookie yourself or the purpose for storing the data no longer applies, unless mandatory legal retention obligations require longer storage. The consent data (granted consent and revocation of consent) is stored for one year. The data will then be deleted immediately.
Usercentrics is used in accordance with Art. 6 (1) p. 1 lit. c  GDPR to obtain and document the legally required consent. Furthermore, the use of an effective tool for this is carried out our legitimate interests according to Art. 6 para. 1 p. 1 lit. f GDPR.
For more information, please refer to the details in the consent tool by clicking on the fingerprint button at the bottom left of our website and the privacy policy of usercentrics: https://usercentrics.com/de/datenschutzerklaerung/.

IONOS ANALYSIS
We use a user behavior analysis service on our website provided by the external service provider 1&1 IONOS SE, Elgendorfer Str. 57, 56410 Montabaur. The purpose of our use of the tool is to enable the analysis of your user interactions on websites and to use the statistics and reports obtained to improve our offer and make it more interesting for you as a user.
In doing so, the following personal data is transferred to IONOS:

• Your IP address
• Information about your browser
• Information about your terminal device
• Time of your visit to the website
• Type of website visited

This data is deleted as soon as it is no longer required for the processing purposes. The legal basis for the collection and further processing of the information is your given consent (Art. 6 para. 1 p. 1 lit. a GDPR). For more information, please refer to the details in the consent tool by clicking on the fingerprint button at the bottom left of our website as well as the privacy statement of IONOS: https://www.ionos.de/terms-gtc/terms-privacy.

GOOGLE ANALYTICS
We use Google Analytics on our website, a web tracking service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). The purpose of our use of the tool is to enable the analysis of your user interactions on websites and to use the statistics and reports obtained to improve our offer and make it more interesting for you as a user.
Your interactions with our website are collected using cookies, device/browser data, IP addresses and website activity. Your IP addresses are also collected to ensure the security of the service and to provide us, as the website operator, with information about your location (so-called "IP location tracking"). However, in this case, the IP addresses are shortened by Google within the EU/EEA for your protection by means of an anonymization function ("IP masking").
The information about your use of this website and the IP addresses may be transmitted to a Google server in the USA and processed there. Google has, according to its own information, subjected itself to a data protection standard that corresponds to the former EU-US Privacy Shield. Furthermore, so-called standard contractual clauses have been agreed with Google, the purpose of which is to maintain an appropriate level of data protection in the third country. The data will be stored by Google for a maximum of 14 months.
The legal basis for the collection and further data processing is your consent (Art. 6 para. 1 p. 1 lit. a GDPR). The revocation of your consent for the future is possible at any time. The easiest way to carry out the revocation is in the consent tool by clicking on the fingerprint button at the bottom left of our website or install the browser add-on from Google, which can be accessed via the following link: tools.google.com/dlpage/gaoptout?hl=en/.
Further information on data processing when using Google Analytics can be found in the consent tool by clicking on the fingerprint button at the bottom left of our website and at the following link: support.google.com/analytics/answer/6004245?hl=en/ and at www.google.de/intl/de/policies/privacy/.

WEB FONT

We also use external fonts from Google, Inc. on our website, https://www.google.com/fonts ("Google Fonts"). When you visit our website, your browser loads the required Google Fonts into your browser cache in order to display text and fonts correctly. For this purpose, the browser you are using must connect to the servers of 1&1 IONOS SE, Elgendorfer Str. 57, 56410 Montabaur, our host, since the Google Fonts are stored locally there.

This gives IONOS knowledge that our website was accessed via your IP address. The use of the IP address by IONOS is necessary for the display of these Google fonts. The use of these fonts serves to optimize our website and improve its usability for the user. The legal basis is therefore Article 6 (1) (f) GDPR. If your browser does not support Google Fonts, a standard font will be used by your computer. For more information, see Google's privacy policy: https://www.google.com/policies/privacy, Objection options (so-called opt-out): https://www.google.com/settings/ads/. 

MAPBOX

Our website may use an interactive map to show our location on a street map. For this we use a map service from Mapbox, Inc., 740 15th St Nw Suite 500 Washington, DC 20005, USA, and Open-Street-Map Foundation, 132 Maney Hill Road, Sutton Coldfield, West Midlands, B72 1JU, UK. By using Mapbox, information about the use of this website, including your IP address, is transmitted to Mapbox and the Open Street Map Foundation. In doing so, personal data is automatically sent to the service provider em. With your consent in accordance with Art. 49 Para. 1 Letter a) GDPR to a third country (USA/UK). 

Mapbox and OSMF may transfer your data to third parties if this is required by law or if third parties process this data on behalf of them. It cannot be ruled out that the recipients will associate your IP address with other data.

It is technically possible that the recipients could identify at least individual users based on the data received. We have no influence on personal data and personality profiles of website users being processed for other purposes. We do not know how long the recipients store the above data. Access by government agencies without your knowledge cannot be ruled out.

The processing of your personal data is carried out by the person responsible on the basis of your consent in accordance with Article 6 Paragraph 1 Letter a) in conjunction with Article 7 GDPR. You can withdraw your consent at any time by changing your settings in our consent tool (see fingerprint button at the bottom left of our website). The only consequence of not giving your consent is that the Mapbox / OpenStreetMap service will not be made available to you. You can find more information on this in the data protection declarations at OSMF (Privacy Policy)/Services and tile users privacy FAQ and in the privacy policy of map box.

CONTACT

If you contact us via the e-mail address provided, the user's personal data transmitted with the e-mail will be stored. In this context, the data will not be passed on to third parties. The data will only be used to process the conversation. The legal basis for the processing of data transmitted in the course of sending an email is Article 6 Paragraph 1 Letter f GDPR. If the e-mail contact is aimed at concluding a contract, the additional legal basis for processing is Art. 6 (1) (b) GDPR. If contact is made by e-mail, the sole purpose is to process the contact. This is also where the necessary legitimate interest in processing the data lies.

The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. For the personal data sent by email, this is the case when the respective conversation with the user has ended. The conversation is ended when it can be inferred from the circumstances that the facts in question have been finally clarified and storage may no longer be required for legal obligations.

V. In the mandate relationship

If you mandate us, we collect the following information:

•  Inventory data (title, first name, last name), contact data (e.g. e-mail address, address, telephone numbers), content data (e.g. information on facts). 
• Information that is necessary for the assertion and defense of your 999r rights under the mandate and may also contain personal data. In the course of processing the mandate, further personal data can be stored.

Affected persons are clients, contractual partners, communication partners and contractual partners of clients. This data is collected in order to be able to identify you as our client; to provide you with appropriate legal advice and representation; to correspond with you; for invoicing and for the processing of any existing liability claims and the assertion of any claims against you.

In principle, all data, including personal data, are recorded and processed by us in lawyer software for electronic client and mandate files, with whose provider an order processing contract has been concluded.

We also use so-called "cloud services" for the purpose of sending e-mails, creating, storing and managing documents, spreadsheets, databases, presentations, file exchange, calendar management, publishing websites or other content and participating in video conferencing.

In this context, the above personal data can be processed and stored on the servers of the providers. The cloud service providers also process usage data (e.g. websites visited, interest in content, access times) and metadata (e.g. device information, IP addresses), which they use for security purposes and to optimize services. 

The data processing takes place at your request and is necessary according to Art. 6 Para. 1 S. 1 lit Interests in efficient and secure administration and communication processes according to Art. 6 Para. 1 S. 1 lit. f GDPR).

Further information on data processing:

Provider: Microsoft Ireland Operations, Ltd., One Microsoft Place, South County Business Park, Leopardstown, Dubline 18, D18 P521, Ireland

https://www.microsoft.com/de-de/microsoft-365/business/data-security-privacy-germany; https://privacy.microsoft.com/de-de/privacystatement, https://www.microsoft.com/en-us/licensing/product-licensing/products.

The personal data collected by us for the mandate will be stored until the end of the statutory retention period for lawyers (6 years after the end of the calendar year in which the mandate was terminated) and then deleted, unless we are required to do so in accordance with Article 6 Paragraph 1 S. 1 lit. c GDPR due to tax and commercial law storage and documentation obligations (from HGB, StGB or AO) are obliged to store for a longer period of time or you have consented to further storage according to Art GDPR have consented.

Further storage of client-related and/or client-related personal data is also possible in individual cases on the basis of Article 6 Paragraph 1 Sentence 1 lit. Maintaining and defending property rights and other legal relationships is appropriate and necessary and serves the purpose of improved representation, advice and service. 

Non-client and/or client-related personal data from third parties such as service providers will be stored as long as this is necessary for the purposes described above.

VI. Transfer of data to third parties in the client relationship

Your personal data can be passed on to third parties. This includes in particular the disclosure to opponents and their representatives (in particular their lawyers) as well as courts and other public authorities for the purpose of correspondence and to assert and defend your rights. However, such a transmission to third parties only takes place

• on the legal basis of Article 6 (1) sentence 1 lit. b GDPR if and to the extent that the transmission is necessary for the fulfillment and processing of the client relationship, or 
• on the legal basis of Article 6 (1) sentence 1 lit. a GDPR if and to the extent that this is covered by your consent, or
• on the legal basis of Article 6 (1) sentence 1 lit. f GDPR if and to the extent that the transmission is necessary to protect the legitimate interests of us or a third party, in particular clients, and in this case the interests or fundamental rights and freedoms of the person concerned, that require the protection of personal data do not prevail.

The data passed on may only be used by the third party for the stated purposes. Attorney-client privilege remains unaffected. Insofar as it concerns data that is subject to attorney-client privilege, it will only be passed on to third parties in consultation with you. 

VII. data subject rights

You have the right:

• pursuant to Art. 7 Para. 3 GDPR, to revoke any consent you may have given us at any time. As a result, we are no longer allowed to continue the data processing based on this consent for the future;
• to request information about your personal data processed by us in accordance with Art. 15 GDPR. In particular, you can obtain information about the processing purposes, the category of personal data, the categories of recipients to whom your data was or will be disclosed, the planned storage period, the existence of a right to correction, deletion, restriction of processing or objection, the existence of a Right to complain, the origin of your data, if they were not collected from us, and the existence of automated decision-making including profiling and, if necessary, meaningful information about their details (mentioned decision-making does not take place).
• in accordance with Art. 16 GDPR, to immediately request the correction of incorrect or incomplete personal data stored by us;
• According to Art. 17 GDPR, to request the deletion of your personal data stored by us, unless the processing is necessary to exercise the right to freedom of expression and information, to fulfill a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims is required;
• pursuant to Art. 18 GDPR, to request the restriction of the processing of your personal data if you dispute the accuracy of the data, the processing is unlawful, but you refuse to delete it and we no longer need the data, but you use them to assert, exercise or defense of legal claims or you have objected to the processing pursuant to Art. 21 GDPR;
• in accordance with Art. 20 GDPR, to receive your personal data that you have provided to us in a structured, common and machine-readable format or to request transmission to another person responsible and
• to complain to a supervisory authority in accordance with Art. 77 GDPR. As a rule, you can contact the supervisory authority of your usual place of residence or work or our office (Hesse).

VII. RIGHT TO OBJECT

If your personal data is processed on the basis of legitimate interests in accordance with Article 6 Paragraph 1 Clause 1 Letter f GDPR, you have the right to object to the processing of your personal data in accordance with Article 21 GDPR, provided that there are reasons for this, arising from your particular situation. 

If you would like to make use of your right of objection, an e-mail to is sufficient datenschutz@finiens.eu or a message to our contact details above.