Privacy
Contact details of the responsible persons:
Michaela Simone Paul, LL.M.
Prinz-Georg-Str. 40
40477 Düsseldorf
Tel.: +49 (0) 211 542 122 55
Mobile: + 49 (0) 173 687 598 0
Fax: +49 (0) 211 542 122 55
E-mail: info@paul-ip.de:
I. Collection of personal data as well as purpose, duration of storage, legal basis and existing objection and elimination possibilities
1. Visiting the website
Each time a user accesses a page of my website, the system automatically collects data and information from the computer system of the calling computer, whereby the following data is collected:
(1) IP address of the user,
(2) Date and time of access,
(3) transmitted data volume,
(4) Operating system and web browser of the user,
(5) Host name of the accessing computer,
(6) requested web page or file,
(7) URL previously visited by the user.
The storage of the IP address by the system is necessary for the duration of the session so that the website can be delivered to the user’s computer. It will be made anonymous after the technical requirement is no longer applicable by deleting the last number block (Ipv4) or the last octet (Ipv6).
The data will be deleted as soon as they are no longer necessary for the purpose for which they were collected. In the case of the collection of data for the provision of the website, this is the case when the respective session is ended.
The temporary storage of the above-mentioned data is based on the legal basis of Art. 6 para. 1 lit. f EU- General Data Policy Regulation (hereinafter “GDPR”), namely my legitimate interest in the provision of my website and the investigation of improper use.
There is no possibility of objection here; the person concerned can at best waive the use of my website.
2. Cookies
The website uses cookies (session cookies and permanent cookies) in order to make the visit more pleasant, to be able to adapt my services to the needs of the visitor to my website and to be able to identify the calling browser during an order process even after a page change. For this purpose, we transfer so-called cookies, i.e. small text files which are automatically stored on the end device of the person concerned.
The storage period of the different cookies varies but is no longer than two years. They are stored locally on the end device of the person concerned, so the actual duration of deletion depends on the configuration of the users’s browser software. The person concerned can find out from the operating instructions of his browser software how to delete cookies either automatically or on an occasion-related basis.
The storage of the above-mentioned data is based on the legal basis of Art. 6 para. 1 lit. f GDPR (legitimate interest), since an analysis can optimize the quality of the website, the visit of the website and only then orders are possible. Otherwise, page changes cannot be recognised. Furthermore, the storage is carried out on the legal basis of Art. 6 para. 1 lit. b GDPR for the execution of a contract.
The person concerned can block the use of cookies in his or her terminal device or delete the cookies after they have been used. However, the person concerned must then reckon with the fact that under certain circumstances he or she may not be able to use individual functions of the offer. The blocking or deletion of set cookies can be taken from the instructions of the browser software.
3. Contacting
The person concerned can contact me by phone, fax, e-mail, beA. The personal data transmitted – name, address, e-mail address, telephone number, date and time of the enquiry and the description of the request, if necessary contractual data if the enquiry is made in the context of the commencement or execution of a contract – will be stored and processed in order to be able to process the request of the person concerned.
The personal data will be deleted as soon as the data is no longer necessary to achieve the purpose, which is the case when the purpose of the request has been finally fulfilled and there are no contractual or fiscal retention obligations to the contrary. Should the data be the subject of business letters within the meaning of §§ 147 (1) No. 2 and 3, 257 (1) No. 2 and 3 German Commercial Code or subject of taxation within the meaning of § 147 (1) No. 5 German Tax Code, the data will be deleted at the end of six years unless shorter retention periods are permitted under other tax laws. Data from accounting documents within the meaning of §§ 147 para. 1 No. 1, 4, 4a German Tax Code, 257 para. 1 No. 1 and 4 German Commercial Code are deleted at the end of ten years at the end of the year.
The aforementioned data is stored on the one hand on the legal basis of Art. 6 para. 1 letter b GDPR in order to be able to process contact enquiries and to prevent misuse of the contact enquiry and on the other hand on the legal basis of Art. 6 para. 1 letter f GDPR in the case of contract initiation or fulfilment.
An objection or deletion is not possible if there are legally standardized retention periods and the data must remain stored and processed for the execution and handling of the contract. In all other cases, the person concerned has the possibility of objecting to the storage at any time after contacting us; the data stored for the transaction will then be deleted.
II. Rights of the data subject
If personal data of the person concerned is collected and processed, the persons concerned have the following rights:
- Right of access under Art. 15 GDPR to the extent specified in the article;
- Right to rectification in accordance with Art. 16 GDPR;
- Right to erasure (“right to be forgotten”) of personal data pursuant to Art. 17 GDPR, if one of the reasons mentioned in the article applies, such as that the data are no longer necessary for the purposes for which they were collected or otherwise processed / the data subject withdraws consent on which the processing is based according to point (a) of Article 6 para. 1 GDPR, or point (a) of Article 9 para. 1 GDPR, and where there is no other legal ground for the processing;/ the data subject objects to the processing pursuant to Art. 21 para. 1 GDPR and there are no overriding legitimate reasons for the processing, or the data subject withdraws his consent pursuant to Art. 21 para. 2 GDPR, the data subject objects to the processing / the personal data have been unlawfully processed /the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject / the personal data have been collected in relation to the offer of information society services referred to in Art. 8 para. 1 GDPR, unless the processing is necessary for the exercise of the right to freedom of expression and information / to comply with a legal obligation / for reasons of public interest in the field of public health / for archiving, scientific or historical research purposes in the public interest or for statistical purposes / to assert, exercise or defend legal claims;
- Right to restriction of processing pursuant to Art. 18 GDPR in so far as the accuracy of the personal data is disputed by the data subject, for a period of time that enables the controller to verify the accuracy of the personal data / the processing is unlawful and the data subject refuses to delete the personal data and instead requests the restriction of the use of the personal data / the controller no longer needs the personal data for the purposes of the processing but the data subject needs them in order to assert, exercise or defend legal claims / the data subject objects to the processing pursuant to Art. 21 para. 1 GDPR, as long as it is not yet clear whether the legitimate reasons of the controller outweigh those of the data subject;
- Notification obligation regarding rectification or erasure of personal data or restriction of processing under Art. 19 GDPR;
- Right to data portability pursuant to Art. 20 GDPR the data subject has the right to receive the personal data concerning him or her that he or she has provided to a controller in a structured, common and machine-readable format and the right to transfer such data to another controller without hindrance by the controller to whom the personal data has been provided, provided that the processing is based on consent pursuant to Art. 6 paragraph 1 lit.a or Art. 9 para. 2 lit. a GDPR or on a contract pursuant to Art. 6 para. 1 lit. b GDPR / the processing is carried out with the aid of automated procedures;
- Right to object under Art. 21 GDPR: In particular, the data subject has the right to object at any time, for reasons arising from his or her particular situation, to the processing of personal data concerning him or her that is carried out pursuant to Art. 6, para. 1, lit. e or f, GDPR; this also applies to profile based on these provisions. The controller shall no longer process the personal data unless he can demonstrate compelling reasons for processing that are worthy of protection and outweigh the interests, rights and freedoms of the data subject, or unless the processing serves to assert, exercise or defend legal claims. Where personal data are processed for the purpose of direct marketing, the data subject shall have the right to object, at any time, to the processing of personal data relating to him/her for the purpose of such marketing, including profiling, insofar as it relates to such direct marketing.
- The data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her pursuant to Article 22 GDPR, unless the decision is necessary for the conclusion or performance of a contract between the data subject and the controller / the decision is authorised by Union or national legislation to which the controller is subject and that legislation provides for adequate safeguards of the rights and freedoms and legitimate interests of the data subject / the decision is taken with the explicit consent of the data subject;
- Right to lodge a complaint with a supervisory authority pursuant to Art 77 GDPR;
- Right to an effective judicial remedy against a controller or processor pursuant to Art. 79 GDPR.