Privacy Policy
I. Name and address of the person responsible
The controller within the meaning of the General Data Protection Regulation is:
ROXIN Rechtsanwälte Part mbB
Rathauscontor
Große Johannisstraße 9
20457 Hamburg
Germany
E-Mail hamburg@roxin.de
Website: https://roxin.com/
II. Name and address of the Data Protection Officer
The data protection officer of the controller is:
Baker Tilly Data Privacy GmbH
Dr. Jörg Buschbaum
Nymphenburger Straße 3b
80355 München
E-Mail: joerg.buschbaum@bakertilly.de
III. Provision of the website and creation of log files
1. Description and scope of data processing
Each time you visit our website, the browser used on your terminal device sends certain information to the server of our website for technical reasons. The following data is collected:
(1) Information about the browser type and version used.
(2) The operating system of the user
(3) The Internet service provider of the user
(4) The IP address of the user
(5) Date and time of access
(6) Websites from which the user’s system accesses our Internet site
(7) Websites that are called up by the user’s system via our website
The data is stored in the log files of our hosting provider. This data is not stored together with other personal data of the user.
We host the content of our website with the following provider:
Mittwald CM Service GmbH & Co. KG
Königsberger Straße 4-6
32339 Espelkamp
For details on data protection, please refer to Mittwald CM Service GmbH & Co. KG’s privacy policy: https://www.mittwald.de/datenschutz.
We have concluded a data processing agreement (AVV) with the above-mentioned provider. This is a contract required by data protection law, which ensures that the provider only processes the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR.
2. Legal basis for data processing
The legal basis for the temporary storage of the data and the log files is Art. 6 para. 1 lit. f GDPR.
3. Purpose of data processing
The temporary storage of the IP address by the system is necessary to enable delivery of the website to the user’s computer. For this purpose, the user’s IP address must remain stored for the duration of the session.
The storage in log files is done to ensure the functionality of the website. In addition, we use the data for the technical optimization of the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context.
These purposes are also our legitimate interest in data processing according to Art. 6 para. 1 lit. f GDPR.
4. Duration of storage
The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended.
In the case of storage of data in log files, this is the case after seven days at the latest. Storage beyond this period is possible. In this case, the IP addresses of the users are deleted or alienated, so that an assignment of the calling client is no longer possible.
5. Possibility of objection and elimination
The collection of data for the provision of the website and the storage of the data in log files is mandatory for the operation of the website. Consequently, there is no possibility of objection on the part of the user.
IV. Use of cookies
1. Description and scope of data processing
Our website uses cookies. Cookies are text files that are stored in the Internet browser or by the Internet browser on the user’s computer system. When a user accesses a website, a cookie may be stored on the user’s operating system. This cookie contains a characteristic string of characters that enables the browser to be uniquely identified when the website is called up again.
We use cookies to make our website functional. Some elements of our website require that the calling browser can be identified even after a page change.
The following data is stored and transmitted in the cookies:
(1) Language settings
(2) Log-in information
(3) Consent information (see V. Use of Consent Cookie).
We also use cookies on our website that enable an analysis of the user’s surfing behavior.
In this way, the following data can be transmitted:
(1) Search terms entered
(2) Frequency of page views
(3) Use of website functions
When accessing our website, the user is informed about the use of cookies for analysis purposes and his consent to the processing of personal data used in this context is obtained. In this context, a reference to this privacy policy is also made.
2. Legal basis for data processing
The legal basis for the processing of personal data using cookies for analysis purposes is Art. 6 (1) lit. a GDPR if the user has consented to this.
The legal basis for the processing of personal data using technically necessary cookies is Art. 6 (1) lit. f GDPR.
3. Purpose of data processing
The purpose of using technically necessary cookies is to enable the use of websites for users. Some functions of our website cannot be offered without the use of cookies. For these, it is necessary that the browser is recognized even after a page change.
We use cookies for the following purposes:
- Adoption of language settings
- Retention of the user’s states for all page requests
- Providing cookie consent management for the website
The user data collected through technically necessary cookies are not used to create user profiles.
The analysis cookies are used for the purpose of improving the quality of our website and its content.
Through the analysis cookies, we learn how the website is used and can thus constantly optimize our offer. In these purposes also lies our legitimate interest in the following processing of personal data according to Art. 6 para. 1 lit. f GDPR.
4. Duration of storage, possibility of objection and elimination
Cookies are stored on the user’s computer and transmitted from it to our site. Therefore, you as a user also have full control over the use of cookies. By changing the settings in your Internet browser, you can disable or restrict the storage of cookies. Cookies that have already been stored can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to use all functions of the website in full.
V. Use of Consent-Cookie
1. Description and scope as well as purpose of data processing
We use Borlabs’ consent technology on our website to obtain your consent to the storage of certain cookies in your browser or to the use of certain technologies and to document this in a privacycompliant manner. When you enter our website, a Borlabs cookie is stored in your browser, in which the consents you have given or the revocation of these consents are stored. This data will not be shared with Borlabs.
2. Legal basis for data processing
The legal basis for the processing of the data that takes place in the course of the use of Borlabs’ cookie consent technology is Art. 6 (1) lit. c GDPR. We hereby fulfill our obligation of proof and accountability.
3. Duration of storage
The collected data will be stored until you request us to delete it or delete the Borlabs cookie yourself, or until the purpose for storing the data no longer applies. Mandatory legal retention periods remain unaffected.
VI. Google Analytics
1. Description and scope as well as purpose of data processing
We use Google Analytics to analyze website usage. The data obtained from this is used to optimize our website and advertising measures. Google Analytics is provided to us by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) (“Google”).
During your visit to the website, the following data, among others, is recorded:
- Pages called
- Your behavior on the pages (for example, dwell time, clicks, scrolling behavior)
- Your approximate location (country and city)
- Your IP address (in shortened form, so that no clear assignment is possible)
- Technical information such as browser, Internet provider, terminal device and screen resolution
- Source of origin of your visit (i.e. via which website or via which advertising medium you came to us)
No personal data such as name, address or contact details are ever transferred to Google Analytics.
Google Analytics uses technologies that enable the recognition of the user for the purpose of analyzing user behavior (e.g. cookies or device fingerprinting).
This data is transferred to Google servers in the USA. Google, Inc. is certified under the EU/US Data Privacy Framework.
Since this website uses Google Analytics with the extension “_gat.anonymizeIp”, your IP address will be truncated by Google within Member States of the European Union or in other contracting states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. The IP address transmitted by your browser as part of Google Analytics is, according to its own information, not merged with other data from Google.
For more details please refer to the Google, Inc. privacy policy: https://policies.google.com/privacy?hl=en-US
If you do not agree with the collection, you can prevent it with the one-time installation of the browser add-on to disable Google Analytics or by rejecting cookies via our cookie settings dialog.
2. Legal basis for data processing
The use of this service is based on your consent according to Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG. The consent can be revoked at any time.
With regard to the storage period, we refer to IV.4.
VII. Google reCAPTCHA
1. Description, scope and purpose of data processing
We use the reCAPTCHA cookie from Google on our website in connection with the sending of messages via our contact form. This is used to check whether the data entry in the contact form on our website is made by a human or by an automated program (spam bot). All the user has to do is click on the “I am not a robot” checkbox. This is to ensure that our website is protected against abusive automated spying and spam. The user does not have to type in blurry multicolored characters or the like, as is the case with other methods. Google uses the principle of canvas fingerprinting. This analysis begins automatically as soon as the user enters our website.
The following examples of browser and user data are processed by Google:
- Referrer URL (the address of the website from which the user comes)
- IP address
- Time spent on the website
- Information about the operating system (e.g. Windows, Mac OS X or Linux)
- Cookies (small text files that store data in the user’s browser)
- Mouse and keyboard or touch pad behavior (every action the user performs with the mouse, keyboard or touch pad)
- Date and language settings
- JavaScript objects (JavaScript is a programming language that enables websites to adapt to the user)
- Screen resolution
This data is transferred to Google servers in the USA. Google, Inc. is certified in accordance with the EU/US data privacy framework.
However, your IP address will be shortened beforehand by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there.
If you do not agree with the collection, you can prevent this by installing the browser add-on once to deactivate Google reCAPTCHA or by rejecting the cookies via our cookie settings dialog. In this case, you cannot contact us via our contact form. Alternatively, you can send us your request via our email addresses (hamburg@roxin.de or muenchen@roxin.de).
2. Legal basis for data processing
If you have consented to the use of Google reCAPTCHA, the legal basis for the corresponding data processing is this consent. This consent constitutes the legal basis for the processing of personal data in accordance with Art. 6 para. 1 lit. a GDPR, as may occur when Google reCAPTCHA is used.
With regard to the storage period, we refer to IV.4.
VIII. Newsletter
1. Description and scope of data processing
On our website there is the possibility to subscribe to a free newsletter. When registering for the newsletter, the data from the input mask is transmitted to us.
For the processing of data, your consent is obtained during the registration process and reference is made to this privacy policy.
We use the provider CleverReach to send our newsletter. CleverReach is a service with which the newsletter dispatch can be organized and analyzed. The data you enter for the purpose of receiving the newsletter (e.g. e-mail address) is stored on CleverReach’s servers in Germany or Ireland.
For more details, please refer to CleverReach’s privacy policy at: https://www.cleverreach.com/en-de/privacy-policy/.
2. Legal basis for data processing
The legal basis for the processing of data after registration for the newsletter is the consent given by you in accordance with Art. 6 para. 1 lit. a GDPR.
3. Purpose of data processing
The collection of the user’s e-mail address is used to deliver the newsletter.
The newsletters sent with the provider CleverReach used by us enable us to analyze the behavior of the newsletter recipients. Among other things, it can be analyzed how many recipients have opened the newsletter message and how often which link in the newsletter was clicked. With the help of so called conversion tracking, it can also be analyzed whether a predefined action (e.g. calling up the website) has taken place after clicking on the link in the newsletter.
The collection of other personal data during the registration process serves to prevent misuse of the services or the e-mail address used.
4. Duration of storage
The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. Accordingly, the user’s e-mail address will be stored as long as the subscription to the newsletter is active.
5. Possibility of objection and elimination
The subscription to the newsletter can be cancelled by the user concerned at any time. For this purpose, a corresponding link can be found in each newsletter.
This also enables the revocation of consent to the storage of personal data collected during the registration process.
IX. Contact form and e-mail contact
1. Description and scope of data processing
Our website contains a contact form that can be used for electronic contact. If a user takes advantage of this option, the data entered in the input mask is transmitted to us and stored. These data are:
(1) First and last name
(2) E-mail address
(3) Your message to us
The remaining information is optional. Alternatively, it is possible to contact us via the e-mail address provided. In this case, the personal data of the user transmitted with the e-mail will be stored.
In this context, the data will not be passed on to third parties.
The data will be used exclusively for the processing of your request.
2. Legal basis for data processing
The legal basis for the processing of the data is Art. 6 (1) lit. f GDPR. If the e-mail contact aims at the conclusion of a contract, the additional legal basis for the processing is Art. 6 (1) lit. b GDPR.
3. Purpose of data processing
The processing of the personal data from the input mask serves us solely to process the contact. This is also our necessary legitimate interest in processing the data.
4. Duration of storage
The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. For the personal data from the input mask of the contact form and those sent by e-mail, this is the case when the respective conversation with the user has ended. The conversation is ended when it is clear from the circumstances that the matter in question has been conclusively clarified.
5. Possibility of objection
The user has the possibility to revoke his consent to the processing of personal data at any time. If the user contacts us, he can object to the storage of his personal data at any time. In such a case, the conversation cannot be continued.
You can send us your revocation via our contact form or the contact option given above.
All personal data stored in the course of contacting us will be deleted in this case.
X. Disclosure to third parties
Insofar as you have provided us with personal data, this will not be passed on to third parties. A passing on takes place only
(1) within the framework of consent given by you. When the data is collected, you will be informed of the recipients or categories of recipients.
(2) in the context of processing your inquiries and the use of our services to commissioned subcontractors, who receive the necessary data only for the execution of this order and use it for the intended purpose.
(3) to external service providers (e.g. IT service providers) within the framework of commissioned data processing pursuant to Art. 28 GDPR. These have been carefully selected and commissioned by us, are bound by our instructions and the provisions of the GDPR and are regularly monitored.
(4) in the context of fulfilling legal obligations to bodies entitled to receive information (e.g. authorities).
XI. Handling of applicant data
1. Description and scope of data processing
You have the option of applying to us via our website. If you send us an application, we will process your personal data received in this context (such as contact and communication data, application documents, notes in the context of job interviews) to the extent necessary to decide on the establishment of an employment relationship and, if applicable, the associated onboarding process.
2. Purpose and legal basis for data processing
We process your personal data in connection with the initiation of an employment relationship and in particular for the following purposes:
- Decision on the establishment of an employee relationship (Art. 88 GDPR in conjunction with § 26 BDSG and, if applicable, Art. 6 para. 1 lit. b GDPR);
- to fulfill legal obligations (Art. 6 para. 1 lit. c GDPR);
- to defend legal claims asserted against us (Art. 6 para. 1 lit. f GDPR)
Your personal data may also be processed by us if you give your express consent pursuant to Art. 6 (1) sentence 1 lit. a GDPR in conjunction with Art. 7 GDPR. Art. 7 GDPR to do so. You have the option to voluntarily provide your declaration of consent for this. Failure to give your consent will not have any disadvantages for you (Section 26 (2) BDSG). You can request your consent for inspection at any time and revoke it at any time by sending us an e-mail or by post. The revocation of consent does not affect the permissibility of the processing carried out until the revocation. You can find our contact details above and at the end of this privacy policy.
An automated decision-making in individual cases including profiling according to Art. 22 GDPR does not take place.
The scope of the processing of your personal data is limited by the respective purposes outlined above. If we enter into an employment relationship with you, the data you have provided to us will be processed within the scope of the employment relationship and in accordance with the information contained in the Privacy Policy for Employees.
3. Duration of storage
We process your personal data only as long as it is necessary for the purpose for which it was collected.
The applicant data you enter will generally only be processed until the time of the decision on employment. If an employment relationship does not materialize, the data will be deleted 6 months after the rejection has been sent or after the application documents have been returned to the applicant.
However, if there are statutory retention obligations (in particular, retention obligations under commercial and tax law in accordance with Section 257 of the German Commercial Code (HGB) and Section 147 of the German Tax Code (AO), and retention obligations under social security law), we are obliged to retain certain personal data for longer.
XII. Rights of the data subject
If your personal data is processed, you are a data subject within the meaning of the GDPR and you have the following rights vis-à-vis the controller:
1. Right of information
As a data subject, you have a right to information under the conditions of Art. 15 GDPR.
This means in particular that you have the right to request confirmation from us as to whether we are processing personal data relating to you. If this is the case, you also have a right to information about this personal data and to the information listed in Article 15 (1) of the GDPR. This includes, for example, information about the purposes of processing, about the categories of personal data processed and about the recipients or categories of recipients to whom the personal data have been or will be disclosed
2. Right of rectification
You have a right of rectification and/or completion pursuant to Art. 16 GDPR against the controller, if the processed personal data concerning you are inaccurate or incomplete. The controller shall carry out the rectification without undue delay.
3. Right to restrict processing
As a data subject, you have a right to restrict processing under the conditions of Art. 18 GDPR.
This means that you have the right to demand that we restrict processing if one of the conditions listed in Article 18 (1) GDPR is met. This may be the case, for example, if you dispute the accuracy of the personal data. In this case, the restriction of processing will take place for a period of time that allows us to verify the accuracy of the personal data.
4. Right to deletion
As a data subject, you have a right to erasure (“right to be forgotten”) under the conditions of Art. 17 GDPR.
This means that you generally have the right to demand that we delete personal data relating to you without undue delay, and we are obliged to delete personal data without undue delay if one of the reasons listed in Article 17 (1) of the GDPR applies. This may be the case, for example, if personal data are no longer necessary for the purposes for which they were collected or otherwise processed.
In addition, where we have made the personal data public and we are obliged to erase it, we are obliged to implement reasonable measures, including technical measures, having regard to the available technology and the cost of implementation, in order to inform other data controllers that process the personal data that a data subject has requested that they erase all links to or copies or replications of the personal data.
The right to erasure (“right to be forgotten”) does not apply exceptionally insofar as the processing is necessary for the reasons listed in Art. 17(3) GDPR. This may be the case, for example, insofar as the processing is necessary for compliance with a legal obligation or for the assertion, exercise or defense of legal claims.
5. Right to data portability
As a data subject, you have a right to data portability under the conditions of Art. 20 GDPR.
This means that you generally have the right to receive the personal data concerning you that you have provided to us in a structured, common and machine-readable format, and you have the right to transfer this data to another controller without hindrance from us, provided that the processing is based on consent pursuant to Art. 6(1)(a) or Art. 9(2)(a) GDPR or on a contract pursuant to Art. 6(1) (b) GDPR and the processing is carried out with the help of automated processes.
When exercising your right to data portability, you also have, in principle, the right to obtain that the personal data be transferred directly from us to another controller, insofar as this is technically feasible.
6. Right of objection
You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data relating to you which is carried out on the basis of Article 6(1)(e) or (f) of the GDPR; this also applies to an inspection based on these provisions.
The controller shall no longer process the personal data concerning you unless it can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or for the establishment, exercise or defense of legal claims.
If the personal data concerning you is processed for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing; this also applies to profiling, insofar as it is related to such direct marketing.
If you object to processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes.
You have the possibility, in connection with the use of information society services – notwithstanding Directive 2002/58/EC – to exercise your right to object by means of automated procedures using technical specifications.
7. Right to revoke the declaration of consent under data protection law
You have the right to revoke your declaration of consent under data protection law at any time. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.
8. Right of appeal to a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, workplace or the place of the alleged infringement, if you consider that the processing of personal data concerning you infringes the GDPR.