Data Privacy Policy
Protecting your personal data and your privacy is of utmost importance to us, HOFFMANN EITLE Patent- und Rechtsanwälte PartmbB (hereinafter also referred to as "HOFFMANN EITLE"). In this statement, we would therefore like to inform you on how we handle your personal data when you visit our website and about the rights you are entitled to as a data subject.
Controller (Responsible Party)
The "controller" of the data within the meaning of the General Data Protection Regulation (GDPR) is:
HOFFMANN EITLE Patent- und Rechtsanwälte PartmbB
Arabellastraße 30
81925 München
Deutschland
Tel.: +49 (0) 89 92 40 90
E-Mail: pm[at]hoffmanneitle.com
Contact of the Data Protection Officer
To contact our data protection officer, please send an e-mail to datenschutz[at]hoffmanneitle.com or write by post to
intersoft consulting services AG
Mrs Alina Weskamp-Nordmann - personal/confidential
Beim Strohhause 17
20097 Hamburg
As a data subject, you can contact our data protection officer directly at any time in case you have any questions or suggestions with regard to data protection.
Legal Bases for Data Processing
The processing of personal data may be based on various legal grounds. If we need your data in order to perform a contract to which you are a party or in order to respond to any queries you may have with regard to a contract, the legal basis for this data processing is Art. 6 (1) p. 1 letter b GDPR. If we obtain your consent for the processing of your data for a specific purpose, the legal basis is Art. 6 (1) p 1 letter a GDPR. Some data processing is carried out on the basis of our legitimate interest, in which case will always weigh your legitimate interests against our legitimate interests. The legal basis for this is Art. 6 (1) p. 1 letter f GDPR. Insofar as the processing is necessary for the fulfilment of a legal obligation to which we are subject, the legal basis is Art. 6 (1) p. 1 letter c GDPR.
In the following, we explain how we process personal data via our website.
Data Processing When You Access Our Website
When you access our website, the browser used on your terminal device will automatically send information to the server of our website and temporarily store it in a so-called log file. The following information will be collected automatically without intervention on your part and stored until it is deleted automatically:
- Date and time of access
- URL (address) of the referring website (Referrer)
- URL of the (sub)page you are accessing on the website,
- the Internet service provider of the accessing system,
- Retrieved file
- Amount of data sent
- Browser type and version
- Operating system
- IP address of the requesting device
We use the IP address of your terminal device and the other data listed above for the following purposes:
Die IP-Adresse Ihres Endgerätes sowie die weiteren oben aufgelisteten Daten werden durch uns für folgende Zwecke genutzt:
- Ensuring that the connection is established without problems
- Ensuring that you can use our website/application in a comfortable manner
- Evaluation of system security and stability.
The legal basis for the processing of your personal data is Art 6 (1) letter f GDPR. Our legitimate interest is based on the purposes of data collection specified above.
The data will be stored for a period of 14 days, after which it will be deleted automatically. Furthermore, we use so-called cookies for our website, as well as analysis tools and targeting methods, as explained in more detail below.
Getting in Contact
Whenever you send us an e-mail or contact us via our contact form, we will store the communicated details (i.e. your e-mail address, your name and phone number if you indicate them) or further data you may have provided voluntarily, so as to enable us to process your requests and answer your questions.
The primary legal basis for this data processing is our legitimate interest (Art. 6 (1) p. 1 letter f GDPR) in processing your requests in a satisfactory manner. If you are requested to enter data in our contact form that is not necessary for contacting you, this will always be marked as optional. Such information may be asked to make you specify your enquiry in more detail, which will lead to improved handling of your request. This information is expressly provided on a voluntary basis and processing of this data is based on your consent, Art. 6 (1) p. 1 letter a GDPR. As far as this involves information on communication channels (such as e-mail address, phone number etc.), you also agree to our contacting you – exclusively for the purpose of responding to your request – via these channels. Of course you can revoke your consent at any time with future effect.
Your data that we have received in the course of our contact with you will be deleted as soon as it is no longer required to achieve the purpose for which it has been collected, your request has been finally processed and no further communication with you is necessary, or you do not wish any further communication with us.
In its capacity as data controller within the meaning of the GDPR, HOFFMANN EITLE has implemented numerous technical and organisational measures to ensure the most complete protection of personal data that is processed through this website. Nevertheless, Internet-based data transmission is always vulnerable to security gaps. Absolute protection cannot be guaranteed; in any case, sending unencrypted e-mails is not secure. We therefore ask you not to send sensitive data by unencrypted e-mail, but to use either encrypted communication channels (e.g. our contact form) or the postal service instead.
Newsletter
On some of our webpages, you can subscribe to a newsletter, in which we will inform you about our company's activities, news in the context of our consulting services and our events. The legal basis for sending the corresponding newsletter is your consent in accordance with Art. 6 (1) p. 1 letter a GDPR in conjunction with Section 7 (2) no. 3 of the German Act against Unfair Competition (UWG) or the permission given in accordance with Section 7 (3) UWG.
We verify your subscription to our newsletters through a so-called double opt-in procedure. This works as follows: Once you have registered for our newsletter, we will send you an e-mail to the e-mail address you have provided, in which we ask you to confirm that you wish to receive the newsletter. For handling your newsletter registration and keeping track of the double opt-in procedure, we use the MailChimp service of the Rocket Science Group. LLC, 675 Ponce De Leon Ave NE, Suite 5000, Atlanta, GA 30308, U.S.A. The data you enter for the purpose of receiving the newsletter (e.g. e-mail address) is stored on the MailChimp servers in the U.S.A.
For subscribing to the newsletter, the only mandatory information is your e-mail address. Giving further details (name, first name) is voluntary: We use these details to be able to address you personally. Once you have confirmed your subscription, we store your e-mail address for the purpose of sending the newsletter until revoked. In addition, we store your IP address at the time of registration, the time of registration and your confirmation for up to three years after registration (period of limitation). We use this procedure in order to be able to prove your registration in case of doubt and, if necessary, to clarify any misuse of your personal data. The legal basis for recording your registration is our legitimate interest according to Art. 6 (1) p. 1 letter f GDPR in demonstrating that consent has been given, also refer to Art. 7 (1) GDPR.
You can revoke your consent to receiving the newsletter and unsubscribe at any time. To revoke your consent, you can simply click on the corresponding link provided in each newsletter e-mail or send an e-mail to that effect to: newsletter[at]hoffmanneitle.com.
We do not track your usage behaviour with regard to our newsletter.
Job Applications / Application Portal
You can apply for a job electronically, in particular online via our application portal. Via an encrypted connection, your online application will be forwarded directly to the HR department, where, of course, it will be treated confidentially. In case you prefer to apply to us by e-mail, we expressly point out that sending unencrypted e-mails or e-mail attachments is not secure.
Your details will be used for processing your application and deciding whether we will employ you. The legal basis for this is Section 26 (1) in conjunction with Section 8 p. 2 of the German Federal Data Protection Act (BDSG). Furthermore, your personal data may be processed as far as this is necessary to defend ourselves against legal claims that may be raised against us in the context of the application procedure. The legal basis for this is Art. 6 (1) p. 1 letter f GDPR. Our legitimate interest in the processing is based on the specified purposes.
In case your application leads to an employment relationship with us, we may, pursuant to Section 26 (1) of the German Federal Data Protection Act (BDSG), continue processing your personal data already received, for the purposes of the employment relationship, if this is necessary for performing or terminating the employment contract or for exercising rights or meeting obligations resulting from a law, a collective bargaining agreement or a works or company agreement (collective agreements) in the context of the employees' representation of interests.
We will not process your application data beyond the uses described above.
For our application portal, we use a service of Persis GmbH in Heidenheim (Germany). Nevertheless, HOFFMANN EITLE is still responsible for the processing of your personal data as the controller within the meaning of the GDPR. To be able to submit applications via our application portal, you must register as a user, for which purpose you will be asked to provide your first name, last name and your e-mail address.
Your personal data will be deleted at the latest after 6 months following completion of the application procedure, unless there are other legitimate interests on our part to continue storing, or unless you have consented to your data being stored for a longer period.
The deletion also includes your registration data. Another legitimate interest in this context is, e.g., a duty to provide evidence in proceedings under the German General Act on Equal Treatment (AGG).
Cookies
Cookies consist of data that is stored on your computer by a website you visit, and that allow your browser to be recognised when you visit the website again. Cookies transmit information to the party that sets the cookie. Cookies can store various information, such as your language settings, the duration of your visit to the website or the entries you have made there. Thus, you will not have to re-enter, e.g., required form data each time you use the website. The information stored in cookies can also be used to identify preferences and to tailor content according to areas of interest.
There are different types of cookies: Session cookies are sets of data that are stored temporarily in the main memory and are deleted when you close your browser. Permanent or persistent cookies will be deleted automatically after a preset time, which may differ from cookie to cookie. Where this type of cookie is used, the information may also be stored in text files on your computer. However, you can delete these cookies, too, at any time in the security settings of your browser.
First-party cookies are set by a website you are visiting at any given time. Only that website is allowed to read information from these cookies. Third-party cookies are set by organisations that are not the operators of the website you are visiting. These cookies are used, e.g., by marketing companies.
The legal bases for the processing of personal data by means of cookies and the duration of storage may vary. If you have given your consent, the legal basis is Art. 6 (1) p. 1 letter a GDPR and Section 25 (1) p. 1 of the German Telecommunications and Telemedia Data Protection Act (TDDDG). If the data processing is based on our overriding legitimate interests, the legal basis is Art. 6 (1) p. 1 letter f GDPR. In this case, our legitimate interest is based on the specified purpose. Insofar as the data processing is necessary for the fulfilment of a legal obligation, the legal basis is Art. 6 (1) p. 1 letter c GDPR. In the latter cases, the legal basis in accordance with the TDDDG is Section 25 (2) no. 2 TDDDG.
We use cookies and similar technologies (like so-called Fingerprinting) in order to ensure the proper operation of our website, provide basic functionalities, measure reach and, where useful, tailor our services to preferred areas of interest. Further information can be found in this Data Privacy Policy and in our Consent Manager.
You can delete the cookies already stored on your terminal device at any time. If you wish to prevent cookies from being stored, you can do so via the settings in your internet browser. Here are the corresponding instructions for the most common browsers: Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Google Chrome mobile, Microsoft Edge Browser, Safari, Safari mobile. Alternatively, you can also install a so-called ad-blocker. Please bear in mind that some functions of our website may not work properly if you deactivate the use of cookies.
When you access our website for the first time, we will inform you immediately, within the framework of a so-called consent manager, on the use of cookies or similar technologies by our website. You may be asked to consent to the use of certain cookies. Once you have given your consent, you can revoke it at any time with future effect when calling up our consent manager (cookie symbol on the bottom left corner) and uncheck the box next to the processing to which you had consented.
Consent Manager
We use the software solution of Matomo (a service of "InnoCraft Ltd", 7 Waterloo Quay PO625 Wellington, Neuseeland, with the help of which we can obtain and document consent given by our visitors to the use of cookies or other tracking technologies. In this context, we set cookies for the described purpose of documentation and also to spare you the effort of having to select your preferred settings each time you visit our website - in these cookies, the cookie settings selected by the respective user are stored. Thus, we ensure that cookies or similar tracking technologies (that are not absolutely necessary for technical reasons) will only be set in your browser if you have previously consented to this.
The use of a consent manager and the associated processing of personal data as described above is necessary to comply with legal requirements, namely to be able to demonstrate that you have consented to the use of cookies or similar tracking technologies.
Thus, the legal basis for the associated data processing is Art. 6 (1) letter c GDPR and Section 25 (2) no. 2 TDDDG.
Matomo
Our website uses the open-source web analytics service Matomo, a service provided by "InnoCraft Ltd" (7 Waterloo Quay PO625 Wellington, New Zealand). As InnoCraft is located outside the EU, InnoCraft has appointed a representative in the EU: ePrivacy Holding GmbH, Große Bleichen 21, 20354 Hamburg (privacy@innocraft.com).
This web analysis software is used to recognize returning users with the help of a so-called "digital fingerprint" (e.g. based on the window resolution, installed fonts, operating system, browser settings, language, etc.). These are compared with previously recorded fingerprints, but only with those from the last 30 minutes.
When you access our website, Matomo is deactivated. Your usage behaviour will not be recorded before you have actively given your consent (in which case it will be recorded in anonymised form). We use the collected data for a statistical analysis of user behaviour in order to optimise the functionality and stability of the website and for marketing purposes.
The legal basis of the pre-described data processing is your consent, pursuant to Section 25 (1) p. 1 TDDDG. You can revoke your consent at any time with effect for the future by calling up the cookie consent manager (cookie symbol displayed at bottom left) and changing your selection accordingly – or by using the checkbox below.
Google Maps
We do not use any functions of the Google Maps service on our website, nor are there any maps of the Google Maps service on the overview page on which our locations are shown.
However, if you do want to use the functions of Google Maps, just click on the correspondingly marked link next to our respective location. This will redirect you to a corresponding map section in Google Maps. By clicking this link, you leave our website and will enter the pages of the map service Google Maps (a service by Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, U.S.A.). For information with regard to the processing of your personal data by Google Maps, please refer to the Google Privacy Policy, which you can find at the following link: https://www.google.de/intl/de/policies/privacy/
Captcha
As a protection against automated entries that constitute a misuse of web forms, and thus in order to protect the technical systems of the hoster, we have integrated a so-called captcha on our website. In contrast to common solutions by other providers, this captcha works without cookies having to be set and without a data connection with third-party servers having to be established, and thus without additional processing of personal data.
Social Media
We maintain company profiles on various social media platforms so as to present our company in a way that is line with modern-day practices and to offer intuitive access to our company to all interested parties. Accordingly, we communicate via these social media services with you in order to answer your enquiries. Social media services may provide us with data on the use of our company profiles, which we use to evaluate the reach of these profiles in order to improve them technically and in terms of content. The aforementioned data processing is carried out in the pursuit of legitimate interests, the legal basis being Art. 6 (1) p. 1 letter f GDPR. Our legitimate interest in this case consists in using up-to-date public relations methods.
On our website, we do not use any so-called social plug-ins that can establish direct data connections to the respective platforms. Rather, our website merely contains links to our social media profiles, often in the form of icons of the respective service. By merely providing these links, no personal data is processed. Only your decision to click on these links will redirect you to our company profile on the respective service. When you visit the pages of a social media service and make use of the functions offered there (such as posting or liking contributions), a number of personal data (e.g. personal details, IP address, etc.) will be collected by the social media service. In particular, the providers of these services will typically store your data arising from the use of the services and create so-called usage profiles on this basis. These usage profiles may then be used, e.g., for advertising and market research purposes and for optimising the respective service.
However, we do not know exactly to which extent the social media services collect data, nor do we know the exact purposes of the processing or the storage periods. We have no influence whatsoever on the data collected by the social media services and the subsequent processing of this data. For this reason, you should consider carefully how you use a social media service and, in particular, what content you share with us (or others) via this service. For more detailed information on the data processing by the social media services, see the privacy policy of the respective service, to which we provide links in this policy in the corresponding section about the respective service.
LinkedIn is a web-based service of LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland (registered office of the parent company: LinkedIn Corporation, 599 N Mathilda Ave, Sunnyvale, CA 94085, USA.). The service specialises in digital networking in a professional context with a focus on supporting job placement.
In its privacy policy at https://de.linkedin.com/legal/privacy-policy, LinkedIn provides information on how and to what extent such data is processed.
XING / kununu
XING and kununu are web-based services operated by NewWork SE, Am Strandkai 1, 20457 Hamburg, Germany. While XING specialises in social networking in a professional context and job placement support, kununu is a platform on which employees can rate companies.
For further information on data processing by these two platforms, please refer to their joint data protection information at https://privacy.xing.com/de/datenschutzerklaerung.
Duration of storage
Insofar as we have not already informed you in the foregoing about storage periods with regard to specific cases of data processing, the following applies: We only store your personal data for as long as this is necessary for the purposes for which this data is processed in each individual case, and will delete your data immediately thereafter, provided that there are no statutory retention obligations that do not allow us to do so.
Transfer of Data
We do not transfer your personal data to third parties unless we are required to do so by law, or the transfer of data is necessary for the performance of the contractual relationship, or you have previously expressly consented to the transfer of your data.
External service providers and partner companies such as the provider of our application portal or service providers that organise the sending of our newsletter will only receive your data insofar as this is necessary to respond to your request (such as for receiving our newsletter). As far as our service providers process your personal data on our behalf, they do so within the concept of "processing on behalf of a controller" as defined in Art. 28 GDPR, which ensures that these service providers comply with all relevant data protection laws and regulations in the same way as we do. Where applicable, please refer to the data protection information of the respective providers.
As a general rule, we will always process your data within the EU/EEA, which is important to us. However, in exceptional cases, we may use service providers who process data outside the EU/EEA. Before transferring your personal data in such cases, we will always make sure that the data recipient ensures an appropriate level of data protection that is comparable to the standards within the EU. This may be ensured, e.g., by using EU standard contractual clauses (SCC´s), "Binding Corporate Rules" or special agreements by which the company in question agrees to be bound.
Data Security
We have taken extensive technical and organisational measures to protect your data from accidental or intentional corruption, loss, destruction or access by unauthorised persons. Our security procedures are regularly reviewed and adapted to technological progress.
Our website uses, in particular, SSL or TLS encryption to ensure the security of data processing and to protect the transmission of confidential content, such as contact requests that you send to us as the operator. You can recognise an encrypted connection by the fact that there is a "https://" instead of a "http://" in the address line of the browser, as well as by the lock symbol in your browser bar.
Your Rights as a Data Subject
If your personal data is processed, you are a data subject within the meaning of the GDPR, which gives you the following rights vis-a-vis us as the data controller:
-
in accordance with Art. 15 GDPR, to obtain information from us about your personal data processed by us, ("right of access by the data subject"). In particular, you are entitled to request information about the processing purposes, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right of complaint, the origin of your data if it has not been collected by us, as well as the existence of automated decision-making including profiling and, if applicable, useful information about its details;
-
in accordance with Art. 16 GDPR, to obtain, without delay, rectification of inaccurate or completion of incomplete personal data stored by us;
-
in accordance with Art. 17 GDPR, to obtain erasure of your personal data stored by us, unless processing is necessary to exercise the right of freedom of expression and information, to meet a legal obligation, for reasons of public interest or in order to assert, exercise or defend against legal claims;
-
according to Art. 18 GDPR, to obtain the restriction of processing of your personal data insofar as you contest the accuracy of the data, or insofar as processing is unlawful, but you oppose erasure of the data or insofar as we no longer need the data, but you need it in order to assert, exercise or defend against legal claims, or insofar as you have objected to the processing in accordance with Art. 21 GDPR;
-
in accordance with Art. 20 GDPR, to receive your personal data you have provided to us in a structured, commonly used and machine-readable format, or request transfer to another data controller;
-
in accordance with Art. 7 (3) GDPR, to withdraw your consent given to us at any time. As a consequence of such withdrawal, we will no longer be allowed to continue processing your data in the future. The withdrawal of consent will not affect the lawfulness of the processing that was based on the consent before it was revoked.
To exercise these rights, please contact us by e-mail at datenschutz[at]hoffmanneitle.com or by writing to our postal address: HOFFMANN EITLE Patent- und Rechtsanwälte PartmbB, Personal/Confidential: Data Protection Officer, Arabellastraße 30, 81925 München. Exercising your rights as a data subject is free of charge for you.
Furthermore, in accordance with Art. 77 GDPR, you are entitled to lodge a complaint with a supervisory authority. As a general rule, you can lodge such a complaint with the supervisory authority at your habitual place of residence or place of work, or at the place of our registered office. The competent supervisory authority for us is: Bayerisches Landesamt für Datenschutzaufsicht (BayLDA - Bavarian Office for Data Protection Supervision), post box 1349, 91504 Ansbach.
Right to Object
In accordance with Art. 21 (1) GDPR, you are entitled to object, for reasons relating to your particular situation, at any time to the processing of your personal data which is based on Art. 6 (1) letter (f) GDPR, including profiling based on these provisions. If you object to the processing in such case, you must state the reasons for which we should not process your personal data. We will consider your objection and either stop or adapt the data processing, or demonstrate compelling legitimate grounds on our part for which we are allowed to continue processing.
If personal data concerning you is processed on the basis of Art. 6 (1) letter (f) GDPR for the purpose of direct marketing, you have the right, pursuant to Art. 21 (2) GDPR, to object at any time without stating reasons to the processing of your personal data for the purpose of such marketing; this also applies to profiling insofar as it is related to such direct marketing. If you object to processing for the purposes of direct marketing, we will no longer process the personal data concerning you for these purposes.
To exercise your right to object, just send an e-mail to datenschutz[at]hoffmanneitle.com. Of course, you can also contact us by post by writing to our postal address: HOFFMANN EITLE Patent- und Rechtsanwälte PartmbB, Personal/Confidential: Data Protection Officer, Arabellastraße 30, 81925 München.