The protection of personal data is a top priority for us. We would therefore like to inform you here about what data we collect and when, how we handle your personal data and what rights you have in this regard.
We strictly comply with the statutory provisions when collecting, processing and using your personal data.
"Personal data" (Art. 4 No. 1 GDPR) means any information relating to an identified or identifiable natural person ("data subject"). A person is identifiable if he or she can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, an online identifier, location data or by means of information relating to his or her physical, physiological, genetic, mental, economic, cultural or social identity characteristics. The identifiability can also be given by means of a linkage of such information or other additional knowledge. The origin, form or embodiment of the information is irrelevant (photographs, video or audio recordings may also contain personal data).
"Processing" (Art. 4 No. 2 GDPR) means any operation which involves the handling of personal data, whether or not by automated (i.e. technology-based) means. This includes, in particular, the collection (i.e. obtaining), recording, organisation, arrangement, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment, combination, restriction, erasure or destruction of personal data, as well as the change of a purpose or intended purpose on which a data processing was originally based.
"Controller" (Art. 4 No. 7 GDPR) means the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data.
"Third party" (Art. 4 No. 10 GDPR) means any natural or legal person, public authority, agency or other body other than the data subject, the controller, the processor and the persons who are authorised to process the personal data under the direct responsibility of the controller or processor; this also includes other group-affiliated legal entities.
"Processor" (Art. 4 No. 8 GDPR) is a natural or legal person, authority, institution or other body that processes personal data on behalf of the controller, in particular in accordance with the controller's instructions (e.g. IT service provider). In the sense of data protection law, a processor is in particular not a third party.
"Consent" (Art. 4 No. 11 GDPR) of the data subject means any freely given specific, informed and unambiguous indication of his or her wishes in the form of a statement or other unambiguous affirmative act by which the data subject signifies his or her agreement to the processing of personal data relating to him or her.
Name and contact details of the controller
Partnership company of lawyers with limited professional liability according to the German Partnership Act (Partnerschaftsgesetz) with its registered office in Hamburg - Registered in the Partnership Register of the Hamburg Local Court (Amtsgericht) under PR 1430.
Partners are: Sören Dempe, Lars Kjellsson, Markus Krieger, Thilo Wind and Hauke Wulf. Two partners each represent the partnership company jointly.
You can also find further information in our imprint.
Storage period and data deletion
For the processing operations carried out by us, we indicate below in each case how long the data will be stored by us and when it will be deleted or blocked. If no explicit storage period is specified below, your personal data will be deleted or blocked as soon as the purpose or legal basis for the storage no longer applies. As a matter of principle, your data will only be stored on servers within the European Union, subject to any transfer that may take place in accordance with the relevant regulations.
However, storage may be necessary beyond the specified time in the event of a (threatened) legal dispute with you or for reasons of tax law or commercial law. If the storage period prescribed by legal regulations expires, the personal data will be blocked or deleted unless further storage by us is necessary and there is a legal basis for this.
Legal basis for data processing
In principle, any processing of personal data is prohibited by law and only permitted if the data processing falls under one of the following justifications:
Art. 6 para. 1 sentence 1 lit. a GDPR ("consent"): If the data subject has voluntarily, in an informed manner and unambiguously indicated by a statement or other unambiguous affirmative action that he or she consents to the processing of personal data relating to him or her for one or more specific purposes;
Art. 6 para. 1 sentence 1 lit. b GDPR: If the processing is necessary for the performance of a contract to which the data subject is party or for the implementation of pre-contractual measures taken at the request of the data subject;
Art. 6 para. 1 sentence 1 lit. c GDPR: If processing is necessary for compliance with a legal obligation to which the controller is subject (e.g. a legal obligation to keep records);
Art. 6 para. 1 sentence 1 lit. d GDPR: If the processing is necessary to protect the vital interests of the data subject or another natural person;
Art. 6 para. 1 sentence 1 lit. e GDPR: Where processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller, or
Art. 6 para. 1 sentence 1 lit. f GDPR ("Legitimate Interests"): If the processing is necessary to safeguard legitimate (in particular legal or economic) interests of the controller or a third party, unless the conflicting interests or rights of the data subject prevail (in particular if the data subject is a minor).
For the processing operations carried out by us, we indicate below the applicable legal basis in each case. A processing operation may also be based on several legal bases.
Collection and storage of personal data as well as type and purpose of their use
a) When visiting the website
When you visit our website www.advores.com, information is automatically sent to the server of our website by the browser used on your end device. This information is temporarily stored in a so-called log file. The following information is collected without your intervention and stored until automatic deletion:
IP address of the requesting computer,
Date and time of access,
Name and URL of the retrieved file,
Website from which the access is made (referrer URL),
The browser used and, if applicable, the operating system of your computer as well as the name of your access provider.
The above data will be processed by us for the following purposes:
Ensuring a smooth connection of the website,
Ensuring a comfortable use of our website,
Evaluation of system security and stability, and
for other administrative purposes.
The legal basis for data processing is Art. 6 para. 1 sentence 1 lit. f GDPR. Our legitimate interest follows from the purposes for data collection listed above. In no case do we use the collected data for the purpose of drawing conclusions about your person.
b) When registering for our newsletter
If you have expressly consented in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR, we will use your e-mail address to send you our newsletter on a regular basis. To receive the newsletter, it is sufficient to provide an e-mail address.
You can unsubscribe at any time, for example via a link at the end of each newsletter. Alternatively, you can also send your unsubscribe request at any time by e-mail to email@example.com
c) When using our contact form
For questions of any kind, we offer you the possibility to contact us via a form provided on the website. In doing so, it is necessary to provide a valid e-mail address so that we know who the enquiry is from and so that we can answer it. Further information can be provided voluntarily.
Data processing for the purpose of contacting us is carried out in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR on the basis of your voluntarily given consent.
The personal data collected by us for the use of the contact form will be automatically deleted after completion of your request.
d) When registering and participating in courses, seminars and other events
If you register for participation in courses, seminars and other events of ADVORES or through ADVORES with its cooperation partners, your name, email address, company, contact details and position will be processed by us. The basis for this is Art. 6 para. 1 sentence 1 lit. b GDPR.
e) When you mandate us, we collect the following information:
Salutation, first name, last name,
a valid e-mail address,
Telephone number (landline and/or mobile),
Information necessary for the assertion and defence of your rights under the mandate,
Further information on compliance with legal obligations such as the Money Laundering Act
The collection of this data takes place,
to be able to identify you as our client;
in order to be able to provide you with appropriate legal advice and representation;
for correspondence with you;
for the settlement of any existing liability claims and the assertion of any claims against you;
The data processing is carried out upon your request and is necessary according to Art. 6 para. 1 sentence 1 lit. b GDPR for the aforementioned purposes for the appropriate processing of the mandate and for the mutual fulfilment of obligations arising from the mandate agreement.
Within the scope of the processing of the mandate, further sensitive and personal data may be processed, about which we inform you in advance in each case.
The personal data collected by us for the mandate will be stored until the expiry of the statutory retention obligation for lawyers (6 years after the end of the calendar year in which the mandate was terminated) and deleted thereafter, unless we are obliged to store the data for a longer period pursuant to Art. 6 para. 1 sentence 1 lit. c GDPR, we are obliged to store the data for a longer period of time due to tax and commercial law retention and documentation obligations or you have consented to a storage beyond this period of time according to Art. 6 para. 1 sentence 1 lit. a GDPR.
Transfer of data
Your personal data will not be transferred to third parties for purposes other than those listed below.
We will only share your personal information with third parties if:
you have given your express consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR,
the disclosure is necessary in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR for the assertion, exercise or defence of legal claims and there is no reason to assume that you have an overriding interest worthy of protection in the non-disclosure of your data,
in the event that there is a legal obligation for the disclosure pursuant to Art. 6 para. 1 sentence 1 lit. c GDPR, as well as
this is legally permissible and necessary according to Art. 6 para. 1 sentence 1 lit. b GDPR for the processing of contractual relationships with you.
Insofar as this is necessary in accordance with Art. 6 para. 1 sentence 1 lit. b GDPR for the processing of client relationships with you, your personal data will be passed on to third parties. This includes in particular the disclosure to opposing parties and their representatives (in particular their lawyers) as well as courts, notaries and other public authorities for the purpose of correspondence, assertion and defence of your rights as well as for the fulfilment of the tasks assigned by the mandate (e.g. registration with authorities etc.). The data disclosed may be used by the third party exclusively for the purposes stated.
In the course of our business relationships, your personal data may be transferred to or disclosed to third party companies. These may also be located outside the European Economic Area (EEA), i.e. in third countries. Such processing takes place exclusively for the fulfilment of contractual and business obligations and to maintain your business relationship with us. We will inform you about the respective details of the transfer in the following at the relevant points.
Some third countries are certified by the European Commission as having a level of data protection comparable to the EEA standard through so-called adequacy decisions (a list of these countries and a copy of the adequacy decisions can be found here: http://ec.europa.eu/justice/data-protection/international-transfers/adequacy/index_en.html). However, in other third countries to which personal data may be transferred, there may not be a consistently high level of data protection due to a lack of legal provisions. If this is the case, we ensure that data protection is sufficiently guaranteed. This is possible through binding company regulations, standard contractual clauses of the European Commission for the protection of personal data, certificates or recognised codes of conduct.
Cooperation with processors
As is the case with many companies, we also use external domestic and foreign service providers to process our business transactions (e.g. for the areas of IT, logistics, telecommunications, sales and marketing). These service providers are only active according to our instructions and are contractually obligated to comply with data protection regulations in accordance with Art. 28 GDPR.
Information is stored in the cookie that arises in connection with the specific end device used. However, this does not mean that we gain direct knowledge of your identity.
A distinction is therefore made between session cookies, which are deleted as soon as you close your browser, and permanent cookies, which are stored beyond the individual session. With regard to their function, a distinction is made between cookies:
Technical cookies: these are mandatory to move around the website, use basic functions and ensure the security of the website; they do not collect information about you for marketing purposes nor do they store which web pages you have visited;
Performance cookies: these collect information about how you use our website, which pages you visit and, for example, whether errors occur during website use; they do not collect information that could identify you - all information collected is anonymous and is only used to improve our website and find out what interests our users;
Advertising cookies, targeting cookies: These are used to offer the website user tailored advertising on the website or offers from third parties and to measure the effectiveness of these offers; advertising and targeting cookies are stored for a maximum of 13 months;
Sharing cookies: These are used to improve the interactivity of our website with other services (e.g. social networks); sharing cookies are stored for a maximum of 13 months.
Most web browsers (see the help function in the menu bar of your browser) can be set by you not to accept new cookies, to send you a message that a new cookie has been placed or to switch off all cookies received. For smartphones, tablets and other mobile and stationary end devices, you can read the necessary settings in the respective operating instructions. However, we recommend that you leave the cookie functions completely switched on, as it is only possible to further improve our websites for your needs with cookies. Our cookies do not store any sensitive data such as passwords or similar. They do not cause any damage to your end device and do not contain any viruses.
Cookies that are required to carry out the electronic communication process or to provide certain functions you have requested (e.g. language settings) are stored on the basis of Art. 6 para. 1 sentence 1 lit. f) GDPR. The website operator has a legitimate interest in storing cookies for the technically error-free and optimised provision of its services. Insofar as other cookies (e.g. cookies to analyse your surfing behaviour) are stored, these are treated separately in this data protection declaration.
We do not use any analysis tools on our website.
You have the right:
to request information about your personal data processed by us in accordance with Art. 15 GDPR. In particular, you can request information about the processing purposes, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right of complaint, the origin of your data if it has not been collected by us, as well as the existence of automated decision-making including profiling and, if applicable, meaningful information about its details;
demand the correction of incorrect or incomplete personal data stored by us without delay in accordance with Art. 16 GDPR;
pursuant to Art. 17 GDPR to request the erasure of your personal data stored by us, unless the processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the assertion, exercise or defence of legal claims;
to request the restriction of the processing of your personal data in accordance with Art. 18 GDPR, insofar as the accuracy of the data is disputed by you, the processing is unlawful, but you object to its deletion and we no longer require the data, but you need it for the assertion, exercise or defence of legal claims or you have objected to the processing in accordance with Art. 21 GDPR;
pursuant to Art. 20 GDPR to receive your personal data that you have provided to us in a structured, common and machine-readable format or to request the transfer to another controller;
revoke your consent at any time in accordance with Art. 7 para. 3 GDPR. This has the consequence that we may no longer continue the data processing based on this consent for the future and
complain to a supervisory authority in accordance with Art. 77 GDPR. As a rule, you can contact the supervisory authority of your usual place of residence or workplace or our registered office.
Right of objection
If your personal data is processed on the basis of legitimate interests pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR, you have the right to object to the processing of your personal data pursuant to Art. 21 GDPR, insofar as there are grounds for doing so that arise from your particular situation or the objection is directed against direct advertising. In the latter case, you have a general right of objection, which is implemented by us without specifying a particular situation.
If you wish to exercise your right of revocation or objection, simply send an e-mail to firstname.lastname@example.org.
We use the widespread SSL procedure (Secure Socket Layer) in connection with the highest encryption level supported by your browser when visiting the website. As a rule, this is 256-bit encryption. If your browser does not support 256-bit encryption, we use 128-bit v3 technology instead. You can tell whether an individual page of our website is encrypted by the closed display of the key or lock symbol in the lower status bar of your browser.
We also use appropriate technical and organisational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorised access by third parties. Our security measures are continuously improved in line with technological developments.