Privacy Policy of the Website www.winheller.com

I. General Information

The web presence www.winheller.com ("website") is a service provided by WINHELLER Rechtsanwaltsgesellschaft mbH (hereinafter also referred to as "WINHELLER" or "we"/"us").The following provides information on how we use your personal data.

When you visit our website and WINHELLER's service, we will process your personal data.As we are highly committed to protecting your privacy, we would like to give you the opportunity to obtain comprehensive information on which of your personal data will be processed by us and how.

You can access this privacy policy at any time on our website under the heading "privacy policy" at https://www.winheller.com/en/privacy-policy.html.

Preliminary note: We strictly comply with the legal provisions of the General Data Protection Regulation (GDPR), the New German Federal Data Protection Act (Bundesdatenschutzgesetz-neu; "BDSG-neu") and any other data protection regulations.

II. Name and Address of the Controller

As the operator of the website, WINHELLER is the data controller for your personal data that are processed in connection with the use of this website.  

WINHELLER Rechtsanwaltsgesellschaft mbH 
represented by its managing director and sole shareholder:
Rechtsanwalt Stefan Winheller (Attorney at Law)

Tower 185 
Friedrich-Ebert-Anlage 35-37 
60327 Frankfurt am Main 
Germany 
Tel.: +49 (0) 69 76 75 77 80 
Fax: +49 (0) 69 76 75 77 810 
E-mail: info@winheller.com

III. Contact Data of the Data Protection Officer

If you have any queries or wish to exercise your rights as a data subject, please contact our data protection officer at:

WINHELLER Rechtsanwaltsgesellschaft mbH
Datenschutzbeauftragter/Data Protection Officer
Tower 185
Friedrich-Ebert-Anlage 35-37
60327 Frankfurt am Main
Germany
E-mail: datenschutz@winheller.com

IV. Personal Data Processing

1. Provision of the Website and Creation of Log Files

a) Description and Scope of the Data Processing

Whenever you access our website, the following data transmitted by your browser will be automatically stored for technical reasons:

  • Information on your browser type and version
  • The operating system you are using
  • The website from which you are visiting us (referrer URL)
  • Your IP address
  • Date and time of your visit
  • Our system stores your personal data in log files. These data will not be stored together with other personal data about you.

b) Legal Basis for the Data Processing

The legal basis for the temporary processing of the data and log files is Art. 6 (1) 1st subparagraph, lit. (f) GDPR.

c) Purpose of the Data Processing

The temporary processing of your IP address by our system is necessary to enable the website to be delivered to your device. In addition, we use your personal data to optimize our website and ensure the security of our IT systems. In this context, your data will not be analyzed for marketing purposes. Our legitimate interest in processing your personal data lies in these purposes.

d) Storage Period

The afore-mentioned personal data will be erased as soon as they are no longer needed to achieve the purpose for which they are processed. Where the data are processed for delivering the website, they will be erased as soon as you end the respective session.

e) Objection and Deletion Options Pursuant to Art. 21 GDPR

As the processing of the data is strictly necessary for delivering the website, there is no possibility for you to object to this data processing.


2. Cookies

a) Description and Scope of the Data Processing

Our website uses so-called cookies that allow us to distinguish you from other users and help to make the use of our website easier for you. Cookies are small text files that your internet browser places on your device.  Very often these cookies are so-called "session cookies" that are deleted after the end of your session.

Other cookies remain stored on your device until you remove them. The stored cookies enable us to identify your browser the next time you visit us.

Please be aware that you can set your browser to automatically notify you when a new cookie is being set. By changing the settings of your web browser, you can choose whether you want cookies to be allowed on a case-by-case basis, to be placed in specific cases only, to be refused at all times, or to be automatically deleted after closing your browser. However, if you choose to deactivate cookies, you may not be able to use all the features of our website.

We use cookies to make our website more user-friendly. Some elements of our website require the accessing browser to be identified even after going to a different page.

In this context, the following data are stored in, and transmitted by, the cookies:

  • Log-in data through the log in page
  • Cookie information message read and accepted

When accessing our website, we inform you about the use of cookies for analysis purposes by an information banner, which refers to this privacy policy. This information also contains instructions on how you can prevent cookies from being saved on your computer by changing your browser's settings.  

b) Legal Basis for the Data Processing

The legal basis for the processing of your personal data using cookies is Art. 6 (1) 1st subparagraph, lit. (f) GDPR.

c) Purpose of the Data Processing

We use technically necessary cookies to optimize the use of our website for you. Without the use of cookies, some of the functions of our website may not be available as they need to recognize your browser even after switching pages. Our legitimate interest in processing your personal data lies in these purposes. The following application requires the use of cookies:

  • Automatic hiding of the accepted cookie information message
  • Memorizing log-in data

We do not use the personal data collected by technically necessary cookies for creating user profiles. Analytical cookies are used to improve the quality of our website and its contents. In addition, they are used for continuously optimizing our services and improve your experience on our website. Our legitimate interest in processing your personal data lies in these purposes.

d) Storage Period, Objection and Deletion Options

Cookies are stored on the user's computer and transmitted by it to our website. As a user, you therefore have full control over the use of cookies. You can disable or restrict the transmission of cookies by changing the settings of your web browser. Cookies previously stored can be deleted at any time. This can even be done automatically. If you deactivate cookies for our website, you may not be able to fully use all the features of our website.


3. Contacting us via Contact Form or E-Mail

a) Description and Scope of the Data Processing

On our website, we give you the opportunity to contact us using the corresponding contact form. The data you provide when contacting us will be transmitted to, and used by, us for the purpose of dealing with your query. At the time of your query, the following data will be collected:

  • your name
  • your e-mail address
  • your phone number (optionally)
  • other personal data you provide in the contact form (optionally)

When sending your query, the following data will additionally be processed:

  • your IP address
  • date and time of sending your query

If you contact us through the e-mail address provided, your personal data transmitted with that e-mail will be processed. We do not disclose these data to any third party.  

b) Legal Basis for the Data Processing

The legal basis for the processing of the data transmitted when sending the contact form or an e-mail is Art. 6 (1) 1st subparagraph, lit. (f) GDPR.

If you contact us using our contact form or sending an e-mail with the intention of concluding a contract, like an engagement letter, the legal basis for the data processing is Art. 6 (1) 1st subparagraph, lit. (b) GDPR.

c) Purpose of the Data Processing

We will use your personal data for the purpose of dealing with your query only.

Other personal data will be processed during the sending process for security reasons in case the contact options granted are misused or our IT systems compromised by the contact. We do not collect any other data.

Our legitimate interest in processing your personal data lies in these purposes pursuant to Art. 6 (1) 1st subparagraph, lit. (f) GDPR.

d) Storage Period

We erase your personal data as soon as they are no longer needed to achieve the purpose for which they are processed.

Any personal data that you have transmitted in the context of contacting us via our contact form or e-mail will be erased as soon as the respective conversation with you is closed. The conversation will be considered closed when it is clear from the circumstances that the matter concerned has been resolved.

e) Objection and Deletion Options Pursuant to Art. 21 GDPR

You have the right to object to us processing your personal data at any time. In such case the conversation cannot be continued. Please send your objection to datenschutz@winheller.com. Any personal data processed in the context of the communication will be erased in this case.


4. Contacting us via Live Chat

a) Description and Scope of the Data Processing

On our website, we give you the opportunity to contact us via live chat. The data you provide in this context will be transmitted to, and used by, us for the purpose of dealing with your query. When sending your query, the following data will be collected:

  • your IP address
  • your location
  • your name (optionally)
  • other personal data provided by you in the live chat protocol.

When sending your query, the following data will additionally be processed:

  • date and time of sending your query

b) Legal Basis for the Data Processing

The legal basis for the processing of the data transmitted when contacting us via live chat is Art. 6 (1) 1st subparagraph, lit. (f) GDPR. If you contact us using our contact form with the intention of concluding a contract, like an engagement letter, the legal basis for the data processing is Art. 6 (1) 1st subparagraph, lit. (b) GDPR.

c) Purpose of the Data Processing

We will use your personal data only for the purpose of dealing with your query. Other personal data will be processed during the sending process for security reasons in case the contact options granted are misused or our IT systems compromised by the contact. We do not collect any other data.

Our legitimate interest in processing your personal data lies in these purposes pursuant to Art. 6 (1) 1st subparagraph, lit. (f) GDPR.

d) Storage Period

We erase your personal data as soon as they are no longer needed to achieve the purpose for which they are processed. Any personal data that you have transmitted in the context of contacting us via live-chat will be erased as soon as the respective conversation with you is closed. The conversation will be considered closed when it is clear from the circumstances that the matter concerned has been resolved.

e) Objection and Deletion Options Pursuant to Art. 21 GDRP

You have the right to object to us processing your personal data at any time. In such case the conversation cannot be continued. Please send your objection to datenschutz@winheller.com. Any personal data processed in the context of the correspondence will be erased in this case.


5. Newsletter

a) Description and Scope of the Data Processing

On our website, we give you the opportunity to subscribe to our free newsletter. In order to be able to send the newsletter to you, we need you to provide the following personal data (personal master data) when you subscribe:

  • your title
  • your name
  • your e-mail address
  • the newsletter you have selected
  • your academic title (if any)
  • other personal data provided by you in the contact form (optionally)

In addition we will use your IP address, the date and time of your subscription, your language selection and the lead source. No other data will be processed. When subscribing to our newsletter, you will be asked to consent to us processing your personal data.

In addition, we process data for analyzing your user behavior using so-called web beacons (tracking pixels). The data processed in this context include your IP address, your accesses and the access frequency to our newsletter.  

b) Legal Basis for the Data Processing

The legal basis for the processing of the data after your subscription to our newsletter is the consent you have given in this context pursuant to Art. 6 (1) 1st subparagraph, lit. (a) GDPR.

c) Purpose of the Data Processing

We will use your personal master data for sending the newsletter to you.

In this context, we check the e-mail address provided in order to verify that you are the owner and/or that the owner of the e-mail address consents to receiving the newsletter.

We will process your IP address and the date and time or your subscription for security reasons in case a third party registers on our website without your knowledge or misuses your personal data.

d) Storage Period

We erase your personal data as soon as they are no longer needed to achieve the purpose for which they were collected when you chose to opt out of our newsletter. In such case your personal master data will be erased immediately; other data collected in the context of your subscription, like your IP address and the date and time of your subscription, will be erased within 60 days in a system-defined erase cycle.

e) Withdrawal Option Pursuant to Art. 7 GDPR

You have the right to withdraw your consent to the processing of your data, to their use for sending out the newsletter, and to your newsletter subscription at any time pursuant to Art. 7 GDPR. You can do so by clicking the unsubscribe button, which is contained in every newsletter. This will not affect the lawfulness of the processing of your data until that moment. In case of withdrawal we will stop processing and erase your personal data.


6. Use of Google Analytics with Anonymization Function

a) Description and Scope of the Data Processing

Our website uses Google Analytics, a web analytics service provided by Google, Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, hereinafter referred to as "Google". Google Analytics uses so-called cookies. Cookies are text files, which are stored on your device and help analyze your behavior when using our website.

The information generated by the cookie about your use of our website will be transmitted to and stored on a Google servers located in the United States.

As we are fully committed to protecting your privacy, we provide an option to use our website anonymously. We therefore exclusively use Google Analytics with the extension "_gat._anonymizeIp" so as to ensure that your IP address is abbreviated and thereby anonymized by Google within the member states of the European Union or in other contracting states of the Treaty of the European Economic Area. The full IP address will be transmitted to, and abbreviated by, a Google server only in specific exceptional cases. According to Google's own information, Google will not associate your IP address with any other data held by Google.

For more details on the terms and conditions and privacy policy of Google Analytics please refer to: www.google.de/analytics/terms/de.html.

b) Legal Basis for the Data Processing

The legal basis for the use of Google Analytics is Art. 6 (1) 1st subparagraph, lit. (f) GDPR.

c) Purpose of the Data Processing

Google will use said information for analyzing your use of our website, compiling reports on website activity for us, and providing other services relating to website activity and internet usage. Our legitimate interest in processing your personal data lies in these purposes. Google may also transfer the information collected to third parties if Google is required to do so by law or if third parties process the information on Google’s behalf.

d) Storage Period

The storage period for the data transmitted by you and associated with cookies is 36 months. Upon expiry of that period, the data will automatically be erased. Data will be erased automatically once every month after expiry of the storage period. In addition, you can uninstall the cookies placed on your device by Google Analytics on your own and thereby erase the data stored. More details on how to delete cookies using your browser settings are provided below.

e) Objection and Deletion Option Pursuant to Art. 21 GDPR

You are free to prevent the installation of the cookies by clicking on the following link. When using the link, you place an opt-out cookie that prevents the collection of your data during your future visits to our website.



7. Use of Google AdWords

a) Description and Scope of the Data Processing

We are using the online advertising tool "Google AdWords" and conversion tracking within Google AdWords provided by Google, Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. If you access our website by clicking on an advertisement delivered by Google, a conversion tracking cookie is placed on your computer. Cookies are small text files which are stored in the browser of a visitor and allow visitors to be recognized through their browser. Cookies are not used to identify you personally.  

b) Legal Basis for the Data Processing

The legal basis for the use of Google AdWords is Art. 6 (1) 1st subparagraph, lit. (f) GDPR.

c) Purpose of the Data Processing

If you visit certain pages on our website while the cookie has not yet expired, Google and we can see that you have clicked on the advertisement and been redirected to this page. Information obtained by using a conversion cookie is used to generate visitor statistics for our website. In this way, we get information on the total number of users, who have clicked on one of the advertisements placed by us and been redirected to a page utilizing a conversion tracking tag. However, we do not get any information that can be used for personally identifying you.

As we use these data for advertising purposes, our legitimate interest in processing said data lies in these purposes.

d) Storage Period

The cookies used by Google AdWords for analyzing website usage have a predefined storage period. Please be aware that we have no information and no influence on that storage period. You can uninstall the cookies placed on your device by Google AdWords on your own and thereby erase the stored data. More details on how to delete cookies using your browser settings are provided below.

e) Objection and Deletion Options Pursuant to Art. 21 GDPR

Your browser settings allow you to prevent the installation of the conversion cookies. You can either generally prevent cookies from being automatically placed on your computer or block the cookies of one specific domain. More details and Google's privacy policy are available at www.google.de/intl/de/policies/privacy/.


8. Use of YouTube Components with Enhanced Data Protection Mode

a) Description and Scope of the Data Processing

Our website uses video components provided by the company YouTube LLC, 901 Cherry Ave., 94066 San Bruno, CA, USA, hereinafter "YouTube", a company belonging to Google Inc., Amphitheatre Parkway, Mountain View, CA 94043, USA.

In this context, we use the "-enhanced data protection mode-" option provided by YouTube. According to information provided by YouTube, this mode does not store information about you as long as you only visit the site where the video is embedded. No cookies will be installed on your device and no personal data will be transmitted to YouTube until you watch the video. If you are logged onto your YouTube member account while displaying the YouTube video, your usage behavior will be matched to your YouTube member account.

We have no detailed information about the scope of data collected by YouTube. According to its own statements, YouTube collects location-related data, such as your IP address, and uses cookies to unambiguously identify your browser or Google Account. The data collected may be shared with other services of the Google Network. For more details about the scope YouTube and Google process your personal data, please visit www.policies.google.com/privacy.

b) Legal Basis for the Data Processing

The legal basis for the use of YouTube components is Art. 6 (1) 1st subparagraph, lit. (f) GDPR.

c) Purpose of the Data Processing

Your personal data will be processed to make the respective YouTube video available to you. Our legitimate interest in processing your personal data lies in this purpose. d) Storage Period We have no information on how long the personal data collected by YouTube will be stored and we have no influence on the storage period.

e) Objection and Deletion Options Pursuant to Art. 21 GDPR

If you do not want YouTube to match the data collected through our website to your YouTube member account, you should log out of your account before visiting our website. You can also prevent YouTube plugins from being used by applying add-ons to your browser, e.g. the script blocker "NoScript" (http://noscript.net/).


9. Use of Social Media Buttons with "Shariff"

On our website we use the c’t project "Shariff" developed by Heise.de. In this way we want to avoid a comprehensive collection and analysis of your visit by providers of social media/ social sharing functions. Shariff replaces the usual share buttons on social networks and thereby protects your surfing behavior. Shariff only integrates the share buttons of the social networks listed below as graphics on our website. The graphic contains a link to the corresponding social network.

Without the use of Shariff, the usual social media buttons would transfer your data to the social networks each time you visit the site and give them information about your surfing behavior, regardless of whether you are logged in on, or a member of, the social network. A Shariff button, on the other hand, does not establish direct contact between the social network and you until you actively click on the Share button. Without clicking the Shariff button, there will be no exchange between the social network and you. In this way, Shariff prevents you from leaving a digital fingerprint by merely visiting the website.

More information about the c’t project "Shariff" is available at www.heise.de/ct/artikel/Shariff-Social-Media-Buttons-mit-Datenschutz2467514.html.

On our website, we integrate the following social networks with Shariff:

  • Facebook components
  • Twitter recommendation components
  • Xing recommendation components
  • LinkedIn recommendation components

The purpose and scope of data collection and the further processing and use of the data by the providers on their pages as well as your related rights and setting options for protecting your privacy can be found in the privacy policies of the social network providers, which are available at:


10. Use of the WhatsApp Share Button

Our website uses the WhatsApp Share Button. This button allows you to easily share contents of our website as a personal message through WhatsApp. The button is a hyperlink. When accessing our website no personal data will be transmitted to WhatsApp, WhatsApp Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, or other third parties. The content shared and the fact that you shared the content will not be transmitted until you activate the button.

For further information on the handling of personal data by WhatsApp, please visit: www.whatsapp.com/legal/.


11. Publication of Job Advertisements

a) Description and Scope of the Data Processing

On our website, we give you the opportunity to apply for a position offered by e-mail. At the time of your application, we collect and process the following personal data:

  • your name
  • your address
  • your date of birth
  • your e-mail address
  • your work experience
  • your school education
  • your language skills
  • other data that you transmit to us in your cover letter, CV, certificates or references.

If we conclude an employment contract after you have gone through the application procedure, your personal data will be further processed for the purpose of performing the employment contract.

b) Legal Bases for the Data Processing

The legal bases for the processing of your personal data are Art. 6 (1) 1st subparagraph, lit. (b) GDPR, Art. 88 GDPR in conjunction with Sec. 26 (1) BDSG. The processing is necessary in order to take steps prior to entering into a contract, in the case in hand, the decision on whether to establish an employment relationship.

c) Purpose of the Data Processing

We process your personal data exclusively for the purpose of handling the application procedure.

d) Storage Period

We delete your personal data if they are no longer necessary to achieve the purpose for which they are processed. If no employment relationship is established, your data will be erased within three months of receipt of the cancellation, unless there are legitimate interests that exclude erasure. Such legitimate interest will be deemed to exist in case of a legal dispute.

e) Consequences of Non-Provision of Personal Data

You are not obliged to provide your personal data for the above purposes. If you do not provide the data, we will end the application procedure with the result that no employment relationship can be established at that point in time.


12. Comment Option in our Blog

a) Description and Scope of the Data Processing

If you wish, you may use our website to leave comments on the blog posts published on our website. Using the comments function requires that you enter your name, which may be pseudonym. In addition your e-mail address will be needed. The comments function cannot be used without these data. In addition, your IP address and the date and time, when the comment was created, will be stored. When displaying your comment on our website, we will process the e-mail address you have provided but we will not publish it. In the event that you have not used a pseudonym, only your name will be published.

b) Legal Basis for the Data Processing

The legal basis for the processing of the data is Art. 6 (1) 1st subparagraph, lit. (f) GDPR.

c) Purpose of the Data Processing

We will process the personal data if an author makes infringing comments. We need these data in order to prosecute an author in case of infringements. Our legitimate interest in processing lies in this purpose.

d) Storage Period

The comments and the personal data published in this context are stored and remain on our website until your comment is fully erased for lack of relevance or topicality or has to be erased for any legal reasons. We reserve the right to erase any comment criticized as unlawful by third parties.

e) Objection and Deletion Options Pursuant to Art. 21 GDRP

You have the right to object to us processing your personal data in connection with your comment at any time.


13. Use of Microsoft Forms

a) Description and scope of data processing

We use Microsoft Forms, a service provided by Microsoft Ireland Operations Limited, One Microsoft Place South County Business Park, Leopardstown, Dublin 18, D18 P521, Ireland (here: "Microsoft").

We use this tool to create questionnaires that are made available on our website. In the context of this, the following technical data with personal reference is collected from you at the time of submitting the questionnaire:

  • IP address
  • Date and time of submission of the survey or questionnaire

In addition, the following inquiry-related data is collected depending on the respective questionnaire:

  • First and last name
  • E-mail address
  • Telephone number
  • Address
  • Location
  • Information in the comment field(s)

Your personal data will be transferred to the USA and stored on Microsoft servers. To ensure an appropriate level of data protection, we have concluded a contract with Microsoft with standard contractual clauses.

You can find more information about data protection at Microsoft on the following website: https://privacy.microsoft.com/en-us.

b) Legal basis for data processing

If you use the provided tool for an application, the legal basis for the data processing is Art. 6 para. 1 UAbs. 1 letter b, Art. 88 DSGVO in conjunction with. § Section 26 (1) BDSG. 

If the completion of the form aims at the conclusion of a contract, such as a mandate contract, the legal basis for the processing is Art. 6 para. 1 UAbs. 1 letter b DSGVO.

The legal basis for the processing of technical data is Art. 6 para. 1 UAbs 1 lit. f DSGVO.

In other cases, the legal basis is your consent in accordance with Art. 6 para. 1 UAbs 1 lit. a DSGVO.

c) Purpose of the data processing

The use of the tool serves the purpose of providing an opportunity for interested parties to make low-threshold contact with us, in particular to apply for a job or to establish a client relationship. This is also our legitimate interest.

d) Duration of storage

We delete your personal data when they are no longer required to achieve the purpose of their processing. 

If you have used a form for the purpose of applying for a job and no employment relationship is established, your data will be deleted no later than 6 months after receipt of the rejection, provided that no legitimate interests oppose the deletion.

If the use of the form served to establish an attorney-client relationship, the deletion will generally take place after the expiration of the statute of limitations, beginning with the end of the year in which the attorney-client relationship is terminated by effective notice of termination. After the statute of limitations has expired, your data will be blocked and deleted after expiry of the statutory retention obligations.

The IP address additionally processed during the sending process will be deleted after a period of 30 days.

e) Revocation according to Art. 7 DSGVO

You may revoke your consent to data processing, if relevant in the specific cases, at any time in accordance with Art. 7 DSGVO. To do so, please contact: datenschutz@winheller.com. The lawfulness of the processing carried out until then on the basis of the consent is not affected by the revocation.


V. Your Rights as a Data Subject

Where we process your personal data, you are a data subject as defined in the GDPR, which means that you have the following rights against us:

  1. Right of access
    You have the right to demand access to your personal data that are processed by us at any time. This also includes information on the origin, recipients or categories of recipients, to whom we transmit your data and the purposes for which we process your personal data.
  2. Right to rectification  
    You have the right to demand prompt rectification and/or completion of your personal data if the personal data are inaccurate or incomplete.
  3. Right to erasure and/or restriction of processing
    You have the right to demand prompt erasure of your personal data. If you ask us to, we have the obligation to erase the data without undue delay. The foregoing does not apply, however, if any contractual and/or legal provisions require us to continue processing your personal data. This may be the case, for example, when retention periods under tax law prohibit us from erasing the data. In such case, we will restrict the processing and erase the personal data immediately after expiry of the retention period.
  4. Right to data portability  
    You have the right to receive your personal data provided to us in a structured, commonly-used and machine-readable format wherever this is technically possible. In addition, you have the right to transmit these data to another controller without hindrance, if you wish to do so.
  5. Automated individual decision-making, including profiling
    You have the right not to be subject to a decision based solely on automated processing – including profiling, which produces legal effects concerning you or significantly affects you in a similar way.
  6. Right to lodge a complaint with a supervisory authority 
    You have the right to lodge a complaint with a data protection supervisory authority if you believe that the processing of the personal data relating to you infringes the general data protection regulation. In general, you may address the supervisory authority of your habitual residence, place of work or our domicile. The supervisory authority competent for WINHELLER is:

    Der Hessische Datenschutzbeauftragte
    Postfach 3163
    65021 Wiesbaden
    E-mail: poststelle@datenschutz.hessen.de
    Phone: +49 (0) 61 11 40 80
    Fax: +49 (0) 61 11 40 89 00  

© Copyright WINHELLER Rechtsanwaltsgesellschaft mbH

Contact

Contact