Privacy Policy of www.winheller.com

Privacy Policy of www.winheller.com

Data processing on our website www.winheller.com and in the client relationship

I. General information

We collect, process and use the personal data that you provide to us and when you use our website. Of course, we comply with the legal provisions of the General Data Protection Regulation (DSGVO), the Federal Data Protection Act (BDSG) and other data protection regulations.

With the following information, we provide you with an overview of the processing of your personal data by us and the rights to which you are entitled under data protection law. Because the protection of your privacy is important to us, we would like you to have the opportunity to comprehensively inform yourself about which of your personal data is processed by us and how.

You can access this privacy policy at any time on our website under the heading "privacy policy" at https://www.winheller.com/en/privacy-policy.html.

II. Name and address of the data controller

Operator of this website and responsible for data processing is:  

WINHELLER Rechtsanwaltsgesellschaft mbH
represented by its managing director and sole shareholder: Rechtsanwalt Stefan Winheller (Attorney at Law)
Tower ONE
Brüsseler Str. 1-3
60327 Frankfurt/Main
Germany

Tel.: +49 69 76 75 77 80 
Fax: +49 69 76 75 77 810 
E-mail: info@winheller.com

Web: www.winheller.com  
Commercial register: Frankfurt/Main Local Court, HRB 88721
German VAT ID Number: DE815203817

III. Contact data of the data protection officer

DataCo GmbH
Nymphenburger Str. 86
80335 München

www.dataguard.de
datenschutz@winheller.com

IV. What sources and data do we use?

We process personal data that we receive from you via our website and within the scope of our client relationship.

In addition, we process - to the extent necessary for the provision of our service - personal data that we have permissibly received from other third parties (e.g. Creditsafe Deutschland GmbH). On the other hand, we process personal data that we have permissibly collected from publicly accessible sources (e.g. debtor lists, commercial and association registers, transparency registers) and are allowed to process.

Relevant personal data are in particular your name, your address, your telephone number, your e-mail address, and, if applicable, credit card data, bank account data, your fax address, your date of birth, information about an existing legal protection insurance, tax data, information about your financial situation (creditworthiness data, scoring data) as well as further mandate-related data which are necessary for the mandate processing as well as assertion and defense of your rights.

V. For what purposes do we process your data?

Processing your personal data enables us to identify you as our client, to provide you with appropriate legal and/or tax advice and to represent you. In addition, we process personal data in order to correspond with you and for invoicing purposes. Furthermore, the processing of your data enables us to handle any liability claims you may have against us and to pursue any claims against you.

VI. On which legal basis do we process your data?

  • Data processing for the fulfillment of contractual obligations
    The processing of your personal data is carried out for the provision of legal and tax advisory services as well as for the implementation of pre-contractual measures, which are carried out upon your request. The legal basis for these processing operations is Art. 6 para. 1 UAbs. 1 letter b DSGVO.
  • Data processing for the protection of legitimate interests
    Furthermore, we process your personal data to safeguard legitimate interests of us or of third parties. This may be necessary in particular: 
  • to consult and exchange data with credit agencies (e.g. Creditsafe Deutschland GmbH) in order to determine creditworthiness and default risks
  • for advertising our own services
  • to assert legal claims and defend ourselves in legal disputes
  • to ensure our IT security and IT operations.

The legal basis for this processing is Art. 6 para. 1 UAbs. 1 letter f DSGVO.

  • Data processing based on your consent
    Consent to process your personal data for specific purposes that you have given us justifies our data processing for these purposes. You can revoke a given consent at any time. Please note that the revocation only takes effect for the future. Processing that took place before the revocation is not affected. The legal basis for these processing operations is Art. 6 para. 1 UAbs. 1 letter a DSGVO.
  • Data processing due to legal requirements
    In addition, we are subject to various legal and regulatory obligations (e.g. Money Laundering Act). The purposes of the processing therefore include, among others, money laundering prevention. The legal basis for these processing operations is Art. 6 para. 1 UAbs. 1 lit. c DSGVO.

VII. Who receives your data?

Recipients of your data are our employees who must process your data as required. In addition, order processors in accordance with Art. 28 DSGVO may receive your data in the course of a service provider function, such as IT and communication service providers, DATEV eG, translators and proofreaders, research and other service providers, credit card providers and/or other financial service providers.

Your personal data is transferred to third parties if this is necessary for the implementation of the client relationship in accordance with Article 6 (1) (1) (b) of the German Data Protection Act (DSGVO). This includes in particular the transfer to opposing parties and their representatives (in particular lawyers) as well as courts and public authorities for the purpose of correspondence as well as the assertion and defense of your rights.

In addition, we may transfer your personal data to public authorities for the fulfillment of legal notification obligations (e.g. tax authorities).

This does not affect the obligation to maintain confidentiality on the part of lawyers or tax advisors. Subject to other legal provisions, data subject to the duty of confidentiality will only be passed on if you have previously released us and the lawyers, tax advisors and other employees working for us from their duty of confidentiality.

VIII. How long will your data be stored?

Your data collected as part of the mandate will only be processed for as long as is necessary to fulfill our contractual or legal obligations. The period for which we store your data depends on the category of data concerned. The retention period is usually between 6 and 10 years.

Taking into account our self-interest and the statute of limitations in Section 199 (3) of the German Civil Code (BGB), we retain mandate-related data for a period of 10 years, beginning with the end of the year in which the respective mandate was terminated.

In the case of advice on inheritance law, your mandate-related data will be retained for a period of 30 years, beginning with the end of the year in which the respective mandate was terminated, due to the special limitation regulations for inheritance law claims (cf. Section 199 (3) a BGB).

If the data is no longer required for the fulfillment of contractual or legal obligations, it will be deleted unless we are legally obliged to continue processing it. Corresponding obligations to provide evidence and to retain data result, among other things, from the German Commercial Code, the German Fiscal Code and the German Money Laundering Act.

IX. Will your data be transferred to a third country or to an international organization?

Data will only be transferred to countries outside the EU or the EEA (so-called third countries) if this is necessary for the performance of the mandate or is required by law, if you have given us your consent in this regard, or within the scope of permissible commissioned processing. If service providers in a third country are used, these service providers are, in addition to written instructions, obligated to comply with the level of data protection in Europe by agreeing to the EU standard contractual clauses.

X. To what extent is your personal data used for profiling?

In the following case, we process your personal data in part automatically with the aim of evaluating certain personal aspects (profiling):

As part of the assessment of your creditworthiness, we use scoring methods by using services provided by Creditsafe Deutschland GmbH. The service provider calculates the probability with which you will meet your payment obligations in accordance with the contract. This calculation may include, for example, personal data, existing liabilities and payment experience. The scoring is based on a mathematically-statistically recognized and proven procedure. However, the decision on the execution or termination of the mandate relationship is not based exclusively on such an automated assessment. Instead, we take the calculated score values into account when making individual decisions.

XI. Personal data processing

1. Provision of the website and creation of log files

a) Description and scope of the data processing

Whenever you access our website, the following data transmitted by your browser will be automatically stored for technical reasons:

  • Information on your browser type and version
  • The operating system you are using
  • The website from which you are visiting us (referrer URL)
  • Your IP address
  • Date and time of your visit
  • Our system stores your personal data in log files. These data will not be stored together with other personal data about you.

b) Legal basis for the data processing

The legal basis for the temporary processing of the data and log files is Art. 6 (1) 1st subparagraph, lit. (f) GDPR.

c) Purpose of the data processing

The temporary processing of your IP address by our system is necessary to enable the website to be delivered to your device. In addition, we use your personal data to optimize our website and ensure the security of our IT systems. In this context, your data will not be analyzed for marketing purposes. Our legitimate interest in processing your personal data lies in these purposes.

d) Storage period

The afore-mentioned personal data will be erased as soon as they are no longer needed to achieve the purpose for which they are processed. Where the data are processed for delivering the website, they will be erased as soon as you end the respective session.

e) Objection and deletion options pursuant to Art. 21 GDPR

As the processing of the data is strictly necessary for delivering the website, there is no possibility for you to object to this data processing.


2. Cookies

a) Description and scope of the data processing

Our website uses so-called cookies that allow us to distinguish you from other users and help to make the use of our website easier for you. Cookies are small text files that your internet browser places on your device.  Very often these cookies are so-called "session cookies" that are deleted after the end of your session.

Other cookies remain stored on your device until you remove them. The stored cookies enable us to identify your browser the next time you visit us.

Please be aware that you can set your browser to automatically notify you when a new cookie is being set. By changing the settings of your web browser, you can choose whether you want cookies to be allowed on a case-by-case basis, to be placed in specific cases only, to be refused at all times, or to be automatically deleted after closing your browser. However, if you choose to deactivate cookies, you may not be able to use all the features of our website.

We use cookies to make our website more user-friendly. Some elements of our website require the accessing browser to be identified even after going to a different page.

In this context, the following data are stored in, and transmitted by, the cookies:

  • Log-in data through the log in page
  • Cookie information message read and accepted

When accessing our website, we inform you about the use of cookies for analysis purposes by an information banner, which refers to this privacy policy. This information also contains instructions on how you can prevent cookies from being saved on your computer by changing your browser's settings.  

b) Legal Basis for the data processing

The legal basis for the processing of your personal data using cookies is Art. 6 (1) 1st subparagraph, lit. (f) GDPR.

c) Purpose of the data processing

We use technically necessary cookies to optimize the use of our website for you. Without the use of cookies, some of the functions of our website may not be available as they need to recognize your browser even after switching pages. Our legitimate interest in processing your personal data lies in these purposes. The following application requires the use of cookies:

  • Automatic hiding of the accepted cookie information message
  • Memorizing log-in data

We do not use the personal data collected by technically necessary cookies for creating user profiles. Analytical cookies are used to improve the quality of our website and its contents. In addition, they are used for continuously optimizing our services and improve your experience on our website. Our legitimate interest in processing your personal data lies in these purposes.

d) Storage period, objection and deletion options

Cookies are stored on the user's computer and transmitted by it to our website. As a user, you therefore have full control over the use of cookies. You can disable or restrict the transmission of cookies by changing the settings of your web browser. Cookies previously stored can be deleted at any time. This can even be done automatically. If you deactivate cookies for our website, you may not be able to fully use all the features of our website.


3. Contacting us via contact form or e-mail

a) Description and scope of the data processing

On our website, we give you the opportunity to contact us using the corresponding contact form. The data you provide when contacting us will be transmitted to, and used by, us for the purpose of dealing with your query. At the time of your query, the following data will be collected:

  • your name
  • your e-mail address
  • your phone number (optionally)
  • other personal data you provide in the contact form (optionally)

When sending your query, the following data will additionally be processed:

  • your IP address
  • date and time of sending your query

If you contact us through the e-mail address provided, your personal data transmitted with that e-mail will be processed. We do not disclose these data to any third party.  

b) Legal basis for the data processing

The legal basis for the processing of the data transmitted when sending the contact form or an e-mail is Art. 6 (1) 1st subparagraph, lit. (f) GDPR.

If you contact us using our contact form or sending an e-mail with the intention of concluding a contract, like an engagement letter, the legal basis for the data processing is Art. 6 (1) 1st subparagraph, lit. (b) GDPR.

c) Purpose of the data processing

We will use your personal data for the purpose of dealing with your query only.

Other personal data will be processed during the sending process for security reasons in case the contact options granted are misused or our IT systems compromised by the contact. We do not collect any other data.

Our legitimate interest in processing your personal data lies in these purposes pursuant to Art. 6 (1) 1st subparagraph, lit. (f) GDPR.

d) Storage period

We erase your personal data as soon as they are no longer needed to achieve the purpose for which they are processed.

Any personal data that you have transmitted in the context of contacting us via our contact form or e-mail will be erased as soon as the respective conversation with you is closed. The conversation will be considered closed when it is clear from the circumstances that the matter concerned has been resolved.

e) Objection and deletion options pursuant to Art. 21 GDPR

You have the right to object to us processing your personal data at any time. In such case the conversation cannot be continued. Please send your objection to datenschutz@winheller.com. Any personal data processed in the context of the communication will be erased in this case.


4. Contacting us via Live Chat

a) Description and scope of the data processing

On our website, we give you the opportunity to contact us via live chat. The data you provide in this context will be transmitted to, and used by, us for the purpose of dealing with your query. When sending your query, the following data will be collected:

  • your IP address
  • your location
  • your name (optionally)
  • other personal data provided by you in the live chat protocol.

When sending your query, the following data will additionally be processed:

  • date and time of sending your query

b) Legal basis for the data processing

The legal basis for the processing of the data transmitted when contacting us via live chat is Art. 6 (1) 1st subparagraph, lit. (f) GDPR. If you contact us using our contact form with the intention of concluding a contract, like an engagement letter, the legal basis for the data processing is Art. 6 (1) 1st subparagraph, lit. (b) GDPR.

c) Purpose of the data processing

We will use your personal data only for the purpose of dealing with your query. Other personal data will be processed during the sending process for security reasons in case the contact options granted are misused or our IT systems compromised by the contact. We do not collect any other data.

Our legitimate interest in processing your personal data lies in these purposes pursuant to Art. 6 (1) 1st subparagraph, lit. (f) GDPR.

d) Storage period

We erase your personal data as soon as they are no longer needed to achieve the purpose for which they are processed. Any personal data that you have transmitted in the context of contacting us via live-chat will be erased as soon as the respective conversation with you is closed. The conversation will be considered closed when it is clear from the circumstances that the matter concerned has been resolved.

e) Objection and deletion options pursuant to Art. 21 GDRP

You have the right to object to us processing your personal data at any time. In such case the conversation cannot be continued. Please send your objection to datenschutz@winheller.com. Any personal data processed in the context of the correspondence will be erased in this case.


5. Newsletter

a) Description and scope of the data processing

On our website, we give you the opportunity to subscribe to our free newsletter. In order to be able to send the newsletter to you, we need you to provide the following personal data (personal master data) when you subscribe:

  • your title
  • your name
  • your e-mail address
  • the newsletter you have selected
  • your academic title (if any)
  • other personal data provided by you in the contact form (optionally)

In addition we will use your IP address, the date and time of your subscription, your language selection and the lead source. No other data will be processed. When subscribing to our newsletter, you will be asked to consent to us processing your personal data.

In addition, we process data for analyzing your user behavior using so-called web beacons (tracking pixels). The data processed in this context include your IP address, your accesses and the access frequency to our newsletter.  

b) Legal basis for the data processing

The legal basis for the processing of the data after your subscription to our newsletter is the consent you have given in this context pursuant to Art. 6 (1) 1st subparagraph, lit. (a) GDPR.

c) Purpose of the data processing

We will use your personal master data for sending the newsletter to you.

In this context, we check the e-mail address provided in order to verify that you are the owner and/or that the owner of the e-mail address consents to receiving the newsletter.

We will process your IP address and the date and time or your subscription for security reasons in case a third party registers on our website without your knowledge or misuses your personal data.

d) Storage period

We erase your personal data as soon as they are no longer needed to achieve the purpose for which they were collected when you chose to opt out of our newsletter. In such case your personal master data will be erased immediately; other data collected in the context of your subscription, like your IP address and the date and time of your subscription, will be erased within 60 days in a system-defined erase cycle.

e) Withdrawal option pursuant to Art. 7 GDPR

You have the right to withdraw your consent to the processing of your data, to their use for sending out the newsletter, and to your newsletter subscription at any time pursuant to Art. 7 GDPR. You can do so by clicking the unsubscribe button, which is contained in every newsletter. This will not affect the lawfulness of the processing of your data until that moment. In case of withdrawal we will stop processing and erase your personal data.


6. Use of Google Analytics with anonymization function

a) Description and scope of the data processing

Our website uses Google Analytics, a web analytics service provided by Google, Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, hereinafter referred to as "Google". Google Analytics uses so-called cookies. Cookies are text files, which are stored on your device and help analyze your behavior when using our website.

The information generated by the cookie about your use of our website will be transmitted to and stored on a Google servers located in the United States.

As we are fully committed to protecting your privacy, we provide an option to use our website anonymously. We therefore exclusively use Google Analytics with the extension "_gat._anonymizeIp" so as to ensure that your IP address is abbreviated and thereby anonymized by Google within the member states of the European Union or in other contracting states of the Treaty of the European Economic Area. The full IP address will be transmitted to, and abbreviated by, a Google server only in specific exceptional cases. According to Google's own information, Google will not associate your IP address with any other data held by Google.

For more details on the terms and conditions and privacy policy of Google Analytics please refer to: www.google.de/analytics/terms/de.html.

b) Legal basis for the data processing

The legal basis for the use of Google Analytics is Art. 6 (1) 1st subparagraph, lit. (f) GDPR.

c) Purpose of the data processing

Google will use said information for analyzing your use of our website, compiling reports on website activity for us, and providing other services relating to website activity and internet usage. Our legitimate interest in processing your personal data lies in these purposes. Google may also transfer the information collected to third parties if Google is required to do so by law or if third parties process the information on Google’s behalf.

d) Storage period

The storage period for the data transmitted by you and associated with cookies is 36 months. Upon expiry of that period, the data will automatically be erased. Data will be erased automatically once every month after expiry of the storage period. In addition, you can uninstall the cookies placed on your device by Google Analytics on your own and thereby erase the data stored. More details on how to delete cookies using your browser settings are provided below.

e) Objection and deletion option pursuant to Art. 21 GDPR

You are free to prevent the installation of the cookies by clicking on the following link. When using the link, you place an opt-out cookie that prevents the collection of your data during your future visits to our website.



7. Use of Google AdWords

a) Description and scope of the data processing

We are using the online advertising tool "Google AdWords" and conversion tracking within Google AdWords provided by Google, Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. If you access our website by clicking on an advertisement delivered by Google, a conversion tracking cookie is placed on your computer. Cookies are small text files which are stored in the browser of a visitor and allow visitors to be recognized through their browser. Cookies are not used to identify you personally.  

b) Legal basis for the data processing

The legal basis for the use of Google AdWords is Art. 6 (1) 1st subparagraph, lit. (f) GDPR.

c) Purpose of the data processing

If you visit certain pages on our website while the cookie has not yet expired, Google and we can see that you have clicked on the advertisement and been redirected to this page. Information obtained by using a conversion cookie is used to generate visitor statistics for our website. In this way, we get information on the total number of users, who have clicked on one of the advertisements placed by us and been redirected to a page utilizing a conversion tracking tag. However, we do not get any information that can be used for personally identifying you.

As we use these data for advertising purposes, our legitimate interest in processing said data lies in these purposes.

d) Storage period

The cookies used by Google AdWords for analyzing website usage have a predefined storage period. Please be aware that we have no information and no influence on that storage period. You can uninstall the cookies placed on your device by Google AdWords on your own and thereby erase the stored data. More details on how to delete cookies using your browser settings are provided below.

e) Objection and deletion options pursuant to Art. 21 GDPR

Your browser settings allow you to prevent the installation of the conversion cookies. You can either generally prevent cookies from being automatically placed on your computer or block the cookies of one specific domain. More details and Google's privacy policy are available at www.google.de/intl/de/policies/privacy/.


8. Use of YouTube components with enhanced data protection mode

a) Description and scope of the data processing

Our website uses video components provided by the company YouTube LLC, 901 Cherry Ave., 94066 San Bruno, CA, USA, hereinafter "YouTube", a company belonging to Google Inc., Amphitheatre Parkway, Mountain View, CA 94043, USA.

In this context, we use the "-enhanced data protection mode-" option provided by YouTube. According to information provided by YouTube, this mode does not store information about you as long as you only visit the site where the video is embedded. No cookies will be installed on your device and no personal data will be transmitted to YouTube until you watch the video. If you are logged onto your YouTube member account while displaying the YouTube video, your usage behavior will be matched to your YouTube member account.

We have no detailed information about the scope of data collected by YouTube. According to its own statements, YouTube collects location-related data, such as your IP address, and uses cookies to unambiguously identify your browser or Google Account. The data collected may be shared with other services of the Google Network. For more details about the scope YouTube and Google process your personal data, please visit www.policies.google.com/privacy.

b) Legal basis for the data processing

The legal basis for the use of YouTube components is Art. 6 (1) 1st subparagraph, lit. (f) GDPR.

c) Purpose of the data processing

Your personal data will be processed to make the respective YouTube video available to you. Our legitimate interest in processing your personal data lies in this purpose. d) Storage Period We have no information on how long the personal data collected by YouTube will be stored and we have no influence on the storage period.

e) Objection and deletion options pursuant to Art. 21 GDPR

If you do not want YouTube to match the data collected through our website to your YouTube member account, you should log out of your account before visiting our website. You can also prevent YouTube plugins from being used by applying add-ons to your browser, e.g. the script blocker "NoScript" (http://noscript.net/).


9. Facebook Custom Audience via the pixel procedure

a) Description and scope of data processing

This website uses the "Facebook pixel" of Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland ("Facebook"). In the event that explicit consent is given, this allows the behavior of users to be tracked after they have seen or clicked on a Facebook advertisement. This procedure is used to evaluate the effectiveness of Facebook ads for statistical and market research purposes and can help to optimize future advertising measures.

The data collected is pseudonymized and we cannot draw any direct conclusions about the identity of the users. However, the data is stored and processed by Facebook, so that a connection to the respective user profile is possible and Facebook can use the data for its own advertising purposes, in accordance with the Facebook data usage policy (https://www.facebook.com/about/privacy/). You may allow Facebook and its partners to serve ads on and off Facebook. Furthermore, a cookie may be stored on your computer for these purposes.

b) Legal basis for data processing

The legal basis for data processing is your consent in accordance with Art. 6 (1) sentence 1 lit. a DSGVO.

c) Purpose of data processing

In this context, we process the relevant data for the purpose of effective marketing.

d) Duration of storage

We delete your personal data when they are no longer required to achieve the purpose of their processing. These cookies lose their validity after 180 days.

e) Revocation according to Art. 7 DSGVO

You can revoke your consent to data processing at any time in accordance with Art. 7 DSGVO. To do so, please contact: datenschutz@winheller.com. The legality of the processing carried out until then on the basis of the consent is not affected by the revocation.

To disable the use of cookies on your computer, you can set your internet browser so that in the future no more cookies can be stored on your computer or already stored cookies are deleted. However, switching off all cookies may mean that some functions on our internet pages can no longer be executed. You can also disable the use of cookies by third-party providers such as Facebook on the following website of the Digital Advertising Alliance: https://www.aboutads.info/choices/


10. Use of the LinkedIn services Analytics and Marketing Solutions

a) Description and scope of data processing

We use "LinkedIn Analytics" and "LinkedIn Marketing Solutions" on our website, services of LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland ("LinkedIn"). Via the aforementioned services, LinkedIn uses cookies to collect and process information about your user behavior on our platform in order to analyze it for us.

In the context of this, personal data is transmitted to the U.S. To ensure an appropriate level of data protection, we have concluded a contract with standard contractual clauses. 

Further information from the third-party provider on data protection can be found on the following website: https://www.linkedin.com/legal/privacy-policy

b) Legal basis for data processing

The legal basis for the processing is Art. 6 para. 1 sentence. 1 lit. a DSGVO.

c) Purpose of data processing

We use the aforementioned LinkedIn services for marketing and optimization purposes, in particular to analyze the use of our website and to continuously improve individual functions and offers as well as the user experience and to make it more interesting for you as a user. 

d) Duration of storage

We delete your personal data when they are no longer required to achieve the purpose of their processing.

e) Revocation according to Art. 7 DSGVO

You can revoke your consent to data processing at any time in accordance with Art. 7 DSGVO. To do so, please contact: datenschutz@winheller.com. The legality of the processing carried out until then on the basis of the consent is not affected by the revocation.

You can prevent the installation of cookies by deleting existing cookies and deactivating a storage of cookies in the settings of your web browser. We point out that in this case you may not be able to use all features of our website in full. You can also prevent the collection of the aforementioned information by LinkedIn by setting an opt-out cookie on one of the websites linked below:

https://www.linkedin.com/psettings/guest-controls  
http://optout.aboutads.info/?c=2#!/ 
http://www.youronlinechoices.com/de/praferenzmanagement/

Please note that this setting will be deleted when you delete your cookies.


11. Use of social media buttons with "Shariff"

On our website we use the c’t project "Shariff" developed by Heise.de. In this way we want to avoid a comprehensive collection and analysis of your visit by providers of social media/ social sharing functions. Shariff replaces the usual share buttons on social networks and thereby protects your surfing behavior. Shariff only integrates the share buttons of the social networks listed below as graphics on our website. The graphic contains a link to the corresponding social network.

Without the use of Shariff, the usual social media buttons would transfer your data to the social networks each time you visit the site and give them information about your surfing behavior, regardless of whether you are logged in on, or a member of, the social network. A Shariff button, on the other hand, does not establish direct contact between the social network and you until you actively click on the Share button. Without clicking the Shariff button, there will be no exchange between the social network and you. In this way, Shariff prevents you from leaving a digital fingerprint by merely visiting the website.

More information about the c’t project "Shariff" is available at www.heise.de/ct/artikel/Shariff-Social-Media-Buttons-mit-Datenschutz2467514.html.

On our website, we integrate the following social networks with Shariff:

  • Facebook components
  • Twitter recommendation components
  • Xing recommendation components
  • LinkedIn recommendation components

The purpose and scope of data collection and the further processing and use of the data by the providers on their pages as well as your related rights and setting options for protecting your privacy can be found in the privacy policies of the social network providers, which are available at:


12. Use of the WhatsApp share button

Our website uses the WhatsApp Share Button. This button allows you to easily share contents of our website as a personal message through WhatsApp. The button is a hyperlink. When accessing our website no personal data will be transmitted to WhatsApp, WhatsApp Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, or other third parties. The content shared and the fact that you shared the content will not be transmitted until you activate the button.

For further information on the handling of personal data by WhatsApp, please visit: www.whatsapp.com/legal/.


13. Use of Proven Expert

a) Description and scope of data processing

This website uses a plugin from Proven Expert, a service of Expert Systems AG, Quedlinburger Straße 1, 10589 Berlin, Germany ("Proven Expert"). We use Proven Expert to show you the number of reviews submitted on our website. It is not possible to submit ratings regarding our services via the plugin. To do so, you must click on the plugin, which will then take you to the Proven Expert website. If you are not logged in with your account at Proven Expert, only your IP address will be transmitted.

b) Legal basis for data processing

The legal basis for data processing is our legitimate interest according to Art. 6 para. 1 sentence 1 lit. f DSGVO.

c) Purpose of the data processing

The purpose of this data processing is to ensure transparency in connection with our consulting services and to achieve more reach for the services we offer. This is also our legitimate interest.

d) Duration of storage

We delete your personal data when they are no longer required to achieve the purpose of their processing.

e) Objection and deletion option pursuant to Art. 21 DSGVO

You have the option to object to the processing of your personal data at any time. Please address your objection to datenschutz@winheller.com.


14. Publication of job advertisements

a) Description and scope of the data processing

On our website, we give you the opportunity to apply for a position offered by e-mail. At the time of your application, we collect and process the following personal data:

  • your name
  • your address
  • your date of birth
  • your e-mail address
  • your work experience
  • your school education
  • your language skills
  • other data that you transmit to us in your cover letter, CV, certificates or references.

If we conclude an employment contract after you have gone through the application procedure, your personal data will be further processed for the purpose of performing the employment contract.

b) Legal bases for the data processing

The legal bases for the processing of your personal data are Art. 6 (1) 1st subparagraph, lit. (b) GDPR, Art. 88 GDPR in conjunction with Sec. 26 (1) BDSG. The processing is necessary in order to take steps prior to entering into a contract, in the case in hand, the decision on whether to establish an employment relationship.

c) Purpose of the data processing

We process your personal data exclusively for the purpose of handling the application procedure.

d) Storage period

We delete your personal data if they are no longer necessary to achieve the purpose for which they are processed. If no employment relationship is established, your data will be erased within three months of receipt of the cancellation, unless there are legitimate interests that exclude erasure. Such legitimate interest will be deemed to exist in case of a legal dispute.

e) Consequences of non-provision of personal data

You are not obliged to provide your personal data for the above purposes. If you do not provide the data, we will end the application procedure with the result that no employment relationship can be established at that point in time.


15. Online application procedure

a) Description and scope of data processing

We offer you the opportunity to apply for a job offer via our website using a web form. As part of the application process, we process the following personal data:

  • Your name
  • Your address
  • Your date of birth
  • Your e-mail address
  • Your work experience
  • Your school education
  • Your language skills
  • How you became aware of WINHELLER
  • Time of availability
  • Salary requirements, if applicable
  • Other data that you provide to us in your cover letter, resume or references

If we conclude an employment contract with you following the application process, your personal data will be further processed for the purpose of implementing the employment relationship.

b) Legal basis for data processing

The legal basis for the processing of your personal data is Art. 6 para. 1 UAbs. 1 letter b, Art. 88 DSGVO in conjunction with. § 26 para.1 BDSG. Your data is required for the implementation of pre-contractual measures, in this case the decision on the establishment of an employment relationship.

c) Purpose of the data processing

We process your personal data solely for the purpose of handling the application process.

d) Duration of storage

The personal data will be deleted when they are no longer required to achieve the purpose of their processing. If no employment relationship is established, your data will be deleted no later than 6 months after receipt of the rejection, provided that no legitimate interests oppose the deletion. A legitimate interest exists in the event of the existence of a legal dispute.

e) Disclosure of data to third parties

The data transmitted in the context of your application will be transferred via TLS encryption and stored in a database. This database is operated by Personio GmH, Butterlecherstraße 16, 80469 Munich, which offers personnel administration and applicant management software (https://www.personio.de/impressum). Personio is our processor in this context according to Art. 28 DSGVO. The basis for the processing here is a contract between us as the controller and Personio.

f) Consequences of not providing your personal data

You are not obliged to provide your data for the aforementioned purposes. In the event that you refrain from providing it, we will terminate the application process with the result that no employment relationship can be established at that time.


16. Comment option in our blog

a) Description and scope of the data processing

If you wish, you may use our website to leave comments on the blog posts published on our website. Using the comments function requires that you enter your name, which may be pseudonym. In addition your e-mail address will be needed. The comments function cannot be used without these data. In addition, your IP address and the date and time, when the comment was created, will be stored. When displaying your comment on our website, we will process the e-mail address you have provided but we will not publish it. In the event that you have not used a pseudonym, only your name will be published.

b) Legal basis for the data processing

The legal basis for the processing of the data is Art. 6 (1) 1st subparagraph, lit. (f) GDPR.

c) Purpose of the data processing

We will process the personal data if an author makes infringing comments. We need these data in order to prosecute an author in case of infringements. Our legitimate interest in processing lies in this purpose.

d) Storage period

The comments and the personal data published in this context are stored and remain on our website until your comment is fully erased for lack of relevance or topicality or has to be erased for any legal reasons. We reserve the right to erase any comment criticized as unlawful by third parties.

e) Objection and deletion options pursuant to Art. 21 GDRP

You have the right to object to us processing your personal data in connection with your comment at any time.


17. Use of Microsoft Forms

a) Description and scope of data processing

We use Microsoft Forms, a service provided by Microsoft Ireland Operations Limited, One Microsoft Place South County Business Park, Leopardstown, Dublin 18, D18 P521, Ireland (here: "Microsoft").

We use this tool to create questionnaires that are made available on our website. In the context of this, the following technical data with personal reference is collected from you at the time of submitting the questionnaire:

  • IP address
  • Date and time of submission of the survey or questionnaire

In addition, the following inquiry-related data is collected depending on the respective questionnaire:

  • First and last name
  • E-mail address
  • Telephone number
  • Address
  • Location
  • Information in the comment field(s)

Your personal data will be transferred to the USA and stored on Microsoft servers. To ensure an appropriate level of data protection, we have concluded a contract with Microsoft with standard contractual clauses.

You can find more information about data protection at Microsoft on the following website: https://privacy.microsoft.com/en-us.

b) Legal basis for data processing

If you use the provided tool for an application, the legal basis for the data processing is Art. 6 para. 1 UAbs. 1 letter b, Art. 88 DSGVO in conjunction with. § Section 26 (1) BDSG. 

If the completion of the form aims at the conclusion of a contract, such as a mandate contract, the legal basis for the processing is Art. 6 para. 1 UAbs. 1 letter b DSGVO.

The legal basis for the processing of technical data is Art. 6 para. 1 UAbs 1 lit. f DSGVO.

In other cases, the legal basis is your consent in accordance with Art. 6 para. 1 UAbs 1 lit. a DSGVO.

c) Purpose of the data processing

The use of the tool serves the purpose of providing an opportunity for interested parties to make low-threshold contact with us, in particular to apply for a job or to establish a client relationship. This is also our legitimate interest.

d) Duration of storage

We delete your personal data when they are no longer required to achieve the purpose of their processing. 

If you have used a form for the purpose of applying for a job and no employment relationship is established, your data will be deleted no later than 6 months after receipt of the rejection, provided that no legitimate interests oppose the deletion.

If the use of the form served to establish an attorney-client relationship, the deletion will generally take place after the expiration of the statute of limitations, beginning with the end of the year in which the attorney-client relationship is terminated by effective notice of termination. After the statute of limitations has expired, your data will be blocked and deleted after expiry of the statutory retention obligations.

The IP address additionally processed during the sending process will be deleted after a period of 30 days.

e) Revocation according to Art. 7 DSGVO

You may revoke your consent to data processing, if relevant in the specific cases, at any time in accordance with Art. 7 DSGVO. To do so, please contact: datenschutz@winheller.com. The lawfulness of the processing carried out until then on the basis of the consent is not affected by the revocation.


18. Direct advertising

In individual cases, we process your personal data to conduct direct advertising. You have the right to object to the processing of your personal data for the purpose of such advertising at any time (see section XII. 3. below).


XII. Your rights as a data subject

  1. Right to information
    You have the right to request information from us at any time about your personal data processed by us. This includes information about the origin, recipients or categories of recipients to whom we transfer your data and the purposes for which we process your personal data.
  2. Right to rectification
    You have the right to request that we correct and/or complete your personal data without delay if your personal data is incorrect or incomplete.
  3. Right of withdrawal
    You can revoke your consent to data processing at any time. This means that we will no longer process the data based on this consent in the future. 
  4. Right of objection
    Insofar as your personal data is processed on the basis of legitimate interests pursuant to Art. 6 (1) UAbs. 1 lit. f DSGVO, you have the right to object to the processing of your personal data on grounds arising from your particular situation pursuant to Art. 21 DSGVO. If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your rights and freedoms, or the processing serves the purpose of asserting, exercising or defending legal claims.
  5. Right to erasure or restriction of processing
    You may request us to delete your personal data stored by us without undue delay, unless the further processing of your personal data is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation (e.g. in the case of retention obligations), for reasons of public interest or for the assertion, exercise or defense of legal claims. You also have the right to request the restriction of the processing of your personal data, insofar as the accuracy of the data is disputed by you, the processing is unlawful and you refuse the deletion of the data and instead request the restriction of the use of the data, we no longer need the data, but you need it for the assertion, exercise or defense of legal claims or you have objected to the processing in accordance with Article 21 DSGVO. 
  6. Right to data portability
    You have the right to receive the personal data concerning you that you have provided to us in a structured, common and machine-readable format, provided that this is technically possible. You also have the right to request that it be transferred to another controller.
  7. Automated decision in individual cases including profiling
    You have the right not to be subjected to a decision based exclusively on automated processing - including profiling - which produces legal effects vis-à-vis you or similarly significantly affects you. For the establishment and implementation of the client-lawyer relationship, we therefore generally do not use fully automated decision-making. Should we nevertheless use these procedures in individual cases, we will inform you of this.

You can assert your rights by informally notifying us or our data protection officer in text form at: datenschutz@winheller.com.

Please note that a refusal to provide your personal data may result in a client relationship between you and us not being established or we may have to terminate it.

XIII. Your right of complaint

In addition, you have the right to lodge a complaint with a supervisory authority if you believe that the processing of personal data concerning you violates the General Data Protection Regulation.

The supervisory authority responsible for us is:
The Hessian Data Protection Commissioner
P.O. Box 3163
65021 Wiesbaden
Germany

E-mail: poststelle@datenschutz.hessen.de
Phone: +49 (0)611 140 80
Fax: +49 (0)611 140 89 00

Do you need support?

Do you have questions about our services or would you like to arrange a personal consultation? We look forward to hearing from you! Please fill in the following information.

Or give us a call: +49 69 76 75 77 80
 

Contact

Contact
captcha