The controller within the meaning of data protection laws is:
Attorney Radoslaw Michal Suchy, LL.M.
Law Firm MRS Legal
August-Bebel-Str. 27
14482 Potsdam
+49 1792 155 886
+48 795 821 950
kontakt@mrslegal.de
With this privacy policy, we inform you (hereinafter also referred to as the “user” or “data subject”) in general terms about the data processing activities carried out by our law firm MRS Legal and, in particular, about the data processing that takes place when you visit our website, contact us via our website contact form, by email or telephone, or subscribe to our newsletter. We also inform you about our online presence on social media platforms and about your rights with regard to the processing of your data. The term “data processing” always refers to the processing of personal data.
1.1 Categories of Personal Data
We process the following categories of personal data:
1.2 Recipients or Categories of Recipients of Personal Data
If, in the course of our processing, we disclose data to other persons and companies such as web hosts, processors, or third parties, transmit such data to them or otherwise grant them access to the data, this is done on the basis of a legal authorization (e.g. if the transmission of the data to third parties is necessary for the fulfillment of a contract pursuant to Art. 6(1)(b) GDPR), if the data subjects have given their consent, or if a legal obligation requires this.
1.3 Duration of Storage of Personal Data
The criterion for the duration of the storage of personal data is the respective statutory retention period. After the period has expired, the corresponding data will be deleted, provided that it is no longer required to achieve the purpose, to fulfill a contract, or to initiate a contract.
1.4 Transfers to Third Countries
If we process data in a third country (i.e., outside the European Union (EU) or the European Economic Area (EEA)), or if this occurs in the context of the use of services of third parties or the disclosure or transmission of data to third parties, this only takes place if it is necessary to fulfill our (pre-)contractual obligations, on the basis of your consent, due to a legal obligation, or on the basis of our legitimate interests. Subject to legal or contractual permissions, we only process or allow the processing of data in a third country if the special requirements of Art. 44 et seq. GDPR are met, i.e., processing takes place for example on the basis of special guarantees, such as the officially recognized determination of a data protection level equivalent to that of the EU (e.g. for the USA via the “Privacy Shield”) or compliance with officially recognized specific contractual obligations (so-called “standard contractual clauses”).
2.1 Log Files
Each time a data subject accesses our website, general data and information are stored in the log files of our system:
• Date and time of access (timestamp);
• IP address;
• Browser type/version;
• Operating system used;
• Request details and target address (protocol version, HTTP method, referrer, user agent string);
• Name of the accessed file and transferred data volume (requested URL including query string, size in bytes);
• Notification of whether the request was successful (HTTP status code).
We do not draw any conclusions about the data subject when using this general data and information. There is no personal evaluation or analysis of the data for marketing purposes or profiling. The IP address is not stored in this context.
The legal basis for the temporary storage of data is Art. 6(1)(f) GDPR. The collection of data for the provision of the website and the storage of data in log files is absolutely necessary for the secure operation of our website. Therefore, there is no option for the data subject to object.
2.2 Malware Detection and Log Data Analysis
We collect log data generated during the operation of communication technology and evaluate it automatically, insofar as this is necessary for detecting, limiting, or eliminating malfunctions or errors in communication technology, or for defending against attacks on our information technology or for the detection and defense against malware.
The legal basis for the temporary storage and analysis of data is Art. 6(1)(f) GDPR. The storage and evaluation of the data is absolutely necessary for the provision and secure operation of the website. Therefore, there is no option for the data subject to object.
2.3 Cookies
We use so-called cookies on our website. Cookies are small text files exchanged between the web browser and the hosting server. Cookies are stored on the user’s computer and transmitted to our website. You can restrict or prevent the use of cookies in your web browser settings. Cookies that have already been saved can be deleted at any time. If cookies for our website are deactivated, this may result in the website not being displayed or used to its full extent.
The use of cookies serves, on the one hand, to make the use of our services more pleasant for you. For example, we use so-called session cookies to recognize that you have already visited individual pages of our website. These are automatically deleted after you leave our site.
In addition, we use temporary cookies to optimize user-friendliness, which are stored on your end device for a certain specified period. If you visit our site again to use our services, it is automatically recognized that you have already been with us and which inputs and settings you made, so that you do not have to enter them again.
On the other hand, we use cookies to statistically record the use of our website and to evaluate it for the purpose of optimizing our offering for you (see section 2.4). These cookies allow us to recognize that you have already visited our site when you return. These cookies are automatically deleted after a defined period.
The legal basis for the processing of personal data using cookies is Art. 6(1)(f) GDPR.
2.4 Tracking Tools: Google Analytics
For the purpose of tailoring and continuously optimizing our pages to suit your needs, we use Google Analytics, a web analytics service provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter “Google”).
In this context, pseudonymized user profiles are created and cookies (see section 2.3) are used. The information generated by the cookie about your use of this website such as:
• Browser type/version;
• Operating system used;
• Referrer URL (the previously visited page);
• Hostname of the accessing computer (IP address);
• Time of server request,
is transmitted to a Google server in the USA and stored there. This information is used to evaluate the use of the website, compile reports on website activities, and to provide other services related to website and internet usage for the purposes of market research and the tailored design of this website. This information may also be transferred to third parties if required by law or if third parties process this data on our behalf.
Under no circumstances will your IP address be merged with other data from Google. The IP addresses are anonymized so that an assignment is not possible (IP masking). You can prevent the installation of cookies by setting your browser software accordingly; however, we point out that in this case not all functions of this website may be fully usable.
Furthermore, you can prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) and the processing of this data by Google by downloading and installing a browser add-on.
As an alternative to the browser add-on, especially for browsers on mobile devices, you can also prevent the collection of data by Google Analytics by clicking on this link. An opt-out cookie will be set, which prevents the future collection of your data when visiting this website. The opt-out cookie only applies to this browser and only for our website and is stored on your device. If you delete the cookies in this browser, you must set the opt-out cookie again.
The tracking measures we use are carried out on the basis of Art. 6(1)(f) GDPR.
We aim to ensure a needs-based design and the continuous optimization of our website. Furthermore, we use the tracking measures to statistically record the use of our website and to evaluate it for the purpose of optimizing our offer for you. These interests are considered legitimate within the meaning of the aforementioned provision.
2.5 Hosting
The hosting services we use serve to provide the following services: infrastructure and platform services, computing capacity, storage space and database services, security services as well as technical maintenance services which we use for the operation of our website.
In this context, we or our processor process inventory data, contact data, content data, contract data, usage data, meta and communication data of users of our website based on our legitimate interests in an efficient and secure provision of this online offer pursuant to Art. 6(1)(f) GDPR in conjunction with Art. 28 GDPR (conclusion of a data processing agreement).
3.1 Contact by Email
You can contact us via the email addresses published on our website. If you choose this method of communication, the data you provide (e.g., first name, last name, address), at minimum your email address, as well as the information contained in your message and any personal data you transmit, will be stored for the purpose of responding to your inquiry and processing your request. In addition, the following data is collected by our system:
• IP address of the accessing computer;
• Date and time the email was received.
The legal basis for processing personal data transmitted via email is Art. 6(1)(b) or (f) GDPR.
3.2 Contact via Website Contact Form
If you use the contact form provided on our website, you are required to provide your first and last name as well as your email address. Without this data, we cannot process your request submitted via the contact form. Providing your address is optional and enables us to process your request by postal mail, if desired.
In addition, the following data is collected by our system:
• IP address of the accessing computer;
• Date and time of submission.
The legal basis for processing personal data submitted via the contact form is Art. 6(1)(b) or (f) GDPR.
3.3 Contact by Mail and Fax
If you send us a letter or fax, the data you provide (e.g., first name, last name, address) and the information contained in your message, including any personal data, will be stored for the purpose of responding to your inquiry and processing your request.
The legal basis for processing personal data transmitted via mail or fax is Art. 6(1)(b) or (f) GDPR.
In addition, the following data is collected by our system at the time of registration:
• IP address of the accessing computer;
• Date and time of registration.
As part of the registration process, we obtain your consent to process your data and refer you to this privacy policy. Data processing is based on your consent pursuant to Art. 6(1)(a) GDPR and our legitimate interest pursuant to Art. 6(1)(f) GDPR.
We use this data solely for sending the newsletter. We do not share your data with third parties and do not use it for any other purpose. The use of a double opt-in process—whereby a confirmation message containing a link for final registration is sent—ensures that the newsletter has been requested by you and not by a third party. Upon registration, your data is stored on our servers, and a confirmation email with a registration link is sent to the specified email address. If you do not confirm the registration via the link in the email, the data will be deleted after 24 hours. Only after confirming the link will your data be stored for the purpose of sending the newsletter for the duration of your use of our service.
If you no longer agree to the storage of your data for this purpose and no longer wish to use our service, you can unsubscribe from the newsletter at any time. Each newsletter contains a corresponding unsubscribe link. Any personal data you provided for the purpose of receiving the newsletter will then be deleted.
As a data subject, you have the following rights in connection with the processing of your personal data:
5.1 Right of Access
(1) The data subject has the right to obtain confirmation from the controller as to whether or not personal data concerning them is being processed. Where this is the case, the data subject has the right to access the personal data and the following information:
a) the purposes of the processing;
b) the categories of personal data concerned;
c) the recipients or categories of recipients to whom the personal data has been or will be disclosed, in particular recipients in third countries or international organizations;
d) where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
e) the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing;
f) the right to lodge a complaint with a supervisory authority;
g) where the personal data is not collected from the data subject, any available information as to its source;
h) the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
(2) Where personal data is transferred to a third country or to an international organization, the data subject has the right to be informed of the appropriate safeguards pursuant to Article 46 GDPR relating to the transfer.
5.2 Right to Rectification
The data subject has the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning them. Taking into account the purposes of the processing, the data subject has the right to have incomplete personal data completed, including by means of providing a supplementary statement.
5.3 Right to Erasure (“Right to be Forgotten”)
(1) The data subject has the right to obtain from the controller the erasure of personal data concerning them without undue delay, and the controller is obliged to erase personal data without undue delay where one of the following grounds applies:
a) The personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed.
b) The data subject withdraws consent on which the processing is based according to Article 6(1)(a) or Article 9(2)(a) GDPR, and there is no other legal ground for the processing.
c) The data subject objects to the processing pursuant to Article 21(1) GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2) GDPR.
d) The personal data has been unlawfully processed.
e) The personal data must be erased for compliance with a legal obligation under Union or Member State law to which the controller is subject.
f) The personal data has been collected in relation to the offer of information society services referred to in Article 8(1) GDPR.
(2) Where the controller has made the personal data public and is obliged pursuant to paragraph 1 to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that the data subject has requested the erasure by such controllers of any links to, or copy or replication of, those personal data.
(3) Paragraphs 1 and 2 shall not apply to the extent that processing is necessary:
a) for exercising the right of freedom of expression and information;
b) for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
c) for reasons of public interest in the area of public health in accordance with Article 9(2)(h) and (i) and Article 9(3) GDPR;
d) for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) GDPR insofar as the right referred to in paragraph 1 is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
e) for the establishment, exercise or defence of legal claims.
5.4 Right to Restriction of Processing
(1) The data subject has the right to obtain from the controller restriction of processing where one of the following applies:
a) the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data;
b) the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of its use instead;
c) the controller no longer needs the personal data for the purposes of the processing, but it is required by the data subject for the establishment, exercise or defence of legal claims;
d) the data subject has objected to processing pursuant to Article 21(1) GDPR pending the verification of whether the legitimate grounds of the controller override those of the data subject.
(2) Where processing has been restricted under paragraph 1, such personal data shall, with the exception of storage, only be processed with the data subject’s consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.
5.5 Right to Data Portability
(1) The data subject has the right to receive the personal data concerning them, which they have provided to a controller, in a structured, commonly used and machine-readable format and has the right to transmit those data to another controller without hindrance from the controller to which the personal data has been provided, where:
a) the processing is based on consent pursuant to Article 6(1)(a) or Article 9(2)(a) GDPR or on a contract pursuant to Article 6(1)(b) GDPR; and
b) the processing is carried out by automated means.
(2) In exercising their right to data portability pursuant to paragraph 1, the data subject has the right to have the personal data transmitted directly from one controller to another, where technically feasible.
The right referred to in paragraph 1 shall not adversely affect the rights and freedoms of others.
This right does not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
5.6 Right to Object
The data subject has the right to object, on grounds relating to their particular situation, at any time to processing of personal data concerning them which is based on Article 6(1)(e) or (f) GDPR, including profiling based on those provisions.
The controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.
In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, the data subject may exercise their right to object by automated means using technical specifications.
5.7 Right to Withdraw Consent
The data subject has the right to withdraw their consent to the processing of personal data at any time.
The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
5.8 Right to Lodge a Complaint with a Supervisory Authority
Without prejudice to any other administrative or judicial remedy, every data subject has the right to lodge a complaint with a supervisory authority, in particular in the Member State of their habitual residence, place of work or place of the alleged infringement, if they consider that the processing of personal data relating to them infringes this Regulation.