On this page we inform you about the processing of personal data when using our website (https://gentz.de). Personal data is information that relates to an identified or identifiable person. It particularly refers to information by which you can be identified, such as your name, telephone number, postal address, or email address. This may also include information such as an IP address or device IDs.
A) General information
The controller for the processing of your personal data within the meaning of the General Data Protection Regulation (GDPR) is the
Gentz und Partner Rechtsanwälte mbB
phone: +49 (0)30 – 400 416 400
fax: +49 (0)30 – 400 416 500
2. Data Protection Officer
Our Data Protection Officer is Falk Laue. You can contact him by email at email@example.com or by post at the above address („attn: Data Protection Officer“).
3. Data protection rights
Subject to the respective requirements, you have the following data protection rights:
RIGHT OF ACCESS (ART. 15 GDPR);
RIGHT TO RECTIFICATION (ART. 16 GDPR);
RIGHT TO ERASURE (ART. 17 GDPR);
RIGHT TO RESTRICTION OF PROCESSING (ART. 18 GDPR).
Your enquiries regarding the assertion of data protection rights and our responses to them will be stored for documentation purposes for a period of up to three years and, in individual cases, for longer if there is cause to assert, exercise or defend legal claims. The legal basis is Art. 6 (1) lit. f of the GDPR, based on our interest in defending against any civil claims under Art. 82 of the GDPR, avoiding fines under Art. 83 of the GDPR and fulfilling our accountability obligations under Art. 5 (2) of the GDPR.
You have the right to withdraw your consent at any time. The consequence of this is that we will no longer continue the data processing based on this consent from that point on. The withdrawal of consent does not affect the legality of the processing on the basis of consent that has already been given up until the point of withdrawal.
To the extent we process your data on the basis of legitimate interests, you have the right to object to the processing of your data at any time on grounds relating to your particular situation. If there is an objection to data processing for the purposes of direct advertising, you have a general right to object that may also be implemented without stating reasons.
If you would like to assert your right to object or to withdraw consent, it is sufficient to send an informal message to the above-named contact details.
In addition, there is a right to lodge a complaint with a data protection authority You can assert this right, for example, with a supervisory authority in the member state of your place of residence, your place of work or the place of the alleged infringement. In Berlin, where we are based, the competent supervisory authority is: In Berlin, where we are based, the competent supervisory authority is: Berliner Beauftragte für Datenschutz und Informationsfreiheit, Alt-Moabit 59-61, 10555 Berlin; phone: +49 30 13889-0, e-mail: firstname.lastname@example.org.
4. Cooperation with third parties
In some cases, we use external service providers and partners to process your data, e.g. for hosting the website. These have been carefully selected and commissioned by us. The partners are either bound by our instructions within the framework of commissioned processing or have made other agreements with us regarding data protection, e.g. because we process the data under joint responsibility. We also work with partners who are professionally bound to secrecy, such as tax advisors and other service providers.
5. Storage period
In principle, we store personal data only for as long as required to fulfil the purposes for which we collected the data. We then delete the data promptly, unless we require the data until the expiry of the statutory limitation period for evidence purposes for claims under civil law or due to statutory retention obligations. Contractual data must be retained for evidence purposes for three years from the end of the year in which our business relationship with you ends. The earliest that any claims become statute-barred according to the statutory limitation period is at this point in time. Even after that, we still have to store some of your data for accounting reasons. We are obligated to do so due to legal documentation requirements, particularly arising from the German Commercial Code and Tax Code. The document retention periods specified there range from two to ten years.
If applicable, we will inform you about the specific storage periods in the following sections of these privacy notice.
B) Data processing when calling up the website
1. Access data and hosting
During the purely informative use of our website, information is automatically sent to the server of our website by the browser used on your end device. The following access data is collected and stored:
IP ADDRESS OF THE REQUESTING COMPUTER,
DATE AND TIME OF ACCESS,
NAME AND URL OF THE RETRIEVED FILE,
WEBSITE FROM WHICH THE ACCESS IS MADE (REFERRER-URL),
BROWSER USED AND, IF APPLICABLE THE OPERATING SYSTEM OF YOUR COMPUTER AND THE NAME OF YOUR ACCESS PROVIDER.
The processing of this access data is absolutely necessary to enable you to visit the website, to ensure the continued operability and security of our systems and to maintain the administration of our website in general. The data mentioned are also automatically temporarily stored in internal log files for the purposes described above, to find the cause of and take action in the event of repeated or criminal access that endanger the stability and security of our website.
The legal basis for the processing of the data is Art. 6 (1) lit. f GDPR.
As soon as the aforementioned data is no longer required to display the website, it is deleted. The collection of data for the provision of the website and the storage of the data in log files is absolutely necessary for the operation of the website. Consequently, there is no possibility for the visitor to object. Further storage may take place in individual cases if this is required by law.
Our hosting provider is
We have concluded an order processing contract with Domainfactory. Data is stored only in Europe.
You have various options for contacting us (e.g. by e-mail, telephone or fax). The data collected in this way – depending on the type of contact you have chosen, this includes your e-mail address, your first and last name, your telephone number, the date and time of your enquiry, your request and, if applicable, contract data if you send us enquiries in the context of a contract or contract processing – is used exclusively for the purpose of communicating with you.
We generally base the processing of these data on Art. 6 (1) lit. f GDPR. The processing is based on our legitimate interest in effectively processing inquiries sent to us. If your enquiry is related to the fulfilment of a contract or is necessary for the implementation of pre-contractual measures, the legal basis for the processing of this data is Art. 6 (1) lit. b GDPR. If your data is no longer required for the processing and handling of your enquiry because your request has been dealt with, your concern has been clarified and there are no legal retention periods or a legitimate interest in further retention, your data will be routinely deleted by us.
3. Cookies and similar technologies
C) Data processing in case of mandate
When you mandate us, we collect the following information:
SALUTATION, FIRST NAME, LAST NAME,
A VALID E-MAIL ADDRESS,
TELEPHONE NUMBER (LANDLINE AND/OR CELLPHONR)
INFORMATION NECESSARY TO ASSERT AND DEFEND YOUR RIGHTS UNDER THE MANDATE.
These data are collected
TO IDENTIFY YOU AS OUR CLIENT;
TO APPROPRIATELY GIVE YOU LEGAL ADVICE AND REPRESENT YOU;
TO COMMUNICATE WITH YOU;
TO SETTLE OF ANY LIABILITY CLAIMS THAT MAY EXIST AND TO ASSERT ANY CLAIMS THAT MAY ARISE AGAINST YOU.
The data will be processed upon your request and is required for the above-mentioned purposes for the appropriate processing of the mandate and for the mutual fulfilment of obligations arising from the mandate agreement in accordance with Art. 6 (1) lit. b GDPR.
The personal data collected by us for the mandate will be stored until the end of the legal storage obligation for lawyers (6 years after the end of the calendar year in which the mandate was terminated) and then deleted, unless we are obliged to store them for a longer period of time pursuant to Art. 6 (1) lit. c GDPR due to tax and commercial law storage and documentation obligations (from German Commercial Code, German Criminal Code or German Fiscal Code) or you have consented to further storage pursuant to Art. 6 (1) lit. a GDPR.
Insofar as this is necessary in accordance with Art. 6 (1) lit. b GDPR for the processing of client relationships with you, your personal data will be passed on to third parties. This includes in particular the disclosure to opposing parties and their representatives (in particular their lawyers) as well as courts and other public authorities for the purpose of correspondence and the assertion and defence of your rights. The data passed on may only be used by the third party for the purposes stated.
The attorney-client privilege remains unaffected. Insofar as the data concerned is subject to the attorney-client privilege, it will only be passed on to third parties according to your agreement.
E) Data processing for applications
You can apply to us by e-mail or by post. If you send us an application, we process your associated personal data (e.g. contact and communication data, application documents such as references and CV, telephone number if applicable, salary expectations, etc.) insofar as this is necessary for a decision on the establishment of an employment relationship. This may include special categories of personal.
We may also receive the above data from other sources, if necessary, including websites and other publicly available data on the internet. For example, this includes data that you have disclosed as part of an online profile (e.g. LinkedIn).
The legal basis for this is Art. 6 (1) lit. b and Art. 88 (1) GDPR in conjunction with § 26 (1) of the German Federal Data Protection Act (BDSG). In the case of public profiles, we additionally rely on Art. 6 (1) lit. f GDPR. The legitimate interest in this case is to obtain a clear brief profile from you.
We store your personal data upon receipt of your application. If we accept your application and we subsequently employ you, we will store your applicant data for as long as the data is necessary for your employment and as far as we are legally required to retain it. If we reject your application, we will store your applicant data for a maximum of six months after rejection of your application, unless you give us your consent to longer storage.
F) Online presence in social networks
We maintain an online presence on the social network LinkedIn in order to provide information there about our services, among other things. The users’ data is usually processed by the social networks concerned for market research and advertising purposes. In this way, usage profiles can be created based on the interests of the users. For this purpose, cookies and other identifiers are stored on the computers of the data subjects. Based on these usage profiles, advertisements, for example, are then placed within the social networks but also on third-party websites.
As part of the operation of our online presence on LinkedIn, it is possible that we may access information such as statistics on the use of our online presences provided by the social networks. These statistics are aggregated and may include, in particular, demographic information (e.g. age, gender, region, country) as well as data on interaction with our online presences (e.g. likes) and the posts and content distributed via them. This may also provide information about the interests of users and which content and topics are particularly relevant to them. This information may also be used by us to adapt the design and our activities and content on the online presence and optimize it for our audience. The collection and use of these statistics are generally subject to joint responsibility.
The legal basis for data processing is Art. 6 (1) lit. f GDPR, based on our legitimate interest in effective information and communication with users, and Art. 6 (1) lit. b GDPR, in order to carry out pre-contractual measures with interested parties.
Where you have an account with the social network, it is possible that we may see your publicly available information and media when we access your profile. In addition, the social network may allow us to contact you. This may be, for example, via direct messages or via posted articles. The content communication via the social network and the processing of the content data is thereby subject to the responsibility of the social network as a messenger and platform service.
For the legal basis of the data processing carried out by LinkedIn under their own responsibility, please refer to the data protection information of the social network. The following links will also provide you with further information on the respective data processing and the options to object.
We would like to point out that data protection requests can be asserted most efficiently with LinkedIn, as only the provider has access to the data and can take appropriate measures directly. You can also contact us with your request. In this case, we will process your request and forward it to the provider of the social network.
Information on the social network LinkedIn:
LINKEDIN IRELAND UNLIMITED COMPANY WILTON PLACE, DUBLIN 2, IRELAND
OPERATION OF THE LINKEDIN COMPANY PAGE UNDER JOINT RESPONSIBILITY ON THE BASIS OF AN AGREEMENT ON THE JOINT PROCESSING OF PERSONAL DATA (SO-CALLED PAGE INSIGHTS JOINT CONTROLLER ADDENDUM)
INFORMATION ON PROCESSED SITE INSIGHTS DATA AND THE CONTACT OPTION IN THE EVENT OF DATA PROTECTION ENQUIRIES: HTTPS://LEGAL.LINKEDIN.COM/PAGES-JOINT-CONTROLLER-ADDENDUM
LAST UPDATED: August 2023