Privacy notice

As the data controller we have prepared this privacy notice to inform you in accordance with the requirements of the Regulation (EU) 2016/679 (General Data Protection Regulation- GDPR) about the nature, scope and purpose of the processing of personal data in relation to the services we offer on our web site.

 

I.    Definitions

„Personal data“ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

„Processing“ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

„Controller“ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;

„Recipient“ means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing; 

II.    General information

1.    The data controller
Hartmann Gallus und Partner
Hummelbergstraße 7
70195 Stuttgart
Germany
Telephone: +49 (0) 7 11 / 69 78 50
Fax: +49 (0) 7 11 / 69 15 65
E-Mail: info@kanzlei-hgp.de


2.    Contact details of the data protection officer
OBSECOM GmbH
Königstr. 40
70173 Stuttgart
Germany
Telephone: 0711 / 4605025-40
Fax: 0711 / 4605025-49
E-Mail: privacy@obsecom.de
Webseite: www.obsecom.de

3.    Legal bases
We process personal data based on at least one of the following legal bases:

  • The data subject has given consent to the processing of his or her personal data for one or more specific purposes (Art.  6 para. 1 lit. a GDPR);
  • Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract (Art.  6 para. 1 lit. b GDPR);
  • Processing is necessary for compliance with a legal obligation to which we are subject (Art.  6 para. 1 lit. c GDPR);
  • Processing is necessary for the purposes of the legitimate interests pursued by us or by a third party (Art.  6 Abs. 1 lit. f GDPR) 


In this privacy policy we refer to the respective legal basis of the individual data processing operations.

4.    Onward transfer of personal data
We forward personal data to recipients (data processors or other third parties) only to the extent required and only if one of the subsequent conditions are met:

  • the data subject has consented to the data transfer;
  • the onward transfer is required to fulfil a contractual obligation or pre-contractual measure on the request of the data subject;
  • we are obliged by law to make such a transfer;
  • The onward transfer is made on the basis of our legitimate interest or on those of a third party.


5.    Third countries
The transfer of personal data to a third country or an international organisation outside the European Union (EU) or the European Economic Area (EEA) is subject to legal or contractual permission only in accordance with the provisions under Art. 44 et seq. GDPR. It means that pursuant to Art. 45 GDPR an adequacy decision of the EU commission must be present for the respective country, appropriate safeguards for data privacy under Art. 46 GDPR, or Binding Corporate Rules under Art. 47 GDPR do exist. 

6.    Rights of data subjects
As a data subject you have the following right:

  • Pursuant to Art. 15 GDPR to request information about your personal data processed by us. You may also request information regarding the purposes of the processing; the categories of personal data concerned; the recipients or categories of recipients to whom the personal data have been or will be disclosed; the envisaged period for which the personal data will be stored, or the criteria used to determine that period; where the personal data are not collected from you, the data source; the existence of automated decision-making, including profiling, and meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing; the existence of the right to request rectification or erasure of data concerning you, the right to restrict processing or to object to such processing, the right to lodge a complaint with a supervisory authority. Finally, you have a right to know whether personal data has been transferred to a third country or to an international organisation, and, if so, the appropriate safeguards relating to this transfer;
  • Pursuant to Art. 16 GDPR to demand the immediate rectification of inaccurate personal data and to have incomplete personal data that are stored with us to be completed;
  • Pursuant to Art. 17 GDPR to demand the erasure of your personal data stored with us , unless the processing is necessary for exercising the right of freedom of expression and information , for compliance with a legal obligation, for reasons of public interest, or for the establishment, exercise or defence of a legal claim;
  • Pursuant to Art. 18 GDPR to request the restriction of the processing of your personal data if the accuracy of the personal data is contested by you; the processing is unlawful but you oppose the erasure of the personal data and request the restriction of their use instead; we no longer need the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defence of legal claims; you have objected to processing pursuant to Art. 21(1) GDPR pending the verification whether our legitimate grounds override your interests;
  • Pursuant to Art. 20 GDPR to receive your personal data, which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller;
  • Pursuant to Art. 21 GDPR to object to the processing of your personal data on grounds relating to your particular situation, or if you object to processing for direct marketing purposes and the legal basis for the processing are our legitimate interests pursuant to Art. 6 para. 1 lit. f GDPR;
  • Pursuant to Art. 7 para. 3 GDPR to withdraw your consent given to us at any time. As a result we are no longer allowed to continue the data processing that was based on this consent in the future;
  • Pursuant to Art. 77 GDPR to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement. A list of contact details of the data protection officers and supervisory authorities can be found on this website: www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html


If you wish to assert the data subject rights mentioned above, you can contact us or our data protection officer at any time using the contact details above.

7.    Erasure and restriction of personal data
Unless otherwise provided for in this privacy notice, personal data will be deleted, if these data are no longer necessary in relation to the purposes for which they were collected or otherwise processed and the deletion does not conflict with statutory retention requirements. In addition, we will erase the personal data processed by us in accordance with Art. 17 GDPR on your request, if the conditions provided therein are met. If personal data are required for other lawful purposes, they will not be erased, but their processing will be restricted in accordance with Art. 18 GDPR.
In case of restriction, the data will not be processed for other purposes. This applies, for example, to personal data that must be retained by us for commercial or tax law reasons. For example, data must be kept for 6 years pursuant to Section 257 (1) Nos. 2 and 3 German Commercial Code (HGB) and Section 147 (1) Nos. 2, 3, 5 GERMAN Tax Code (AO); data must be kept for 10 years pursuant to Section 257 (1) Nos. 1 and 4 HGB and Section 147 Abs. 1 No. 1, 4, 4a AO. 


8.    Cookies
Our website uses cookies. Cookies are small text files that your browser automatically creates and stores on your device (laptop, tablet, smartphone, PC, etc.) when you visit our website. Cookies do no harm to your device, nor do they contain any viruses or other malicious software. The cookie stores information which is created in relation to the specific device you are using. However, this does not mean that we become immediately aware of your identity. Cookies are mainly used to make the website more user-friendly, effective and secure. 

We use session cookies to recognize that you have already visited individual pages of our website. These cookies also support certain features and functionalities on our website. Session cookies are deleted after you have left our website.

The data processed by cookies are required for the purposes mentioned above in order to protect our legitimate interests which result thereof, as well as those of third parties according to Art. 6 para. 1 lit. f GDPR.

Most browsers accept cookies automatically. However, if you do not wish to accept cookies, you can configure your browser so that no cookies are stored on your device or a message is displayed before new cookies are created. A general objection to the use of cookies used for online marketing purposes can be made for a variety of services, such as explained at www.youronlinechoices.com/ or the opt-out page of the Network Advertising Initiative www.optout.networkadvertising.org. However, disabling cookies may mean that you may not be able to use all the features of our website.


III.    Individual processing operations

1.    Hosting
In order to make available our website, we use services provided by hosting companies, such as: Provision of web servers, disk space, database services, and security or maintenance services. Here we, or our hosting providers, process personal data of the website visitors on the basis of our legitimate interests in providing efficient and secure access to our website in accordance with Art. 6 para. 1 lit. f GDPR.

2.    Access data and log files
By visiting our website or its individual pages, your device’s internet browsers automatically sends information to the server of our website. This information  is stored in so-called log files by us or our hosting provider and will be deleted after 6 months at the latest. 

The following information is stored:

  • IP address of the requesting computer;
  • Date and time of access;
  • Name and URL oft he requested file;
  • Website from which our site was accessed (Referrer-URL);
  • The browser used and your computer’s operating system;
  • Status codes and the transferred amount of data.
     

This data will be used for the following purposes:

  • The provision of our website, including all of its features and contents;
  • To ensure a smooth connection to our website;
  • To ensure the comfortable use of our website;
  • To ensure system security and stability;
  • For anonymised statistical evaluation of website access;
  • To optimise our website;
  • For disclosure to law enforcement authorities in the event of unlawful interference / attacks on our systems;
  • For further administrative purposes.

 
The legal basis for data processing is Art. 6 para. 1 lit. f GDPR. Our legitimate interest follows from the data collection purposes mentioned above. Under no circumstance will we use the personal data collected for the purpose of drawing conclusions about a person.


3.    Contact form / other modes of contact
If you use the contact form, you will be asked to provide your name and your e-mail address and any other contact details, so that we can get in touch with you. Further information can be provided voluntarily. The data processing for the purpose of contacting us and answering your request takes place in accordance with Art. 6 para. 1 lit. a GDPR on the basis of your voluntary consent. All personal data collected in connection with the contact form will be deleted after your request has been processed, unless further storage is required for the documentation of other transactions (for example, subsequent conclusion of a contract).

If you contact us using the contact information published on our website (for example, by e-mail) and herewith provide us with personal data, we will use this information solely for the purpose of processing your request and then delete it afterwards.

4.    Job applications
If you would like to apply for a job we kindly ask you to provide your name, contact information and further application documents so that we can review your application and get in personal contact with you. The data processing for the purpose of processing your application is carried out in accordance with Art. 6 para. 1 lit. a GDPR based on your voluntary consent. Taking into account the limitation periods of the General Equal Treatment Act (AGG), application documents will be kept for a period of 6 months after completion of the application process and then deleted, unless storage is required for the documentation of other operations (for example, subsequent recruitment).


IV.    Google Services
Provider of the services below is Google Ireland Limited (Register No: 368047), Gordon House, Barrow Street, Dublin 4, Ireland (hereafter „Google“).

The legal basis for the use of the following Google services are our legitimate interests pursuant to Art. 6 para. 1 lit. f GDPR.

Google has joined the EU/US Privacy Shield Agreement and is committed to uphold EU data privacy standards. Google therefore meets the EU requirements for legitimising the transfer of personal data to the United States. For information about Google’s commitment, please visit: 

www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active.

For more information about how Google deals with your personal data, please refer to Google's Privacy Policy: https://www.google.com/intl/de/policies/privacy/

For information on the use of data for advertising purposes by Google, setting and your right to object please refer to: www.google.de/policies/privacy/partners/
www.google.de/policies/technologies/ads/  
www.adssettings.google.com/


1.    Google Maps
This website uses Google Maps to display site maps, maps, terrain data, or geographic maps. This service collects your IP address, which of our websites you have visited and, if necessary, other data required by Google for the provision of the maps (such as location data). The generated information is stored on a server in the USA. This information may also be transferred to third parties if required by law or if third parties process this data on behalf of us or Google. The Google Maps terms of service can be found at: www.google.com/intl/en_uk/help/terms_maps.html.