Privacy Policy

Privacy Policy

In the following privacy policy, we explain how your data is handled on lutzabel.com ("LUTZ | ABEL website").

1. General information on the collection of personal data

2. Contact details of the controller and data protection officer

3. Explanations of the legal basis and the storage period

3.1 Legal basis for the processing of personal data

3.2 Storage period and deletion of data

4. Your rights

4.1 Right of access to the processing

4.2 Right to rectification

4.3 Right to restrict processing

4.4 Right to erasure

4.5 Right to be notified

4.6 Right to data portability

4.7 Right to object

4.8 Right to withdraw the declaration of consent under data protection law

4.9 Right to lodge a complaint with a supervisory authority

5. Visiting the LUTZ | ABEL website and creating log files

6. Use of cookies

7. Contacting LUTZ | ABEL

7.1 via e-mail and telephone

7.2 via contact form

8. Postal and e-mail advertising

9. Company profiles on social media platforms

9.1 Data processing by social media platforms in general

9.1.1 Legal basis

9.1.2  Responsible person

9.1.3 Storage period

9.1.4 Type of data

9.2 Company profiles on social media platforms (in detail)

9.2.1 Facebook

9.2.2 Instagram business account

9.2.3 Twitter

9.2.4  LinkedIn

9.2.5  XING

10. Application development and website maintenance

11. Security standards

 

1. General information on the collection of personal data

The LUTZ | ABEL website is operated by LUTZ | ABEL Rechtsanwalts PartG mbB ("LUTZ | ABEL"). This privacy policy describes how LUTZ | ABEL ("we", "us" and "our") uses and protects the personal data collected via the LUTZ | ABEL website.

Personal data is all data that can be related to you personally, such as your title, name, address, e-mail address, IP address, etc. Your personal data will only be collected and processed by us in accordance with the provisions of the General Data Protection Regulation ("GDPR").

This data privacy policy relates exclusively to our LUTZ | ABEL website. In the event that you are forwarded to websites or apps of third parties via links from our LUTZ | ABEL website, please inform yourself there about the respective handling of your data.

go to top

2. Contact details of the controller and data protection officer

If you have any questions, suggestions or criticism regarding data protection on our LUTZ | ABEL website, please contact us:

LUTZ | ABEL Rechtsanwalts PartG mbB
Brienner Straße 29
80333 München
e-mail:
kanzlei@lutzabel.com

Every person concerned can also contact our data protection officer directly at any time with all questions and suggestions regarding data protection. You can reach him or her at the above address and at datenschutz@lutzabel.com.

go to top

3. Explanations of the legal basis and the storage period

3.1 Legal basis for the processing of personal data

Insofar as we obtain your consent for the processing of personal data, Art. 6 para. 1 sentence 1 lit. a GDPR is the legal basis for the processing of personal data. Any consent may be revoked by you with effect for the future.

For the processing of personal data which is necessary for the performance of a contract with you or your company, Art. 6 para. 1 sentence 1 lit. b GDPR is the appropriate legal basis. This also applies to processing operations that become relevant prior to the conclusion of a contract.

Insofar as processing of your personal data is necessary to fulfil one of our legal obligations, Art. 6 para. 1 sentence 1 lit. c GDPR serves as the legal basis.

If the processing is necessary to safeguard a legitimate interest of our company or a third party and if your interests, fundamental rights and freedoms do not outweigh our legitimate interest, Art. 6 para. 1 sentence 1 lit. f GDPR serves as the legal basis for the processing.

3.2 Storage period and deletion of data

The personal data collected, processed and stored by us are only stored by us for as long as the concrete purpose of the storage requires. If the purpose of storage ceases to apply, your data will be deleted or their processing will be restricted.

In addition, however, it is possible that European regulations, applicable national laws or other regulations may require longer storage of the data processed by us. If these storage periods expire, we will delete your data or restrict the processing of them.

go to top

4. Your rights

As far as we process personal data from you, you are "data subject" in the sense of the GDPR. As a data subject, you are entitled to the following rights in relation to LUTZ | ABEL:

4.1 Right of access to the processing

Within the framework of the statutory provisions, you can request information from us at any time as to whether personal data is being processed by us. If this is the case, you have the right to request information about the scope of data processing (Art. 15 GDPR).

4.2 Right to rectification

You have the right to ask LUTZ | ABEL to correct and/or complete your data if the personal data processed concerning you is incorrect or incomplete (Art. 16 GDPR).

4.3 Right to restrict processing

If the conditions for this are met, you can request that the processing of your personal data be restricted (Art. 18 GDPR).

4.4 Right to erasure

You may request LUTZ | ABEL to erase personal data concerning you immediately, provided that the conditions for doing so are met. The right to erasure does not apply insofar as processing is necessary (Art. 17 GDPR).

4.5 Right to be notified

If you have asserted the right to rectify, erase or restrict processing towards LUTZ | ABEL, LUTZ | ABEL is obliged to notify all recipients to whom the personal data concerning you have been disclosed of such rectification, erasure or restriction of processing, unless this proves impossible or involves a disproportionate effort. The controller will notify these recipients if you so request (Art. 19 GDPR).

4.6 Right to data portability

You have the right to receive the personal data concerning you that you have provided to LUTZ | ABEL in a structured, common, machine-readable format. You also have the right to have the personal data transmitted directly to another company without hindrance from LUTZ | ABEL to which the personal data has been provided, provided that the conditions for this are met (Art. 20 GDPR).

4.7 Right to object

You have the right to object at any time, for reasons arising from your particular situation, to the processing of personal data concerning you, which is carried out on the basis of Art. 6 para. 1 sentence 1 lit. f GDPR (Art. 21 para. 1 GDPR). As a result of the objection, LUTZ | ABEL will no longer process personal data relating to you, unless LUTZ | ABEL can demonstrate compelling reasons for processing that are worthy of protection and that outweigh your interests, rights and freedoms, or unless the processing serves to assert, exercise or defend legal claims.

If the personal data concerning you are processed for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing, including profiling, if it is related to direct marketing (Art. 21 para. 2 GDPR).

You can inform us of your objection at the contact details given in section 2.

4.8 Right to withdraw the declaration of consent under data protection law

If you have submitted a declaration of consent under data protection law, you can withdraw it at any time (Art. 7 GDPR). Withdrawal of consent does not affect the lawfulness of the processing that has taken place on the basis of the consent up to the point of withdrawal.

4.9 Right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, place of work or place of the alleged infringement, if you consider that the processing of personal data concerning you is in breach of the GDPR (Article 77 GDPR).

go to top

5. Visiting the LUTZ | ABEL website and creating log files

Each time you visit our LUTZ | ABEL website, our system automatically collects data and information from your computer system. In particular, the following of your data is collected:

  • the page from which the file was requested
  • the name of the file
  • the date and time of the request
  • your stay
  • the amount of data transferred
  • the access status (i.e. whether the file was transferred or possibly not found etc.)
  • the anonymous IP address of the requesting computer
  • a description of the type and version of the web browser used
  • the installed operating system and the set resolution

The aforementioned data collected by us about you is stored in the log files of our system. A storage of these data together with other personal data does not take place.

The legal basis for the temporary storage of data and log files is Art. 6 para. 1 sentence 1 lit. f GDPR. We have a legitimate interest in collecting and temporarily storing the aforementioned data, as the temporary storage of the IP address by the system is necessary to enable the website to be delivered to your computer.

The storage in log files is done to ensure the functionality of the website. In addition, this data serves to optimise our website and to ensure the security of our information technology systems. An evaluation of your log files for marketing purposes does not take place.

The data is deleted or distorted so that it can no longer be assigned to you as soon as it is no longer required for the purpose stated here. If the data is stored in log files, the data is usually deleted after 30 days.

go to top

6. Use of cookies

We have designed our website so that no cookies are used. A tracking or analysis is also not carried out.

go to top

7. Contacting LUTZ | ABEL

7.1 Via e-mail and telephone

Our LUTZ | ABEL website contains an e-mail address and a telephone number which you can use to contact us. If you send us an e-mail, we will save your e-mail address and any other data you provide. Even if you call us, it is possible that we will store the data we need to answer your inquiry. The legal basis for the processing is Art. 6 para. 1 sentence 1 lit. b and f GDPR, as the contact may involve the initiation of a contract. However, LUTZ | ABEL also has a legitimate interest in processing your data in order to be able to reply to you.

In the event that we wish to use your data, in particular your telephone number or e-mail address for marketing purposes, we will ask you in advance for your consent. In this case, Art. 6 para. 1 sentence 1 lit. a GDPR is the legal basis. You can revoke your consent at any time with effect for the future. In the case of direct marketing, we also base the processing of the data on our legitimate interest according to Art. 6 para. 1 sentence 1 lit. f GDPR.

The data will be deleted as soon as they are no longer required for the purpose of their collection and no legal or contractual archiving obligations stand in the way of deletion. The conversation ends when the circumstances indicate that the matter in question has been conclusively clarified.

7.2 Via contact form

Our website contains contact forms which you can use to contact LUTZ | ABEL electronically. If you use this option, the data entered in the input mask will be transmitted to us and stored. In particular, this involves the following data:

  • your title, your name, your company;
  • your address or the address of your company;
  • your country of origin or the country of origin of your company;
  • your e-mail address;
  • your inquiry and any personal data you may have entered there.

The legal basis for the processing of the data is Art. 6 para. 1 sentence 1 lit. a, b or f GDPR. The processing of personal data from the input mask of our contact forms serves us - in addition to the above-mentioned purposes - solely to process your request, which is in our interest. This may, for example, be the initiation of a contract. The data will be deleted as soon as they are no longer required for the purpose for which they were collected and no legal archiving obligations stand in the way of deletion. The conversation ends when the circumstances indicate that the matter in question has been finally clarified. If, however, a contract is concluded, the data required under commercial and tax law is stored by us for the legally specified periods, i.e. regularly for ten years (cf. § 257 German Commercial Code [HGB], § 147 German Regulation of Taxation [AO]).

At the time of sending your message, the date and time of your contact will also be saved.

These other personal data processed during the sending process serve to prevent misuse of the contact form and to ensure the security of our information technology systems. The legal basis for the processing of the data is Art. 6 para. 1 sentence 1 lit. b or f GDPR. Any additional personal data collected during the sending process will be deleted as soon as the request is completed. The data will be used exclusively for the processing of the conversation.

go to top

8. Postal and e-mail advertising

You may receive current information on legal developments by post, invitations to lectures / workshops on legal topics or other events organized by LUTZ | ABEL, as well as greeting cards. For this purpose, we usually process your name, the name of your company and the corresponding address.

The data processing is carried out either on the basis of your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR or on the basis of our legitimate interest in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR. Our legitimate interest follows from the fact that information by post about new legal developments and services provided by LUTZ | ABEL draws attention to our services and is also in your interest.

Only with your explicit consent will we also inform you by electronic message (regularly by e-mail) about the above-mentioned topics. For this purpose we usually process your name, the name of your company and your e-mail address.

For the registration to our newsletter we use the so-called double-opt-in procedure. This means that after your registration, we will send you an e-mail to the e-mail address you provided, in which we ask you to confirm that you wish to receive the newsletter. If you do not confirm your registration, your information will be deleted after one month. After your confirmation, we will save your e-mail address as well as other information for the purpose of sending the newsletter.

Our e-mail newsletters are sent with a so-called tracking pixel, which informs us about the time of opening the e-mail and tells us about clicks on linked content. The information is immediately made anonymous so that it cannot be assigned to your e-mail address or your person in any other way. The feedback we receive is incorporated into a statistical evaluation of the reading rates for our newsletters. In this way, we learn both what percentage of our newsletters are read, how at what times our newsletters are read preferentially and what content was interesting for our recipients. The purpose of tracking the opening behaviour is to optimise our newsletter dispatch so that we can provide our subscribers with the best possible content at the best possible time and in the best possible way.

If a recipient has given his or her consent to tracking, we will be informed of the personal e-mail opening, clicking and downloading behaviour. This feedback enables us to send individual newsletters tailored to the needs of the recipient.

The dispatch of the newsletters and the evaluation of the opening behaviour is carried out by a service provider who has been obliged by us to observe data protection in accordance with Art. 28 GDPR via a contract that is binding on the processor with regard on the conditions of the processing. The legal basis for anonymous data processing using tracking pixels is a legitimate interest according to Art. 6 para. 1 sentence 1 lit. f GDPR. This legitimate interest exists because the immediately anonymised recording of opening behaviour hardly restricts your rights and freedoms and at the same time enables LUTZ | ABEL to provide you with the newsletter you have subscribed to in the best possible way. In the case of tracking consent, Art. 6 para. 1 sentence 1 lit. a GDPR is the basis for permission.

You can object to postal advertising at any time. If you have given your consent for e-mail advertising or postal advertising, you can also revoke this consent at any time with effect for the future. You can also object to the use of the tracking pixel for e-mail newsletters; in this case, we must remove your e-mail from the newsletter distribution list for technical reasons. You can also withdraw your tracking consent for the transmission and evaluation of your personal email opening, clicking and downloading behavior at any time. You can inform us about your revocation/objection by using the contact data mentioned in section 2.

go to top

9. Company profiles on social media platforms

9.1 Data processing by social media platforms in general

We operate publicly accessible company profiles on social media platforms to inform about news, events and services of LUTZ | ABEL and to provide insights into the firm. In addition, the social media platforms allow us to contact you as a user/visitor. Below you will find the platforms on which we operate a company profile.

Social media platforms such as Facebook, Twitter, etc. can usually analyze your user behavior comprehensively when you visit their website or a website with integrated social media content (e.g. like buttons or advertising banners). Visiting our social media platforms results in numerous data protection-relevant processing operations.  The respective social media platforms can send us anonymized statistics and insights about interactions of our contributions, among other things. From the information we can see whether our website has been reached by users/visitors from the respective platform via our company profile as well as age/gender groups (the latter only for logged-in users). We have no influence on the data transmitted to us and cannot turn off this procedure on the part of the social media platforms. We use the data transmitted to us in order to optimise our articles and the company profile and to be able to design the interests of our website visitors accordingly.

The social media platforms store cookies on your end device or record your IP address. This serves to evaluate the data of the visit from the social media platform and our company profile for statistical and market research purposes and can help to optimise future advertising measures on the part of the social media platforms. It is possible that the social media platforms themselves may use the collected data on the user behaviour of the users/visitors to display personalised advertising, which can be displayed on all devices on which you are/were logged in.

If you are logged in to a social media platform when you visit our Company Profile, the data from your visit to our Company Profile may be associated with your account and linked to the data in that account. Please note that it is possible that social media platforms may collect your data even if you do not have an account.

Depending on the platform, further processing operations may be carried out. For further details, please refer to the terms of use and privacy policy of the respective social media platforms.

9.1.1 Legal basis

LUTZ | ABEL has a legitimate interest in the operation and processing of your company profile data in order to be able to design and implement modern information and communication options accordingly. The legal basis in this case is Art. 6 para. 1 sentence 1 lit. f GDPR.

If you contact us via the message function or via the e-mail address stored in our company profile, we will store your user profile ID or e-mail address as well as other data you have provided. The legal basis for the processing is Art. 6 para. 1 sentence 1 lit. b GDPR, insofar as the contact is for the initiation of a contract or contract-related issues. We also have a legitimate interest in processing your data in order to be able to respond to your request.

The analysis methods used by the social media platforms are based, where applicable, on different legal bases which must be specified by the operators of the social media platforms (e.g. consent within the meaning of Art. 6 para. 1 sentence 1 lit. a GDPR, consent can be withdrawn).

You have the right to object at any time, for reasons arising from your particular situation, to the processing of personal data concerning you, which is carried out on the basis of Art. 6 para. 1 sentence 1 lit. f GDPR (cf. Art. 21 para. 1 GDPR). As a result of the objection, LUTZ | ABEL will no longer process the personal data concerning you, unless LUTZ | ABEL can demonstrate compelling reasons for processing that are worthy of protection and outweigh your interests, rights and freedoms, or unless the processing serves to assert, exercise or defend legal claims. If the personal data concerning you are processed for the purpose of direct marketing, you have the right to object, at any time, to the processing of personal data concerning you for the purpose of such marketing (cf. Art. 21 para. 2 GDPR). You can inform us of your objection at the contact details given in section 2.

9.1.2 Responsible person

According to a decision of the European Court of Justice, fan page operators (including us) together with the social media platform are jointly responsible in the sense of the GDPR.

Due to the collection and storage of data (and user data) by the social media platforms, you can also assert your rights against the respective platform. You will find your rights towards us under section 4.

9.1.3 Storage period

The data is deleted as soon as it is no longer required for the purpose of its collection and no legal or contractual archiving obligations stand in the way of deletion. The conversation ends when the circumstances indicate that the matter in question has been conclusively clarified.

By clicking the respective buttons "no longer subscribe" and removing the "follow button" (or "I no longer like this page") you can terminate the connection to our company profile and the associated processing of your data.

About the storage period and which data is stored by the individual social media platforms, we describe below.

9.1.4 Type of data

We may process inventory data of your social media account with the social media platform (e.g. first and last name, address, e-mail address, telephone number, gender, age, date of birth), usage data (e.g. websites visited, interest in content) and content data (e.g. photos, videos, text entries).

9.2 Company profiles on social media platforms (in detail)

9.2.1 Facebook

We run a company profile on Facebook. The person (jointly) responsible for this service under data protection law is Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. For persons living within the USA or Canada, it is Facebook, Inc, 1 Hacker Way, Menlo Park, CA 94025, USA ("Facebook").

Facebook may share your information internally, within the Facebook group of companies (transfer to Facebook in the United States) or with third parties. For example, information collected in the EEA may be transferred to countries outside the EEA for the purposes described in this Privacy Policy. According to Facebook's own information, Facebook uses standard contractual clauses approved by the European Commission, takes other measures under EU law and obtains your consent to legitimize data transfers from the EEA to the US and other countries.

Facebook Inc., based in the USA, is certified under the "EU/US Privacy Shield", which was agreed between the USA and the EU and which guarantees compliance with the level of data protection applicable in the EU.

Facebook, as the fan page operator, provides us with anonymous statistics and insights, so-called "Insights Data". Exactly which Insights data is transmitted to us by Facebook can be viewed here in the agreement concluded with Facebook (Controller Addendum).

The type, scope, purposes of the collection and processing of data by Facebook, as well as the rights and setting options for the protection of the user's privacy, can be found in the Facebook privacy policy.

9.2.2 Instagram business account

We run a company profile at Instagram. The person (jointly) responsible for data protection is Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland ("Instagram"). Accordingly, the statements in section 9.2.1 also apply here.

Exactly which data is transmitted to us by Instagram can be viewed here and here.

The nature, scope, purposes of data collection and processing by Instagram and the rights and settings to protect the privacy of the user can be found here and in Instagram's privacy policy.

9.2.3 Twitter

We use the short message service Twitter. The person (jointly) responsible for data protection is Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07 Ireland. For persons living within the USA or Canada it is Twitter Inc, 1355 Market Street, Suite 900, San Francisco, CA 94103, USA ("Twitter"). According to Twitter, the data collected will also be transferred to the USA, Ireland and other third countries. Twitter also uses proprietary analysis tools from other companies, including Google Analytics.

According to Twitter, Twitter uses standard contractual clauses approved by the European Commission and other measures under EU law to legitimise data transfers from the EEA to the US and other countries. Twitter is also certified under the EU-US Privacy Shield agreed between the US and the EU.

Details can be found in the privacy policy of Twitter.

9.2.4 LinkedIn

We run a company profile on LinkedIn. (Jointly) responsible for data protection is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland. For persons living within the USA or Canada it is LinkedIn Corporation, 1000 West Maude Avenue, Sunnyvale, CA 94085 USA ("LinkedIn"). According to LinkedIn, the information collected is also transferred to the United States and other third countries. LinkedIn uses advertising cookies. LinkedIn also uses analysis tools from other companies, including Google Analytics.

According to LinkedIn, LinkedIn uses standard contractual clauses approved by the European Commission and other measures under EU law to legitimise data transfers from the EEA to the US and other countries. LinkedIn is also certified under the EU-US Privacy Shield agreed between the US and the EU.

Details can be found in the LinkedIn privacy policy.

9.2.5 XING

We operate a company profile on XING. The person (jointly) responsible for data protection is New Work SE, Dammtorstraße 30, 20354 Hamburg, Germany ("XING"). According to XING, the data collected is also transferred to third countries. XING uses advertising cookies. XING also uses analysis tools from other companies, including Google Analytics.

According to XING's own statements, XING uses standard contractual clauses approved by the European Commission and takes other measures under EU law to legitimize data transfers from the EEA to other countries.

Details can be found in the XING privacy policy.

go to top

10. Application development and website maintenance

For application development and website maintenance we work together with external service providers.

Our service providers may only access the data within the scope of our instructions (order processing). Our service providers also take strict technical measures to protect your personal data. Our service providers do not disclose your personal data to third parties unless the disclosure is necessary to provide the agreed service or our service providers must do so to comply with the law or a valid and mandatory order from a government or regulatory authority. The data transmitted for this purpose will be limited to the minimum necessary.

Our service providers are subject to our instructions and are subject to strict contractual restrictions with regard to the processing of personal data. According to these, processing is only permitted to the extent necessary to perform the services on our behalf or to comply with legal requirements. It is precisely defined by us in advance which rights and obligations our service providers should have with regard to personal data.

The legal basis for the processing of your data is Art. 6 para. 1 sentence 1 lit. f GDPR. The purpose of data processing is that our service providers maintain our database for us and develop the website. Our service provider stores your data for as long as it is necessary to achieve the purpose.

go to top

11. Security standards

LUTZ | ABEL has implemented reasonable physical, technical and administrative security standards to protect Personal Information from loss, misuse, alteration or destruction. Our service providers and affiliated companies are contractually obligated to maintain the confidentiality of personal information. In addition, they may not use the data for purposes not authorized by us.

go to top

last modified on 19.02.2020