We take your data seriously!

The Business Law Firm HML Holtz Lawyers and Tax Consultants Based in Munich-Bogenhausen attach the utmost importance to the Protection of Your Data. We therefore process your personal data only in accordance with the content of this privacy statement as well as the provisions of the EU General Data Protection Regulation (GDPR) and the Federal Data Protection Act.

This Privacy Statement clarifies the nature, scope and purpose of processing personal data (“data”) within our online offering and related websites, functions and content, as well as external online presence; such as our social media profile (collectively referred to below as an “online offering”). With regard to the concepts used, such as “processing” or “responsible,” we refer to the definitions in Article 4 of the General Data Protection Regulation (GDPR).

Responsible

Alexander Holtz
Möhlstraße 19
D-81675 München

Tel.: +49 89 94 384 94-0
Fax: +49 89 94 384 94-1

contact@hml-law.com
Internet: hml-law.com

Impressum: hml-law.com/impressum

Collection, storage and deletion of personal data as well as the nature and purpose of use

If you mandate us, trade for a company or other organization that mandates us, or that we contact you on the basis of a relationship of a mandate, we collect the following data:

Address, Acceptance, Surname
A valid email address
Address including Telephone number (Landline and/or Mobile)
If necessary, positions in the corporate company, in the Organization, Subscription Eligibility, power of Attorney
If applicable, information necessary to assert and defend your rights under the mandate.

The Collection of this data is carried out

In order to be able to identify you as our client or for this acting of course person or as our contact person on the other side;
In order to be able to provide appropriate legal advice and representation to you as a client;
Correspondence with you;
Invoicing;
For the settlement of possible liability claims and the assertion of any claims against you;

Data processing is carried out at your request and is in accordance with Article 6 (6). 1 pp. 1 lit. b GDPR is required for these purposes for the appropriate processing of the mandate and for the mutual fulfilment of obligations under the mandate contract.

We will also process your data if and to the extent necessary to comply with our legal obligations, such as obligations under the Serious Crime Wins (Money Laundering Act). The legal basis for this Processing of personal data is Article 6 (6). 1 pp. 1 lit. c GDPR.

If, in the course of the mandate relationship, a defense on our part against liability claims iIs required or if we have to avail ourselves of one of our clients because of, for example, outstanding Invoices, the necessary processing will take place. Personal data on the basis of our legitimate Interest in being able to adequately defend our legal position, Article 6 (6). 1 pp. 1 lit. f GDPR.

The personal data collected for the mandate of us will be stored until the statutory retention obligation for lawyers expires (6 years after the End of the calendar year in which the mandate was terminated) and subsequently deleted, unless we Article 6 () of the Article 1 pp. 1 lit. c GDPR are obliged to store for longer or to be processed due to litigation or that you are involved in a case beyond that, Article 6 (6) of storage. 1 pp. 1 lit. (GDPR).

Visit to our Website

When visiting our Website www.hml-law.com, the Browser installed on your device automatically sends information to the server on our website. This information is temporarily stored in a so-called Log file.

IP address of the requesting Computer,
Date and Time of Access,
Name and URL of the file retrieved,
Website from which access takes place (referrer URL),
Browser used and, if necessary, the operating system of your Computer, as well as the name of your access provider.

Purpose of processing

The above data is processed by us for the following purposes:

Providing the online offer, its features and content and ensuring a smooth Connection of the Site
Answering contact requests and communicating with users
Security Measures, such as to elucidate any abusive page access (DoS/DDoS attacks, etc.)
Range Measurement/Marketing

The legal basis for data processing is article 6 (6). 1 pp. 1 lit. f GDPR. Our legitimate interest follows from the purposes listed above for data collection. As a rule, we do not use the collected data for the purpose of drawing conclusions about your person. We reserve the right to do so in the event that this becomes necessary to clear up abusive page access.

Terms Used

“Personal Data” is any Information relating to an identified or identifiable natural Person (‘ the person concerned ‘); Identifiable is a natural person who is directly or indirectly identifiable, in particular by assigning it to an identifier such as a name, to a identification number, to location data, to an online identifier (E.g. cookie) or to one or more special features it can be identified that are an expression of the physical, physiological, genetic, psychological, economic, cultural or social Identity of this natural person.

“Processing” is any process performed with or without the help of automated procedures or any such sequence of operations in connection with personal data. The Term goes far and encompasses virtually every handling of data.

“Pseudonymization” means the processing of personal data in such a way that the personal data can no longer be assigned to a specific person concerned without the use of additional information, provided that this additional data information is kept separately and is subject to technical and organisational measures to ensure that the personal data is not assigned to an identified or identifiable natural person.

“Profiling” of any type of automated processing of personal data, which consists in this personal data being used to evaluate certain personal aspects relating to a natural person, in particular aspects to analyze or predict this natural person’s work performance, economic situation, health, personal preferences, interests, reliability, behavior, whereabouts or change of location.

The “Person responsible” is the natural or legal person, authority,institution or other body that decides alone or together with others on the purposes and means of processing personal data.

“Order Processor” means a natural or legal person, authority, institution or other body that processes personal data on behalf of the person responsible.

Terms Used

The “Person responsible” is the natural or legal person, authority,institution or other body that decides alone or together with others on the purposes and means of processing personal data.

“Order Processor” means a natural or legal person, authority, institution or other body that processes personal data on behalf of the person responsible.

Security

We meet in accordance with article 32 OF the GDPR, taking into account the state of the art, the cost of implementation and the nature, scope, circumstances and purposes of processing, as well as the different probability of occurrence and severity of the risk to the risk to the rights and freedoms of individuals, appropriate technical and organisational measures to ensure a level of protection appropriate to the risk.

Measures include, in particular, ensuring the confidentiality, integrity and availability of data by controlling physical access to the data, as well as access to it, entering, sharing, ensuring availability and its separation. We have also established procedures to ensure a perception of affected rights, deletion of data and response to data exposure. In addition, we take the protection of personal data into account in the development, or selection of hardware, software and procedures, in accordance with the principle of data protection through technology design and data protection-friendly presets (Article 25 GDPR).

Working with Contract Processors and Third parties

If, as part of our processing, we disclose data to other persons and companies (Processors or third parties), transmit it to them or otherwise Grant them access to the data, this will only be done on the basis of legal permission ( for example, if the data be transmitted to third parties, such as payment service providers, in accordance with Article 6 (1) lit. (F) GDPR is required to fulfil the contract), you have agreed to provide for a legal obligation or on the basis of our legitimate Interests (E.g. in the use of agents, web hoster etc.).

If we commission third parties to process data on the basis of a so-called “contract of order processing,” this is done on the Basis of Article 28 OF the GDPR.

Transfers to Third Countries

If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or if this is done in the context of the use of third-party services or disclosure or transfer of data to third parties, this is only if it is done to fulfill our (before) contractual obligations, on the basis of your consent, on the basis of a legal obligation or on the basis of our legitimate interests. Subject to legal or contractual permits, we process or leave the data in a third country only in the event of the special requirements of Article 44 ff. GDPR. This means processing is carried out, for example, on the basis of special guarantees, such as the officially recognized finding of a data protection Level corresponding to the EU (E.g. for the US by the “Privacy Shield”) or Compliance with officially recognized special contractual obligations. Obligations (so-called “Standard Contract Clauses”).

Rights of the Persons concerned

You have the right to request confirmation as to whether data in question is processed and for information about this data, as well as for further information and copy of the data in accordance with Article 15 GDPR.
You have accordingly. Article 16 OF the GDPR has the right to require the completion of the data concerning you or the correction of the incorrect data concerning you.
In accordance With Article 17 OF the GDPR, you have the right to request that data in question be deleted immediately or, alternatively, to request a restriction of the processing of the data in accordance with article 18 OF the GDPR.
You have the right to request that the data you have provided to us be received in accordance with article 20 OF the GDPR and to request that it be transmitted to other persons responsible.
They are also well. Article 77 GDPR has the Right to place a complaint with the competent supervisory authority.

Withdrawal

You have the Right to give consent. Article 7 (7). 3 GDPR to be revoked with effect for the future

Right to object

You may object to the future processing of the data concerning you at any time in accordance with Article 21 GDPR. The objection may be made in particular against processing for direct advertising purposes.

Cookies and The Right To object to Direct Advertising

“Cookies” are small files that are stored on users ‘ computers. Different information can be stored within a cookies. A cookie is primarily used to store the information about a user (or the device on which the cookie is stored) during or after his visit within an online offer. Temporary cookies, or “session cookies” or “transient cookies,” are referred to as cookies that are deleted after a user leaves an online offer and closes their browser. In such a cookie, for example, the contents of a shopping basket can be stored in an online shop or a login status. Cookies are referred to as “permanent” or “persistent,” which remain stored even after the browser is closed. For example, the login status can be saved if the users visit it after several days. Similarly, such a cookie can store the Interests of users used for range measurement or marketing purposes. Cookies are referred to as a “third-party cookie” offered by providers other than the person who runs the online offer (otherwise, if only its cookies are referred to as “First-Party Cookies”).

We may use temporary and permanent cookies and make up for this as part of our privacy policy.

If users do not want cookies to be stored on their computer, they are asked to disable the option In their browser’s system settings. Saved cookies can be deleted from the browser’s system settings. The exclusion of cookies can lead to functional limitations of this online offer.

A general objection to the use of Cookies used for online marketing purposes can be explained by the US Side http://www.aboutads.info/choices/or the EU side http://www.youronlinechoices.com/in a large number of services, especially in the case Of tracking. In addition, cookies can be stored by switching them down in the browser’s settings. Please note that not all functions of this online offer may be available.

Deletion of data

The data we process will be deleted or restricted in processing in accordance with articles 17 and 18 GDPR. Unless expressly stated in the context of this privacy statement, the data stored with us will be deleted as soon as it is no longer necessary for its purpose and no legal retention obligations stand in the way of deletion. Unless the data is deleted because it is necessary for other and legally permissible purposes, its processing will be restricted. This means that the data is blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax reasons.

According to legal requirements in Germany, the retention takes place in particular for 10 years in accordance with § § 147 (). 1 AO, 257 Abs. 1 Nos. 1 and 4, Abs. 4 HGB (Books, Records, situation reports, Booking documents, Trading Books, documents relevant To Taxation, etc.) and 6 Years in accordance with § 257 (). 1 Nos. 2 and 3, Abs. 4 HGB (Trading Letters).

According to legal requirements in Austria, the storage takes place in particular for 7 J in accordance with § 132 (). 1 BAO (Accounting Documents, receipt invoices, Accounts, receipts, Business papers, preparation of Revenues and Expenses, etc.), for 22 Years in Connection with Land and for 10 Years for documents related to electronically provided services, telecommunications, broadcasting and television services provided to non-entrepreneurs in EU Member States, for which the mini-One-Stop Shop (MOSS) is used.

Contractual Services

We process the data of our contractors and interested parties as well as other clients, customers, clients or contractors (uniformly referred to as “contractors”) in accordance with Article 6 (s). 1 lit. b. GDPR to provide them with our contractual or pre-contractual services. The data processed here, the nature, purpose and purpose and necessity of their processing, are determined by the underlying contractual relationship.

The Data processed includes the master data of our contractors (E.g., names and addresses), contact details (e.g. E-mail addresses and telephone numbers) as well as contract data (e.g., services used, contract content, contractual communication, names contact Persons) and payment data (e.g., bank details, payment history).

In principle, we do not process special categories of personal data unless they are part of contracted or contractual processing.

We process data necessary to justify and fulflil the contractual services and indicate the necessity of their disclosure, provided that it is not evident to the contracting parties. Disclosure to external persons or companies will only take place if it is required under a contract. When Processing the data handed over to us as part of an order, we act in accordance with the instructions of the clients as well as the legal requirements.

As part of the use of our online devices, we can store the IP address and the time of the respective user store. Storage is based on our legitimate Interests, as well as the interests of users in protecting against abuse and other unauthorized use. In principle, this data will not be passed on to third parties unless it is consistent in pursuit of our claims. Art. 6 Abs. 1 lit. (GDPR) or there is a legal obligation to do so. Art. 6 Abs. 1 lit. c. GDPR.

The data will be deleted if the data is no longer necessary to fulfill contractual or legal caring obligations and to deal with any warranty and comparable obligations, bearing the need to retain the data. Is reviewed every three Years; In addition, the legal retention obligations apply.

Administration, Financial Accounting, Office organization, Contact Management

We process data in the context of administrative tasks as well as organization of our Ooperation, financial accounting and compliance with legal obligations, such as archiving. In doing so, we process the same data that we process as part of the performance of our contractual services. The basis for processing Is article 6 (6). 1 lit. c. GDPR, Article 6 (6). 1 lit. f. GDPR. The processing affects customers, prospective customers, business partners and website visitors. The purpose and interest in processing lies in administration, dinancial accounting, office organization, archiving of Data, i.e. tasks that govern our business activities, carry out our duties and provide our benefits serve. The deletion of data relating to contractual services and contractual communication corresponds to the information cited in these processing activities.

We disclose or transmit data to the financial administration, consultants, such as tax advisors or auditors as well as other fee agencies and payment Service sroviders.

We also store information about suppliers, organizers and other business partners on the basis of our business interests, e.g. for the purpose of making further contact. In principle, we store this mostly company-related data permanently.

Contact

When Contacting us (e.g. via contact form, e-Mail, telephone or via social media), the user’s Details are used to process the contact request and how to process it. Art. 6 Abs. 1 lit. b) GDPR. Users ‘ Information can be stored in a customer relationship management system (“CRM System”) or similar organization.

We will delete the requests if they are no longer required. We check the requirement every two years; in addition, the legal archiving obligations apply.

Hosting and E-mail shipping

The hosting services we use are used to provide the following services: Infrastructure and platform services, computing capacity, storage and database services, E-mail delivery, security services and technical maintenance services that we use for the purpose of operating this online offer.

In Doing so, we, or our hosting provider, process inventory data, contact details, content data, contract data, usage data, meta- and communication data of customers, interested parties and visitors based on our legitimate interests. An efficient and secure delivery of this online offering. Art. 6 Abs. 1 lit. F GDPR in Article 28 GDPR (Conclusion contract of contract).

Collection of Access Data and Log Files

We or our Hosting Provider, elevates on the Basis of our legitimate Interests within the Meaning of Article 6 (6). 1 lit. R. GDPR Data about every access to the server on which this service is located (so-called server log files). Access data includes name of the website retrieved, file, date and time of retrieval, amount of data transferred, notification of successful retrieval, browser type plus version, the user’s operating system, referrer URL (the previously visited page), IP address and the requesting providers.

Logfile information is stored for security reasons (E.g. to investigate acts of abuse or fraud) for a maximum period of 7 Days and then deleted. Data that is required for further retention for evidential purposes are exempt from deletion pending a final resolution of the incident.

Google Analytics

Based on our legitimate interests (i.e. Interest in the Analysis, Optimization and economic operation of our online offer within the meaning of Article 6 (1)) Of GDPR), we use Google Analytics, a Web Analytics service of Google LLC (“Google”). Google uses Cookies. The Information generated by the cookie about users ‘ Use of the online offer is usually transmitted to a Google server in the USA and stored there.

Google is certified under the Privacy Shield Agreement and thus offers a Guarantee to comply with European Data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).

Google will use this Information on our behalf to evaluate the users ‘ use of our online offering, to compile reports on the activities within this online offering, and to provide further information on the use of this online offer and the Internet use related services to provide us. Pseudonymous user profiles can be created from the processed Data.

We only use Google Analytics with IP anonymization enabled. This means that the IP address of users is being shortened by Google within member States of the European Union or in other contracting states to the agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there.

The IP address transmitted by the user’s browser will not be merged with other Google data. Users can prevent cookies from being stored by adjusting their browser software accordingly; users can also prevent the collection of data generated by the cookie and related to its use of the online Offer To Google, as well as Google’s processing of that data by using it by using the browser plugin available under the following Link. Download and install: http://tools.google.com/dlpage/gaoptout?hl=de.

For more information on Google’s use of data, hiring and Objection, sSee Google’s Privacy Statement (https://policies.google.com/technologies/ads) and the settings for the presentation of Advertising By Google (https://adssettings.google.com/authenticated).

The personal data of the users will be deleted or anonymised after 14 Months.

Online presence on social media

We maintain online presence within social networks and platforms in order to communicate with the customers, prospective customers and users who are active there and to inform them about our services there. When calling the respective networks and platforms, the terms and conditions and data processing policies of their respective operators apply.

Unless otherwise stated in the context of our Privacy Policy, we process users ‘ data as long as they communicate with us within the social networks and platforms, E.g. write posts on our online presence or send us messages.

Integration Of Third-party services and content

Within our online offer, we set the content or service offerings of Third-party Providers to integrate their content and services, such as videos or fonts (referred to below uniformly as “content”).

This always presupposes that the Third-party providers of this content perceive the IP address of the Users, since they would not be able to send the content to their browser without the IP address. The IP address is therefore required for the presentation of this content. We make every effort to use only content whose respective providers only use the IP address to deliver the content. Third-party vendors can also use so-called pixel tags (invisible Graphics, also known as “Web Beacons”) for statistical or marketing purposes. The “pixel tags” allow Information to be analyzed on the pages of this website. The pseudonymous information can also be stored in cookies on the user’s device and, among other things, technical Information about the browser and operating system, referring websites, visiting time as well as other information about the use of our online offer as well as associated with such information from other sources.

Google Fonts

We include the fonts (“Google Fonts”) of the Provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Privacy Policy: https://www.google.com/policies/privacy/, opt-out: https://adssettings.google.com/authenticated.

Google ReCaptcha

We integrate the system for detecting bots, e.g. when entering online forms (“ReCaptcha”) from the Provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Privacy Policy: https://www.google.com/policies/privacy/, opt-out: https://adssettings.google.com/authenticated.

Xing

Within our online offer, functions and contents of the service Xing, offered by XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany, can be integrated. This may include, for example, content such as images, videos or texts and buttons that Allow users to report their favors regarding the content, subscribe to the authors of the content or our posts. If the Users are Members of the Platform Xing, Xing Can assign the call of the above content and Functions to the profiles of the Users there. Xing Privacy Statement : https://www.xing.com/app/share?op=data_protection.

Within our online offering, functions and contents of the LinkedIn service, offered by the LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland, can be integrated. This may include, for example, content such as images, videos or texts and buttons that Allow users to report their favors regarding the content, subscribe to the authors of the content or our posts. If the users are members of the platform LinkedIn, LinkedIn can assign the call of the above content and functions to the profiles of the users there. LinkedIn Privacy Policy: https://www.linkedin.com/legal/privacy-policy. LinkedIn is certified under the Privacy Shield Agreement and thus offers a guarantee to comply with European Data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000L0UZAA0&status=Active). Privacy Policy: https://www.linkedin.com/legal/privacy-policy, opt-out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

Created with Privacy Generator.de By RA Dr. Thomas Schwenke