The data protection declaration of the law firm ZEUNER SUMMERER STÜTZ Patent- und Rechtsanwälte Partnerschaft mbB (hereinafter “ZSS“) contains the following terms, which were used by the European authorities during the enactment of the basic data protection regulation (GDPR):
Personal data: ‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
Data subject: ‘data subject’ is any identified or identifiable natural person whose personal data are processed by the controller;
Processing: ‘processing’ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
Restriction of processing: ‘restriction of processing’ means the marking of stored personal data with the aim of limiting their processing in the future;
Profiling: ‘profiling’ means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements;
Controller: ‘controller’ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;
Processor: ‘processor’ means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;
Recipient: ‘recipient’ means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients;
Third party: ‘third party’ means a natural or legal person, public authority (e.g. German Patent and Trademark Office etc.), agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data;
Consent: ‘consent’ of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;
Filing system: ‘filing system’ means any structured set of personal data which are accessible according to specific criteria, whether centralized, decentralized or dispensed on a functional or geographical basis.
Collection of data
The website of ZSS collects a series of general data and information every time a person or an automated system visits the website. This general data and information is stored in the log files of the server. We may collect information such as
– used browser types and versions,
– the operating system used by the accessing system,
– the website from which an accessing system reaches our website (so-called referrer),
– the sub-websites which are accessed via an accessing system on our website,
– the date and time of access to the website,
– an Internet Protocol (IP) address,
– the Internet service provider of the accessing system and
– other similar data and information used for security purposes in the event of attacks on our information technology systems.
When using this general data and information, ZSS does not draw any conclusions about the person concerned.
Rather, this information is needed:
– to deliver the contents of our website correctly,
– to optimize the contents of our website as well as the advertising for them,
– to ensure the permanent functionality of our information technology systems and the technology of our website, and
– to provide law enforcement authorities with the information necessary for law enforcement in the event of a cyber attack.
These anonymously collected data and information are therefore evaluated by ZSS statistically and with the aim of increasing data protection and data security in our company in order ultimately to ensure an optimal level of protection for the personal data processed by us. The anonymous data of the server log files are stored separately from all personal data provided by a person concerned.
The provision of personal data by the data subject
We inform you that the provision of personal data is partly required by law (e.g. tax regulations) or may also result from contractual regulations (e.g. information on the contractual partner). In some cases, it may be necessary for a contract to be concluded if a data subject provides us with personal data which must subsequently be processed by us. For example, the person concerned is obliged to provide us with personal data if our company enters into a contract with him/her. Failure to provide personal data would mean that the contract with the data subject could not be concluded. Before the data subject provides personal data, the data subject may contact us. We then inform the data subject on a case-by-case basis whether the provision of personal data is required by law or contract or required for the conclusion of the contract, whether there is an obligation to provide the personal data and what consequences the failure to provide the personal data would have.
The legal basis of the processing
Art. 6 para. 1 letter a) GDPR
serves to ZSS as the legal basis for processing operations for which we obtain consent for a specific processing purpose.
Art. 6 para. 1 letter b) GDPR
If the processing of personal data is necessary for the performance of a contract to which the data subject is a party, as is the case for example with processing operations necessary for the provision of a service or consideration, the processing is based on Article 6(1)(b) GDPR. The same applies to such processing procedures that are necessary to carry out pre-contractual measures, for example in cases of enquiries about our services.
Art. 6 para. 1 letter (c) GDPR
If our company is subject to a legal obligation requiring the processing of personal data, for example for the fulfilment of tax obligations, the processing is based on Art. 6 para. 1 letter. (c) GDPR.
Art. 6 para. 1 letter d) GDPR
In rare cases, the processing of personal data may become necessary to protect the vital interests of the data subject or another natural person. This would be the case, for example, if a visitor were injured in our company and his name, age, health insurance data or other vital information had to be passed on to a doctor, a hospital or other third parties. The processing would then be based on Article 6(1)(d) GDPR.
Article 6, para. 1, letter f) GDPR
Ultimately, processing operations could be based on Article 6(1)(f) GDPR. Processing operations which are not covered by any of the aforementioned legal bases are based on this legal basis if processing is necessary to preserve a legitimate interest of our company or a third party, provided that the interests, fundamental rights and freedoms of the data subject do not prevail. Such processing procedures are permitted to us in particular because they have been specifically mentioned by the European legislator. In this respect, it took the view that a legitimate interest could be assumed if the person concerned is a customer of the person responsible (recital 47, second sentence, GDPR).
Possibility to contact us via the website
The website of ZSS contains information which enables a quick electronic contact to our company as well as a direct communication with us (e.g. by e-mail). If a person concerned contacts us by e-mail, for example, the personal data transmitted by the person concerned will be stored automatically. Such personal data voluntarily transmitted to us by a data subject will be stored for the purpose of processing or contacting the data subject. This personal data is not passed on to third parties.
Rights of the persons concerned
You have the right:
– in accordance with Article 15 of the GDPR, to request information about your personal data processed by us, in particular about the purposes of processing, the category of personal data, the categories of recipients to whom your data have been or will be disclosed, the planned storage period, the existence of a right of correction, deletion, restriction of processing or objection, the existence of a right of appeal, the origin of your data, if these were not collected by us, and the existence of automated decision-making including profiling and, if applicable, meaningful information on their details;
– in accordance with Art. 16 GDPR, to demand without undue delay the correction of incorrect or completion of personal data stored by us;
– in accordance with Art. 17 GDPR, to request the erasure of your personal data stored with us unless the processing is necessary to exercise the right to freedom of expression and information, to fulfil a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims;
– in accordance with Art. 18 GDPR, to demand the restriction of processing your personal data if you dispute the accuracy of the data, if the processing is unlawful but you refuse to delete the data and we no longer need the data, but if you need it to assert, exercise or defend legal claims or if you have filed an objection to the processing in accordance with Art. 21 GDPR;
– in accordance with Art. 20 GDPR, to receive your personal data that you have provided to us in a structured, current and machine-readable format or to request its transfer to another controller;
– in accordance with Art. 7 para. 3 GDPR, to withdraw your consent to us at any time. As a result, we are no longer allowed to continue processing data based on this consent in the future;
– in accordance with Art. 77 GDPR, to complain to a supervisory authority. Usually, you can contact the supervisory authority of your usual place of residence or workplace or our office.
– in accordance with Art. 21 GDPR, to object to the processing of your personal data, provided that your personal data are processed on the basis of legitimate interests in accordance with Art. 6 para. i p. 1lit. f GDPR, insofar as there are reasons for this which arise from your particular situation or the objection is directed against direct advertising. In the latter case, you have a general right of objection, which we will implement without specifying a particular situation.
If you wish to exercise your above rights, simply send an email to firstname.lastname@example.org
Routine data erasure/disconnection
If the storage purpose ceases to apply or if a storage period prescribed by the European Directive and regulator or another competent legislator expires, the personal data is routinely blocked or deleted in accordance with the statutory provisions.
Security of Data
We use appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or unauthorised access by third parties. Our security measures are continuously improved in line with technological developments.
Up-to-dateness and amendment of this data protection declaration
Due to the further development of our website or due to changed legal or official requirements, it may become necessary to change this data protection declaration. The respective current data protection declaration can be accessed on our website (www.zpat.eu) at any time.
Person responsible / your contact person
If you have any questions about the collection, processing or use of your personal data, in matters of information, correction, blocking or deletion as well as revocation of consents given or objection to a specific use of data, please contact us directly:
ZEUNER SUMMERER STÜTZ
Tel.: ++49 (0)89 24244990;
Fax: ++49 (0)89 24244991