Controller pursuant to Article 4 No 7 GDPR is:
KUCERA Rechtsanwälte Steuerberater Notar Partnerschaft mbB
Kornmarkt 1A, 60311 Frankfurt am Main
T +49 (0)69 60 60 800-0
Complete information in accordance with section 5 of the German Tele Media Act (Telemediengesetz – TMG) (Imprint)
Contact details of Data Protection Officers
You can reach our Data Protection Officers by post at the above address adding the suffix “Data Protection Officers” as well as by e-mail at: firstname.lastname@example.org.
Categories of personal data processed
When you access our Website www.kucera.biz, the browser used on your terminal device sends information automatically to the server of our Website. Such information is temporarily stored in what is referred to as a log file. This is the following information, which is recorded without any action taken by yourself and stored until being deleted automatically: IP address if the requesting computer, date and time of access, name and URL of the accessed file, website from which access is made (referrer URL), browser used and where applicable the operating system of your computer as well as the name of your access provider.
As a matter of principle, we process the personal data that you provide us with in the context of an enquiry, a pre-contractual mandate or a contractual relationship. In individual cases and insofar as this is necessary within the framework of the fulfilment of the contract, we also process personal data that has been taken from publicly accessible sources (e.g. commercial register, Internet) in a permissible manner or that has been transmitted to us by third parties (e.g. credit agencies) in a permissible manner. This can be personal data (name, date of birth, legal representative), address data (address, e-mail address, contact person), financial data (name of account holder, IBAN, BIC), contract data (contract period, services purchased, cancellations), communication data (correspondence, e-mail correspondence), advertising data (advertising letters) and other comparable categories of personal data.
Purposes and legal basis for processing personal data
We process your personal data in accordance with the provisions of the EU General Data Protection Regulation (GDPR), the new German Federal Data Protection Act (Bundesdatenschutzgesetz – BDSG-new) as well as all other relevant legislation for the purposes and on the legal basis as set out below:
- To handle any concerns you address to us by e-mail – the legal basis for this is your consent pursuant to the first sentence of Article 6(1)(a) GDPR.
- To ensure IT security and undisrupted operation of the Website, for statistical assessments and for the purpose of optimising the Website – the legal basis for this is the first sentence of Article 6(1)(f) GDPR.
- If a client relationship is established with us, we use personal data to the extent necessary for the execution of the contract or for the implementation of pre-contractual measures. The purposes of the data processing are based on the specific content of the contract, which is defined with you at the beginning of the mandate (Article 6(1)(b) GDPR).
Use of Google Maps
This Website uses Google Maps to represent interactive maps and to create route descriptions. Google Maps is a map service of Google Inc., 1600 Amphitheatre Parkway, Mountain View, California 94043, USA. By using Google Maps, information on the use of this Website including your IP address and the (start) address entered in the route planner function may be sent to Google Inc. in the USA. When you access a web page of our website that contains Google Maps, your browser establishes a direct link to the servers of Google. The map content is transmitted by Google directly to your browser and included by the latter in the Website. We therefore have no control over the scope of data collected by Google in this way. Based on the information currently available to use, such information comprises at least the following data:
- date and time of visit to the web page concerned,
- Internet address or URL of the website page accessed,
- IP address,
- the (start) address entered as part of the route planning.
For details on the purpose and scope of the data collection and further processing and use of the data by Google and users’ rights and configuration options to protect their privacy, users are advised to refer to the privacy information of Google. By using our Website, you agree to the editing of the data collected concerning you by Google in the aforementioned manner and the aforespecified purpose.
We only use technically necessary cookies that ensure that a website runs without errors. This bases on (Article 6(1)(f) GDPR). Cookies are small text files with configuration information which are sent to your browser by our web servers when you call up our website and which are kept on your computer for later retrieval. Cookies enable our website to retrieve or store information from your browser. This can be information about you, your settings or your device, e.g. the last selected language of the website. They are usually used to ensure that the website functions as expected. Usually this information does not directly identify you.
Categories of personal data recipients
Within our law firm only those persons or entities are permitted to view or access personal data that you communicate to us, and this only to the extent required in each case, who need such data for performance of our contractual or statutory duties.
We moreover disclose your personal data to third parties only if:
- you have given your express consent to this pursuant to the first sentence of Article 6(1)(a) GDPR,
- disclosure is required pursuant to the first sentence of Article 6(1)(f) GDPR for the establishment, exercise or defence of legal claims and there is no reason to assume that you have an overriding, legitimate interest in non-disclosure of your data,
- a legal obligation for disclosure pursuant to the first sentence of Article 6(1)(c) GDPR exists, or
- this is legally permissible and pursuant to the first sentence of Article 6(1)(b) GDPR is required for the performance of contractual relationships with you.
No disclosure is made to further recipients or categories of recipients pursuant to Article 4 No 9 GDPR.
Transfer of personal data to a third country
With the exception of a possible transfer of data in the case of Google Maps, Zoom and iManage Share being used, no personal data are transferred to entities in countries outside the European Union (third countries).
Period of storage of personal data and criteria for defining such period
We process and store your personal data for as long as required for us to fulfil our contractual and legal duties. If the data are no longer required for fulfilment of contractual duties, they are normally deleted unless their further processing for a limited term is required by retention periods prescribed by professional or other statutory regulations.
Your rights as a data subject
Every data subject whose personal data are processed has the right to obtain information from the controller about the personal data in question pursuant to Article 15 GDPR, the right to rectification pursuant to Article 16 GDPR, the right to erasure pursuant to Article 17 GDPR, the right to restriction of processing pursuant to Article 18 GDPR, the right to object to the processing pursuant to Article 21 GDPR as well as the right to data portability pursuant to Article 20 GDPR. The right to obtain information and the right to erasure are further subject to the restrictions pursuant to sections 34 and 35 BDSG-new.
If you make an objection, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override the your interests, rights and freedoms, or for the establishment, exercise or defence of legal claims.
Your also have the right to lodge a complaint with the competent data protection supervisory authority pursuant to Article 77 GDPR in conjunction with section 19 BDSG-new.
Obligation to provide data
When using our website you are not required to provide personal data. If you wish us to contact you, we need at least (i) your name and (ii) your telephone number or your e-mail address.
Automated decision-making and profiling
When establishing and executing our contractual relationship, you will not be subjected to a decision based solely on automated processing, including profiling, pursuant to Article 22 GDPR, which produces legal effects concerning you or similarly affects you in a serious way.
Supplement for online-meetings, telephone conferences and Webinars via „Zoom“
We would like to inform you in the following about the processing of personal data in connection with the use of “Zoom”.
Purpose of processing
We use the “Zoom” tool to conduct telephone conferences, online meetings, video conferences and/or webinars (hereinafter: “Online Meetings”). “Zoom” is a service of Zoom Video Communications, Inc. which is based in the USA.
Note: If you call up the “Zoom” website, the provider of “Zoom” is responsible for data processing. However, calling up the Internet site is only necessary for the use of “Zoom” in order to download the software for the use of “Zoom”.
You can also use “Zoom” if you enter the respective meeting ID and, if necessary, other access data for the meeting directly in the “Zoom” app.
If you do not want to or cannot use the “Zoom” app, the basic functions can also be used via a browser version, which you can also find on the “Zoom” website.
Which data is processed?
Various types of data are processed when using “Zoom”. The scope of the data also depends on the data you provide before or during participation in an “online meeting”.
The following personal data are subject to processing:
- User details: first name, last name, telephone (optional), e-mail address, password (if “Single-Sign-On” is not used), profile picture (optional), department (optional).
- Meeting metadata: Subject, Description (optional), Attendee IP addresses, Device/Hardware information.
- For recordings (optional): MP4 file of all video, audio and presentation recordings, M4A file of all audio recordings, text file of the online meeting chat.
- When dialing in by phone: information on incoming and outgoing phone number, country name, start and end time. If necessary, further connection data such as the IP address of the device can be saved.
- Text, audio and video data: You may be able to use the chat, question or survey functions in an “online meeting”. To this extent, the text entries you make are processed in order to display and, if necessary, log them in the “online meeting”. In order to enable the display of video and the playback of audio, the data from the microphone of your terminal device and from any video camera of the terminal device are processed for the duration of the meeting. You can turn off or mute the camera or microphone yourself at any time using the “Zoom” applications.
- In order to participate in an “online meeting” or to enter the “meeting room”, you must at least provide information about your name.
Scope of processing
We use “zoom” to conduct “online meetings”. If we want to record “online meetings”, we will inform you transparently in advance and – if necessary – ask for your consent. The fact of the recording will also be displayed in the “Zoom” app.
If it is necessary for the purpose of recording the results of an online meeting, we will log the chat content. However, this will usually not be the case.
In the case of webinars, we may also process questions asked by webinar participants for the purposes of recording and follow-up webinars.
If you are registered as a user at “Zoom”, reports on “online meetings” (meeting metadata, telephone dial-in data, questions and answers in webinars, survey function in webinars) can be stored for up to one month at “Zoom”.
The possibility of software-based “attention tracking” in “online meeting” tools such as “Zoom” is deactivated.
Automated decision making as defined by Art. 22 DSGVO is not used.
Legal basis of the data processing
If personal data is processed by employees of KUCERA Rechtsanwälte Steuerberater Notar Partnerschaft mbB, § 26 BDSG is the legal basis for data processing. If, in connection with the use of “Zoom”, personal data is not required for the establishment or termination of employment, but is nevertheless an elementary component of the use of “Zoom”, Art. 6 Paragraph 1 letter f) DSGVO is the legal basis for data processing. In these cases, we are interested in the effective implementation of “online meetings”.
Furthermore, the legal basis for data processing when “online meetings” are held is Art. 6 para. 1 lit. b) DSGVO, insofar as the meetings are held within the framework of contractual relationships.
If no contractual relationship exists, the legal basis is Art. 6 para. 1 lit. f) DSGVO. Here too, we are interested in the effective implementation of “online meetings”.
Recipients/forwarding of data
Personal data processed in connection with participation in “online meetings” are generally not passed on to third parties, unless they are specifically intended to be passed on. Please note that content from “online meetings”, as well as in personal meetings, often serves precisely to communicate information with customers, interested parties or third parties and is therefore intended for disclosure.
Other recipients: The provider of “Zoom” necessarily obtains knowledge of the above-mentioned data, insofar as this is provided for in our contract processing agreement with “Zoom”.
Data processing outside the European Union
“Zoom” is a service provided by a provider from the USA. Processing of personal data therefore also takes place in a third country. We have concluded an order processing agreement with the provider of “Zoom” that meets the requirements of Art. 28 DSGVO.
An appropriate level of data protection is guaranteed on the one hand by the conclusion of the so-called EU standard contractual clauses. As additional protective measures, we have also configured our Zoom system in such a way that only data centres in the EU, the EEA or secure third countries such as Canada or Japan are used to conduct “online meetings”.
Additional privacy notices for document sharing via iManage Share
Purpose of the processing
We use the “iManage Share” service to share documents over the Internet. iManage Share is a service of iManage LLC, which is based in the USA.
Note: If you access the iManage Share website via a data link, the iManage Share provider is responsible for data processing.
What data is processed?
The following personal data is processed:
- User details: e-mail address, password
- Text, audio and video data: the documents to be transmitted are uploaded to servers of the service and stored for a limited time.
Scope of processing
Automated decision-making within the meaning of Art. 22 DSGVO is not used.
Legal bases of data processing
The legal basis for data processing in the case of document sharing via the Internet is Art. 6 para. 1 lit. b) DSGVO, insofar as the meetings are held within the framework of client relationships.
If no contractual relationship exists, the legal basis is Art. 6 para. 1 lit. f) DSGVO. Here too, we are interested in the effective implementation of data transmissions via the Internet.
Recipients/forwarding of data
Personal data processed in connection with participation in the service are generally not passed on to third parties, unless they are specifically intended to be passed on. Please note that content data transmissions, as well as the electronic transmission of documents via e-mail, often serve precisely to communicate information with clients, interested parties or third parties and are therefore intended for forwarding.
Other Recipients: The iManage Share provider will necessarily be aware of the above-mentioned data, as far as this is provided for in our contract with iManage.
Data processing outside the European Union
iManage Share is a service provided by a vendor from the USA. A processing of personal data thus also takes place in a third country. We have concluded a contract with the provider of iManage Share that meets the requirements of Art. 28 DSGVO.
An appropriate level of data protection is guaranteed by the conclusion of the so-called EU standard contract clauses.