Privacy Policy

Controller

Controller pursuant to Article 4 No 7 GDPR is:

KUCERA Rechtsanwälte Steuerberater Notar Partnerschaft mbB
Kornmarkt 1A, 60311 Frankfurt am Main
Germany
T +49 (0)69 60 60 800-0
E-mail: info@kucera.biz

Complete information in accordance with section 5 of the German Tele Media Act (Telemediengesetz – TMG) (Imprint)

Contact details of Data Protection Officers

You can reach our Data Protection Officers by post at the above address adding the suffix “Data Protection Officers” as well as by e-mail at: datenschutz@kucera.biz.

Categories of personal data processed

When you access our Website www.kucera.biz, the browser used on your terminal device sends information automatically to the server of our Website. Such information is temporarily stored in what is referred to as a log file. This is the following information, which is recorded without any action taken by yourself and stored until being deleted automatically: IP address if the requesting computer, date and time of access, name and URL of the accessed file, website from which access is made (referrer URL), browser used and where applicable the operating system of your computer as well as the name of your access provider.

As a matter of principle, we process the personal data that you provide us with in the context of an enquiry, a pre-contractual mandate or a contractual relationship. In individual cases and insofar as this is necessary within the framework of the fulfilment of the contract, we also process personal data that has been taken from publicly accessible sources (e.g. commercial register, Internet) in a permissible manner or that has been transmitted to us by third parties (e.g. credit agencies) in a permissible manner. This can be personal data (name, date of birth, legal representative), address data (address, e-mail address, contact person), financial data (name of account holder, IBAN, BIC), contract data (contract period, services purchased, cancellations), communication data (correspondence, e-mail correspondence), advertising data (advertising letters) and other comparable categories of personal data.

Purposes and legal basis for processing personal data

We process your personal data in accordance with the provisions of the EU General Data Protection Regulation (GDPR), the new German Federal Data Protection Act (Bundesdatenschutzgesetz – BDSG-new) as well as all other relevant legislation for the purposes and on the legal basis as set out below:

  • To handle any concerns you address to us by e-mail – the legal basis for this is your consent pursuant to the first sentence of Article 6(1)(a) GDPR.
  • To ensure IT security and undisrupted operation of the Website, for statistical assessments and for the purpose of optimising the Website – the legal basis for this is the first sentence of Article 6(1)(f) GDPR.
  • If a client relationship is established with us, we use personal data to the extent necessary for the execution of the contract or for the implementation of pre-contractual measures. The purposes of the data processing are based on the specific content of the contract, which is defined with you at the beginning of the mandate (Article 6(1)(b) GDPR).

Use of Google Maps

This Website uses Google Maps to represent interactive maps and to create route descriptions. Google Maps is a map service of Google Inc., 1600 Amphitheatre Parkway, Mountain View, California 94043, USA. By using Google Maps, information on the use of this Website including your IP address and the (start) address entered in the route planner function may be sent to Google Inc. in the USA. When you access a web page of our website that contains Google Maps, your browser establishes a direct link to the servers of Google. The map content is transmitted by Google directly to your browser and included by the latter in the Website. We therefore have no control over the scope of data collected by Google in this way. Based on the information currently available to use, such information comprises at least the following data:

  • date and time of visit to the web page concerned,
  • Internet address or URL of the website page accessed,
  • IP address,
  • the (start) address entered as part of the route planning.

We do not have any control over the further processing and use of data by Google and therefore cannot assume any responsibility for that. If you do not wish Google to collect, process or use data concerning you via our Website, you can deactivate JavaScript in your browser settings. In this case, however, you cannot use the map display function.

For details on the purpose and scope of the data collection and further processing and use of the data by Google and users’ rights and configuration options to protect their privacy, users are advised to refer to the privacy information of Google. By using our Website, you agree to the editing of the data collected concerning you by Google in the aforementioned manner and the aforespecified purpose.

Cookies

We only use technically necessary cookies that ensure that a website runs without errors. This bases on (Article 6(1)(f) GDPR). Cookies are small text files with configuration information which are sent to your browser by our web servers when you call up our website and which are kept on your computer for later retrieval. Cookies enable our website to retrieve or store information from your browser. This can be information about you, your settings or your device, e.g. the last selected language of the website. They are usually used to ensure that the website functions as expected. Usually this information does not directly identify you.

Categories of personal data recipients

Within our law firm only those persons or entities are permitted to view or access personal data that you communicate to us, and this only to the extent required in each case, who need such data for performance of our contractual or statutory duties.
We moreover disclose your personal data to third parties only if:

  • you have given your express consent to this pursuant to the first sentence of Article 6(1)(a) GDPR,
  • disclosure is required pursuant to the first sentence of Article 6(1)(f) GDPR for the establishment, exercise or defence of legal claims and there is no reason to assume that you have an overriding, legitimate interest in non-disclosure of your data,
  • a legal obligation for disclosure pursuant to the first sentence of Article 6(1)(c) GDPR exists, or
  • this is legally permissible and pursuant to the first sentence of Article 6(1)(b) GDPR is required for the performance of contractual relationships with you.

No disclosure is made to further recipients or categories of recipients pursuant to Article 4 No 9 GDPR.

Transfer of personal data to a third country

With the exception of a possible transfer of data in the case of Google Maps, Zoom and iManage  Share being used, no personal data are transferred to entities in countries outside the European Union (third countries).

Period of storage of personal data and criteria for defining such period

We process and store your personal data for as long as required for us to fulfil our contractual and legal duties. If the data are no longer required for fulfilment of contractual duties, they are normally deleted unless their further processing for a limited term is required by retention periods prescribed by professional or other statutory regulations.

Your rights as a data subject

Every data subject whose personal data are processed has the right to obtain information from the controller about the personal data in question pursuant to Article 15 GDPR, the right to rectification pursuant to Article 16 GDPR, the right to erasure pursuant to Article 17 GDPR, the right to restriction of processing pursuant to Article 18 GDPR, the right to object to the processing pursuant to Article 21 GDPR as well as the right to data portability pursuant to Article 20 GDPR. The right to obtain information and the right to erasure are further subject to the restrictions pursuant to sections 34 and 35 BDSG-new.
If you make an objection, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override the your interests, rights and freedoms, or for the establishment, exercise or defence of legal claims.
Your also have the right to lodge a complaint with the competent data protection supervisory authority pursuant to Article 77 GDPR in conjunction with section 19 BDSG-new.

Obligation to provide data

When using our website you are not required to provide personal data. If you wish us to contact you, we need at least (i) your name and (ii) your telephone number or your e-mail address.

Automated decision-making and profiling

When establishing and executing our contractual relationship, you will not be subjected to a decision based solely on automated processing, including profiling, pursuant to Article 22 GDPR, which produces legal effects concerning you or similarly affects you in a serious way.

Supplement for online-meetings, telephone conferences and Webinars via „Zoom“ or "Microsoft Teams"

We would like to inform you below about the processing of personal data in connection with the use of video conferencing platforms, such as “Zoom” or “Microsoft Teams” (“video conferencing tools”).

Purpose of the processing

We use video conferencing tools to conduct conference calls, online meetings, video conferences and/or webinars (hereinafter: “Online Meetings”). “Zoom” is a service provided by Zoom Video Communications, Inc. which is based in the USA. “Microsoft Teams” is a product of Microsoft Corporation.

Note: If you call up the website of a video conferencing tool, the provider is responsible for data processing. However, calling up the internet page is only necessary to download the software for the use of video conferencing tools.

What data is processed?

When using video conferencing tools, various types of data are processed. The scope of the data also depends on the data you provide before or during participation in an “online meeting”.

The following personal data are subject to processing:

  • User details: first name, last name, telephone (optional), e-mail address, password (if “single sign-on” is not used), profile picture (optional), department (optional).
  • Meeting metadata: Topic, description (optional), participant IP addresses, device/hardware information.
  • For recordings (optional): MP4 file of all video, audio and presentation recordings, M4A file of all audio recordings, text file of the online meeting chat.
  • For dial-in with the telephone: information on the incoming and outgoing call number, country name, start and end time. If necessary, further connection data such as the IP address of the device can be stored.
  • Text, audio and video data: You may have the opportunity to use the chat, question or survey functions in an “online meeting”. In this respect, the text entries you make are processed in order to display them in the “online meeting” and, if necessary, to record them.
  • In order to enable the display of video and the playback of audio, the data from the microphone of your terminal device and from any video camera of the terminal device are processed accordingly during the meeting. You can switch off or mute the camera or microphone yourself at any time via the video conferencing tool applications.

To participate in an “online meeting” or to enter the “meeting room”, you must at least provide information about your name.

Scope of processing

We use video conferencing tools to conduct “online meetings”. If we want to record “online meetings”, we will transparently inform you in advance and – where necessary – ask for consent. The fact of the recording will also be displayed to you in the video conferencing tool.

If it is necessary for the purposes of recording the results of an online meeting, we will record the chat content. However, this will not usually be the case.

In the case of webinars, we may also process questions asked by webinar participants for the purposes of recording and following up webinars.

If you are registered as a user with a video conferencing tool, then reports of “online meetings” (meeting metadata, telephone dial-in data, questions and answers in webinars, survey function in webinars) may be temporarily stored for up to one month.

The possibility of software-based “attention monitoring” (“attention tracking”) in video conferencing tools is deactivated.

Automated decision-making within the meaning of Art. 22 DSGVO is not used.

Legal basis of data processing

Insofar as personal data of employees of KUCERA Rechtsanwälte Steuerberater Notar Partnerschaft mbB are processed, Section 26 BDSG is the legal basis for data processing. If, in connection with the use of videoconferencing tools, personal data is not required for the purpose of establishing or terminating the employment relationship, but is nevertheless an elementary component of the use of videoconferencing tools, the legal basis for data processing is Art. 6 (1) f) DSGVO. In these cases, our interest is in the effective implementation of “online meetings”.

Otherwise, the legal basis for data processing when conducting “online meetings” is Art. 6 para. 1 lit. b) DSGVO, insofar as the meetings are conducted within the framework of contractual relationships.

If there is no contractual relationship, the legal basis is Art. 6 para. 1 lit. f) DSGVO. Here, too, our interest is in the effective conduct of “online meetings”.

Recipients/disclosure of data

Personal data processed in connection with participation in “online meetings” will not be passed on to third parties as a matter of principle, unless they are specifically intended to be passed on. Please note that the content of “online meetings”, as well as personal meetings, is often used to communicate information with customers, interested parties or third parties and is therefore intended to be passed on.

Other recipients: The video conferencing tool provider necessarily receives knowledge of the above-mentioned data insofar as this is provided for in the context of our order processing agreement with the video conferencing tool platform.

Data processing outside the European Union

The platforms used are services provided by a provider from the USA. A processing of personal data therefore also takes place in a third country. We have concluded an order processing agreement with the provider of the video conferencing tools that complies with the requirements of Art. 28 DSGVO.

An appropriate level of data protection is guaranteed on the one hand by the conclusion of the so-called EU standard contractual clauses. As additional protective measures, we have also configured the video conferencing tool in such a way that only data centres in the EU, the EEA or secure third countries such as Canada or Japan are used to conduct “online meetings”.

Additional privacy notices for document sharing via iManage Share

Purpose of the processing

We use the “iManage Share” service to share documents over the Internet. iManage Share is a service of iManage LLC, which is based in the USA.

Note: If you access the iManage Share website via a data link, the iManage Share provider is responsible for data processing.

What data is processed?

The following personal data is processed:

  • User details: e-mail address, password
  • Text, audio and video data: the documents to be transmitted are uploaded to servers of the service and stored for a limited time.
    Scope of processing

Automated decision-making within the meaning of Art. 22 DSGVO is not used.

Legal bases of data processing

The legal basis for data processing in the case of document sharing via the Internet is Art. 6 para. 1 lit. b) DSGVO, insofar as the meetings are held within the framework of client relationships.

If no contractual relationship exists, the legal basis is Art. 6 para. 1 lit. f) DSGVO. Here too, we are interested in the effective implementation of data transmissions via the Internet.

Recipients/forwarding of data

Personal data processed in connection with participation in the service are generally not passed on to third parties, unless they are specifically intended to be passed on. Please note that content data transmissions, as well as the electronic transmission of documents via e-mail, often serve precisely to communicate information with clients, interested parties or third parties and are therefore intended for forwarding.

Other Recipients: The iManage Share provider will necessarily be aware of the above-mentioned data, as far as this is provided for in our contract with iManage.

Data processing outside the European Union

iManage Share is a service provided by a vendor from the USA. A processing of personal data thus also takes place in a third country. We have concluded a contract with the provider of iManage Share that meets the requirements of Art. 28 DSGVO.

An appropriate level of data protection is guaranteed by the conclusion of the so-called EU standard contract clauses.