In general, use of the websites of HS&P is possible without providing any personal data. Should a data subject wish to make use of particular services of our office via our website, a processing of personal data may become necessary, however. If the processing of personal data is required and there exists no legal basis for such a processing, we generally seek consent of the data subject.
As the controller, HS&P has implemented numerous technical and organizational measures in order to ensure a protection of the personal data processed via this website that is as complete as possible. Nonetheless, internet-based data transfers can fundamentally have security holes, such that an absolute protection cannot be ensured. For this reason, every data subject is free to transmit personal data to us in alternative ways, for example by telephone.
2. Name and address of the controller
The controller for the purposes of the GDPR, other data protection laws effective in the member states of the European Union, and other regulations related to data protection is:
Hoeger, Stellrecht & Partner Patentanwälte mbB
Tel.: 0711 21190-0
3. Name and address of the data protection officer
The data protection officer of the controller is:
Hoeger, Stellrecht & Partner Patentanwälte mbB
Tel.: 0711 21190-78
Every data subject can directly contact our data protection officer at any time with all questions and suggestions regarding data protection.
The data subject can prevent the placement of cookies by our website at any time by means of a corresponding setting of the internet browser used and thereby permanently object to the placement of cookies. Further, cookies which have already been placed can be deleted at any time by an internet browser or other software programs. This is possible in all common internet browsers. If the data subject deactivates the placement of cookies in the internet browser used, then in some circumstances not all functions of our website are useable to the full extent.
5. Collection of general data and information
The website of HS&P collects a series of general data and information with each visit of the website by a data subject or an automated system. This general data and information is saved in the logfiles of the server. The following may be collected: (1) the browser types and versions used, (2) the operating system used by the accessing system, (3) the website from which an accessing system reaches our website (so-called referrer), (4) the sub-websites which are controlled by an accessing system on our website, (5) the date and time of access to the website, (6) an internet protocol address (IP address), (7) the internet service provider of the accessing system, and (8) other similar data and information that serve for risk prevention in the case of attacks on our information technology systems. In the use of this general data and information, HS&P draws no inferences about the data subject. Rather, this information is required in order to (1) correctly deliver the content of our website, (2) to optimize the content of our website and the promotion thereof, (3) to ensure the lasting functionality of our information technology systems and of the technology of our website, and (4) to provide law enforcement agencies with information necessary for prosecution in the case of a cyber-attack. This anonymously collected data and information is therefore, on the one hand, evaluated statistically by HS&P and, further, with the goal of increasing data protection and data security in our company, in order to ultimately ensure an optimal level of protection for the personal data processed by us. The anonymous data of the server logfiles are stored separately from all personal data provided by a data subject.
6. Routine deletion and blocking of personal data
The controller processes and stores personal data of the data subject only for the period of time that is required for the achievement of the storage purpose, insofar as this was provided for by the European body for issuing directives and regulations, or by another legislative body, in laws or provisions to which the controller is subject. If the storage purpose is no longer applicable, or if a storage term mandated by the European body for issuing guidelines and regulations, or by another competent legislative body, expires, then the personal data are blocked or deleted routinely and in accordance with the legal provisions.
7. Rights of the data subject
The user and all other subjects of the data usage by HS&P have a claim to disclosure of the personal data stored by HS&P and, where the respective legal conditions are met, a claim to correction, deletion, to limitation of the processing, and to object to processing.
The users of the websites of HS&P and, as the case may be, other data subjects further have the right to obtain the personal data provided by them in a structured, accessible, and machine-readable format. This includes the right to transmit this data to another controller. Insofar as it is technically possible, the users of the websites of HS&P and, as the case may be, the other data subjects may also request after the stated date that HS&P transfer the personal data directly to the other controller.
For the exercise of the rights stated in this clause, as well as in the event of questions and complaints regarding the use of their personal data, users of the website and, as the case may be, the other data subjects may refer to the data protection officer of HS&P. With complaints regarding the data use by HS&P, the users and, as the case may be, the other data subjects may also refer to the competent supervisory authority.
8. Data protection in the case of applications and in the application process
The controller gathers and processes the personal data of applicants for the purpose of the completion of the application process. The processing may also take place by electronic means. This is the case in particular if an applicant transmits relevant application documents by electronic means, for example by E-Mail.
If no employment contract is entered into with the applicant by the controller, then the application documents are deleted in accordance with the current legal requirements after notification of the decision of rejection, insofar as no other legitimate interests of the controller prevent a deletion. Other legitimate interest to this effect is, for example, a burden of proof in proceedings in accordance with the General Act on Equal Treatment (AGG).
9. Legal basis for the processing
Article 1 Par. 1 lit. a) GDPR serves our company as the legal basis for the processing operations, in which we obtain consent for a particular processing purpose. If the processing of personal data is required for the fulfillment of a contract, of which the contractual party is the data subject, as is the case, for example, in processing operations that are necessary for the delivery of goods or the rendering of a service or return service, then the processing shall be based on Article 6 Par. 1 lit. b) GDPR. The same applies for such processing operations that are necessary for the execution of pre-contractual measures, for instance in cases of inquiries regarding our products or services. If our office is subject to a legal obligation through which a processing of personal data becomes necessary, like for the fulfilment of tax obligations, then the processing shall be based on Article 6 Par. 1 lit. c) GDPR. If the processing of personal data is based on Article 6 Par. 1 lit f) GDPR, our legitimate interest is the execution of our business operation.
10. Duration for which the personal data are stored.
The criterion for the duration of the storage of personal data is the respective legal retention period. After expiration of the period, the corresponding data are routinely deleted, insofar as they are no longer required for the fulfilment or initiation of a contract.
11. Legal or contractual requirements regarding the provision of the personal data; necessity for the conclusion of a contract; obligation to provide the personal data to the data subject; possible consequences for the failure of provision
We inform you that the provision of personal data is in part legally required (i.e. tax regulations) or may also arise from contractual arrangements (i.e. information concerning the contractual partner). It can sometimes be necessary for a data subject to provide us with personal data which must subsequently be processed by us. The data subject (i.e. an inventor) is, for example, required to provide us with personal data if our company enters into a contract with them or their employer. A failure to provide the personal data would result in the contract with the data subject and their employer, respectively, not being able to be completed.
12. Existence of automated decision making
As a responsible company, we forgo automatic decision making or profiling.