In connection with a purely informational visit to our website, i.e. if you do not contact us and/or do not provide us with any information, we only collect data that the browser used on your device automatically sends to the server of our website. This information is temporarily stored in a so-called log file. The following information is stored without any action on your part and until it is automatically deleted: 

• IP address of the requesting computer,
• Date and time of access,
• Name and URL of the retrieved file,
• Website from which access is made (referrer URL),
• Browser used and, if applicable, the operating system of your computer and the name of your access provider
• Notification of successful retrieval,
• and amount of data transferred.

For data protection reasons, the hostname or IP address of users who visit your website is anonymized in the log files. In the log files, only the entries for the user’s host—or, if that cannot be determined, the user’s IP address—are anonymized. The format of all other entries remains unchanged.

The first 9 bits of the entry’s IP address are converted into a hash value for anonymization. An anonymized IP address remains valid for a maximum of 24 hours. After that, the same source IP address would be converted into a different “anonymous” IP address.

We process the aforementioned data for the following purposes:

• Ensuring a smooth connection to the website,
• To ensure a comfortable use of our website,
• Evaluation of system security and stability and
• for other administrative purposes.

When using this general data and information, we do not draw any conclusions about the individual concerned. We do not perform any personal analysis of the data, use it for marketing purposes, or create profiles.

Our legitimate interest is based on the purposes of data collection described above. Under no circumstances do we use the data for any purpose that would allow your identity to be determined. The legal basis for the aforementioned data processing is Article 6(1)(f) of the GDPR. The collection of data for the provision of the website and the storage of data in log files is absolutely necessary for the secure operation of our website. Consequently, the data subject has no right to object.

The server log files containing the data listed above are automatically deleted after six weeks. We reserve the right to retain the server log files for a longer period if there are facts that suggest unauthorized access (such as an attempted hack or a so-called DDoS attack).

Cookies used to access the website and translate the content of the Hugendubel.legal website

Collection and storage of personal data as well as the type and purpose of their use when contacting us by e-mail

When you contact us by e-mail, the data you provide (in particular your e-mail address, possibly your surname and first name, your telephone number, etc.) will be stored by us in order to process and answer your inquiry. 

Data processing serves the purpose of processing the contact as a necessary legitimate interest.

The legal basis here is Article 6(1)(f) of the GDPR. If the purpose of establishing contact is to enter into a contract, the additional legal basis for the processing is Article 6(1)(b) of the GDPR.

The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected, i.e. in particular when the conversation with you has ended. The conversation is deemed to have ended when it can be inferred from the circumstances that the matter in question has been conclusively clarified. If you instruct us to represent your legal interests, we will send you separate data protection information relating to the processing of personal data within the scope of the client relationship.

Collection and storage of personal data, as well as the nature and purpose of its use when contacting us by phone

When you contact us by phone, we will store the information you provide (specifically your phone number, your first and last name if applicable, and your email address) in order to process and respond to your inquiry. 

Data processing serves the purpose of processing the contact as a necessary legitimate interest.

The legal basis here is Article 6(1)(f) of the GDPR. If the purpose of establishing contact is to enter into a contract, the additional legal basis for the processing is Article 6(1)(b) of the GDPR.

The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected, i.e. in particular when the conversation with you has ended. The conversation is deemed to have ended when it can be inferred from the circumstances that the matter in question has been conclusively clarified. If you instruct us to represent your legal interests, we will send you separate data protection information relating to the processing of personal data within the scope of the client relationship.

Disclosure of data to third parties

We will only disclose your personal data to third parties if 
1) you have given your explicit consent pursuant to Art. 6(1)(a) GDPR,
2) The disclosure is necessary pursuant to Article 6(1)(f) of the GDPR for the establishment, exercise, and/or defense of legal claims, and there is no reason to believe that you have an overriding interest in the non-disclosure of your data, 
3) In the event that there is a legal obligation to disclose the data pursuant to Article 6(1)(c) of the GDPR, and
4) This is permitted by law and necessary under Article 6(1)(b) of the GDPR for the performance of contractual relationships with you.

Rights of data subjects

If your personal data is processed, you are a data subject within the meaning of the GDPR, and you have the following rights vis-à-vis us as the data controller: Right of access

Right to information

You may request confirmation from us as to whether we are processing personal data concerning you. 
If such processing is taking place, you may request the following information from us pursuant to Article 15 of the GDPR:
(a) the purposes for which the personal data is processed;
(b) the categories of personal data being processed;
(c) the recipients or categories of recipients to whom the personal data concerning you has been or will be disclosed;
(d) the planned duration of storage of the personal data concerning you or, if specific details cannot be provided, the criteria for determining the storage period;
(e) the existence of a right to rectification or erasure of the personal data concerning you, a right to restrict processing by us as the controller, or a right to object to such processing; 
(f) the existence of a right to lodge a complaint with a supervisory authority;
(g) any available information regarding the origin of the data, if the personal data is not collected from the data subject;
(h) the existence of automated decision-making, including profiling, pursuant to Article 22(1) and (4) of the GDPR and—at least in those cases—meaningful information regarding the logic involved, as well as the significance and intended consequences of such processing for the data subject.

You have the right to request information as to whether the personal data concerning you is transferred to a third country or to an international organization. In this context, you may request to be informed of the appropriate safeguards pursuant to Art. 46 GDPR in connection with the transfer.

Right to rectification 

Pursuant to Article 16 of the GDPR, you have the right to request that we correct and/or complete your personal data if the personal data we process concerning you is inaccurate or incomplete. We are required to make the correction without delay.

Right to restriction of processing

Under the following conditions, you may request the restriction of the processing of your personal data in accordance with Article 18 of the GDPR:
(a) if you contest the accuracy of the personal data concerning you for a period that allows us to verify the accuracy of the personal data;
(b) the processing is unlawful and you oppose the erasure of the personal data and instead request the restriction of the use of the personal data;
(c) we no longer need the personal data for the purposes of processing, but you need it to assert, exercise, or defend legal claims; or
(d) if you have objected to the processing pursuant to Article 21(1) of the GDPR and it has not yet been determined whether our legitimate grounds override your interests.

If the processing of your personal data has been restricted, this data - apart from its storage - may only be processed with your consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.

If the restriction of processing has been restricted in accordance with the above conditions, you will be informed by us before the restriction is lifted.

Right to erasure

a) Obligation to delete

As the data controller pursuant to Article 17 of the GDPR, you may request that we erase the personal data concerning you without undue delay. We are then obligated to erase this data without undue delay if any of the following grounds apply:
(1) The personal data concerning you is no longer necessary for the purposes for which it was collected or otherwise processed.
(2) You withdraw your consent on which the processing was based pursuant to Article 6(1)(a) or Article 9(2)(a) of the GDPR, and there is no other legal basis for the processing. 
(3) You object to the processing pursuant to Article 21(1) of the GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Article 21(2) of the GDPR. 
(4) The personal data concerning you has been processed unlawfully. 
(5) The erasure of the personal data concerning you is necessary for compliance with a legal obligation to which we, as the controller, are subject under Union law or the law of the Member States or any other applicable law. 
(6) The personal data concerning you was collected in relation to information society services offered pursuant to Article 8(1) of the GDPR.

b) Notification to Third Parties

If we have made the personal data concerning you public and are obliged to erase it pursuant to Article 17(1) of the GDPR, we shall take reasonable measures, including technical measures, taking into account available technology and the cost of implementation, to inform controllers who process the personal data that you, as the data subject, have requested the erasure of all links to such personal data or of copies or replicas of such personal data. 

c) Exceptions

The right to erasure does not apply where processing is necessary
(1) for the exercise of the right to freedom of expression and information;
(2) for compliance with a legal obligation which requires processing under Union or Member State law to which we, as the controller, are subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in us;
(3) for reasons of public interest in the area of public health pursuant to Art. 9(2)(h) and (i) and Art. 9(3) of the GDPR;
(4) for archiving purposes in the public interest, scientific or historical research purposes, or for statistical purposes pursuant to Article 89(1) of the GDPR, insofar as the right referred to in section (a) is likely to render impossible or seriously impair the achievement of the objectives of such processing; or
(5) for the establishment, exercise, or defense of legal claims.

Right to information

If you have exercised your right to rectification, erasure, or restriction of processing with us, we are required to notify all recipients to whom your personal data has been disclosed of such rectification, erasure, or restriction of processing, unless this proves impossible or involves disproportionate effort.

As the data subject, you have the right to be informed by us, as the data controller, about these recipients.

Right to data portability

Pursuant to Article 20 of the GDPR, you have the right to receive the personal data concerning you that you have provided to us in a structured, commonly used, and machine-readable format. You also have the right to transmit this data to another controller to whom the personal data has been provided, without hindrance from us, provided that (a) the processing is based on consent pursuant to Article 6(1)(a) of the GDPR or Article 9(2)(a) of the GDPR or on a contract pursuant to Article 6(1)(b) of the GDPR, and
(b) the processing is carried out by automated means.

In exercising this right, you also have the right to have the personal data concerning you transmitted directly from us to another controller, provided that this is technically feasible. This must not infringe upon the rights and freedoms of others.

The right to data portability does not apply to the processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us as the controller.

Right of objection

Pursuant to Article 21 of the GDPR, you have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you that is carried out on the basis of Article 6(1)(e) or (f) of the GDPR; this also applies to profiling based on these provisions. 

As the data controller, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or the processing is necessary for the establishment, exercise, or defense of legal claims.

If your personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such marketing, which includes profiling to the extent that it is related to such direct marketing.

If you object to processing for direct marketing purposes, your personal data will no longer be processed for these purposes.

Notwithstanding Directive 2002/58/EC, you have the option of exercising your right to object in connection with the use of information society services by means of automated procedures using technical specifications.

Right to revoke the declaration of consent under data protection law

Pursuant to Article 7(3) of the GDPR, you have the right to withdraw your consent to the processing of your personal data at any time. Withdrawing your consent does not affect the lawfulness of processing carried out on the basis of your consent prior to its withdrawal.

Right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, pursuant to Article 77 of the GDPR, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work, or the place where the alleged infringement occurred, if you believe that the processing of your personal data violates the GDPR. 

The supervisory authority with which the complaint has been lodged shall inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy pursuant to Art. 78 GDPR.

Data security

We use the widespread SSL (Secure Socket Layer) procedure when you visit our website. We also use suitable technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or unauthorized access by third parties. Our security measures are continuously improved in line with technological developments.

Up-to-dateness and amendment of this privacy policy 

Please be advised that it may become necessary to update this Privacy Policy due to changes in legal or regulatory requirements. You can view and print the most current version of the Privacy Policy at any time on the website at hugendubel.legal.