Data Protection Statement

Thümmel Schütze und Partner Rechtsanwälte Partnerschaftsgesellschaft mbB (“Controller” or “TSP” or “we” or “us”) as the operator of the website www.tsp-law.com (“our Website”) is happy that you visit our Website. Below, we will inform you about processing of personal data when you use our Website.

Table of Contents

I. Definitions

Our data protection statement uses terms defined in the EU General Data Protection Regulation (“GDPR”). In order to keep the data protection statement legible and comprehensible, we have explained these terms below:

(1) Personal data

According to the GDPR, personal data are any information relating to an identified or identifiable natural person. This means information such as your name, birth date, address, email address, IP address or phone number, as well as your user behaviour. By contrast, information that cannot be directly connected to your actual identity – such as websites generally preferred by all users or the number of users of a page – are not considered personal data.

(2) Data subject

Data subjects are all identified or identifiable natural persons whose personal data are processed by the Controller responsible for processing.

(3) Processing

Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

(4) Restriction of processing

Restriction of processing means the marking of stored personal data with the aim of limiting their processing in the future.

(5) Controller or Controller responsible for processing

The Controller or Controller responsible for processing is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the Controller or the specific criteria for its nomination may be provided for by Union or Member State law.

(6) Processor

The processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the Controller.

(7) Recipient

The recipient is a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. Public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients.

(8) Third parties

Third parties are a natural or legal person, public authority, agency or body other than the data subject, Controller, processor and persons who, under the direct authority of the Controller or processor, are authorised to process personal data.

(9) Consent

Consent is any freely given, specific, informed and unambiguous indication by the data subject of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

II. Controller for processing and data protection officer

(1) The Controller [Article 4(7) GDPR]

  1. Thümmel Schütze und Partner Rechtsanwälte
  2. Partnerschaftsgesellschaft mbB
  3. Urbanstrasse 7, D-70182 Stuttgart, Germany
  4. Phone: +49 711 1667 0
  5. Fax: +49 711 1667 290
  6. Email datenschutz@tsp-law.com
  7. Internet: https://www.tsp-law.com

 

(2) Data protection officer

The operational data protection officer of the firm is Dr. Bettina Linder. She can be reached under the above address or under datenschutz-beauftragte@tsp-law.com.

III. Principles relating to processing of personal data

(1) Scope of processing of personal data

We generally only collect and use personal data of our users if this is required to provide a functional website or our contents and services. Collection and use of your personal data within the realm of our website usually takes place only with your consent. However, an exception shall apply in such cases where collection of advance consent is not possible for factual reasons and where processing of the data is nevertheless permitted by the law.

(2) Legal basis relating to processing of personal data

The data transmitted by or collected from you are only collected, used, processed, stored and – if required by law or contractually required – passed on to third parties only within the context of the applicable data protection laws (GDPR, Federal Data Protection Act and Telemedia Act).

Article 6 GDPR leads to various legal bases for processing of your personal data that are referred to from case to case in this data protection statement:

  1. Art. 6 Abs. 1 a) Article 6(1)(a) GDPR is the legal basis for processing operations of personal data with consent of the data subject.
  2. Art. 6 Abs. 1 b) Article 6(1)(b) GDPR is the legal basis for processing of personal data that is necessary for the performance of a contract to which the data subject is party. This legal basis shall also refer to such processing operations that are necessary in order to take steps prior to entering into a contract.
  3. If we need to process personal data for compliance with a legal obligation of our company, the legal basis for this shall be Article 6(1)(c) GDPR.
  4. Art. 6 Abs. 1 d) Article 6(1)(d) GDPR serves as the legal basis if vital interests of the data subject or any other natural person require processing of his or her personal data.
  5. If processing of personal data is necessary for the purposes of a legitimate interest pursued by our company or by a third party and the interests, fundamental rights and freedoms of the data subject do not override this first interest of our company or a third party, this processing shall take place on the legal basis of Article 6(1)(f) GDPR.

 

(3) Data erasure and storage period

As soon as the purpose of storage of the respective personal data of the data subject no longer applies, they shall be deleted or blocked. However, storage may take place beyond this point of time if this was stipulated in European or national regulations, laws or other rules that we as Controller responsible for processing are subject to. Blocking or erasure of the data shall also take place if a storage period required by the standards named expires, except if further storage of such data is required for entering into a contract or performance of a contract.

IV. General processing activities in connection with the provision of our Website and compilation of log files

The scope and nature of collection and use of your data will differ depending on whether you only visit our Website in order to call up information or whether you use our offers – such as newsletters, commenting function of the blog, email contact:

(1) Visiting our Website

Purely informational use of our Website generally does not require you to provide us with any personal data. Instead, we collect, use and store information that is transmitted to us by the respective browser used by you during your visit of our Website automatically in the server log files.

(2) Collected data

The following data will be collected in the course of this:

  1. Information on your browser: Type, language and version used by you (e.g. Mozilla Firefox, Microsoft Internet Explorer, Apple Safari, Google Chrome)
  2. The operating system used by you
  3. The internet service provider charged by you
  4. Your internet protocol address
  5. Date and time of the access
  6. Websites from which your system reaches our Website
  7. Websites that are called by your system via our Website
  8. Content of the request (specific page)
  9. Access status/http status code
  10. The respective data volume transferred

We cannot assign the above data to specific persons. We will not combine these data with any other data sources, i.e. these data will not be stored together with other personal data such as your name, address, phone number or email address.

(3) Legal basis

The legal basis for this temporary storage of data and log files is Article 6(1)(f) GDPR, since our legitimate interests as presented below in this storage override your interests, fundamental rights and freedoms: The internet protocol address is considered personal data. The temporary storage of the internet protocol address by the system is necessary in order to permit transfer of our Website to your browser. For this purpose, the internet protocol address must remain stored for the duration of the session. Storage in log files shall take place in order to ensure the function of our Website. We also use the data for optimisation of our Website and to ensure the safety of our information-technical systems. The data are not evaluated for marketing purposes in this context.

(4) Storage period

The data are erased as soon as they are no longer required to achieve the purpose of their collection. If data are recorded for provision of our Website, this is the case when the respective session is ended. To the extent that the data were stored in log files, this is the case at the latest after seven (7) days. Storage beyond this is possible as well, however. In this case, however, your internet protocol address will be deleted or changed so that it can no longer be assigned to your person.

(5) Right to object and removal option

Recording of the data for provision of our Website and storage of the data in log files is mandatory for operation of the website. Accordingly, you cannot object to this.

V. Email contact

(1) Description and scope of the processing

Our Website contains information in order to permit quick contact/communication. If you contact us by email, the personal data transmitted by you (first name, name, email address, any further voluntary information) will be stored automatically. At the time of dispatch of the message, your internet protocol address and the date and time will be stored as well.

(2) Legal basis for the processing

The legal basis for processing of the data if and to the extent that you have given your consent is Article 6(1)(a) GDPR.

The legal basis for processing of the data transmitted to us in the scope of transmission of an email is also Article 6(1)(f) GDPR. If the email contact is targeted at entering into a contract, Article 6(1)(b) GDPR shall be an additional legal basis for processing.

(3) Purpose of data processing

Processing of the personal data from an email sent to us serves solely to process your contact. This is also where the legitimate interest of processing of the data lies if these are processed based on Article 6(1)(f) GDPR.

(4) Storage period

The data are erased as soon as they are no longer required to achieve the purpose of their collection. This is the case when the respective conversation with the user has ended. The conversation is ended when the circumstances show that the corresponding matter has been finally completed.
Upon receipt of an objection or withdrawal declared by you [see below (5)], your personal data will be deleted within 7 days.
However, we will not delete your personal data, if we are entitled or obliged to further storage on the basis of a different legal ground than your consent or despite your objection (for example, in connection with the management of mandates).

(5) Right to object or to withdraw and removal option

You have the option at any time to withdraw your consent to processing of the personal data [see below XIII. (8) Right to withdraw].
In addition, you can object to the processing of your personal data at any time, if and to the extent that this processing is carried out on the basis of Art. 6 (1) sentence 1 lit. f) GDPR [see below XIII. (1) Right to object].
Both the withdrawal and the objection can be send by e-mail to privacy@tsp-law.com. In such a case, however, the conversation cannot be continued.

VI. Comment function for blog articles

(1) Description and scope the of processing

You can use the comment function to comment on blog articles. Using the comment function requires you to enter a name. You can also choose a pseudonym. You also need to indicate your email address. An email address must be indicated to enable the firm to forward any complaints to your comments on the blog to you and to ask you to make a statement regarding them. You cannot use the comment function without providing this information. When your comment is published, the email address indicated by you will be stored, but not published. Your name will be published if you did not use a pseudonym.

(2) Legal basis for the processing

The legal basis for processing of the data transmitted when you use the comment function for blog articles is Article 6(1)(a) GDPR and Article 6(1)(f) GDPR if and to the extent that you have given your consent.

(3) Purpose of data processing

The data transmitted by you serve solely the purpose of forwarding any complaints about your comments and to ask you to make a statement regarding these. In case of complaints, we can – assuming these are justified – under certain circumstances even be prosecuted for such a comment and therefore we have a legitimate interest in knowing the identity of the author.

(4) Storage period

The data are erased as soon as they are no longer required to achieve the purpose of their collection. For example, when the conversation regarding your complaints has ended and none of your comments are shown anymore.
Upon receipt of an objection or withdrawal declared by you [see below (5)] your personal data will be deleted within 7 days.
However, we will not delete your personal data, if we are entitled or obliged to further storage on the basis of a different legal ground than your consent or despite your objection (for example, in connection with the management of mandates).

(5) Right to object or to withdraw and removal options

You have the right at any time to withdraw your consent to processing of personal data [see below XIII. (8) Right to withdraw].
In addition, you can object to the processing of your personal data at any time, if and to the extent that this processing is carried out on the basis of Art. 6 (1) sentence 1 lit. f) GDPR [see below XIII. (1) Right to object].
Both the withdrawal and the objection can be send by e-mail to privacy@tsp-law.com. In such a case, however, the comment function cannot be further used.

VII. Newsletter

(1) Description and scope of the processing

If you sign up for a free newsletter, the firm only collects your e-mail address for rendering this service. Collection and transmission of your e-mail address is only used for transmitting our newsletters. The use of the newsletters is otherwise not possible.
After signing up, you will receive a confirmation email containing a link that must be clicked in order to confirm the registration for our newsletter (so-called Double Opt-In). This entire process is documented and stored. This includes the storage of the registration and confirmation time, as well as your IP-address.

(2) Legal basis for the processing

The legal basis for processing of the data on subscription to a newsletter is your consent according to Article 6(1)(a) GDPR.

(3) Purpose of data processing

The data transmitted by you serve only the purpose of being able to send you the newsletter you have subscribed to.

(4) Storage period

The data are erased as soon as they are no longer required to achieve the purpose of their collection. This is the case if you do not want to continue to subscribe to the newsletter and withdraw your consent [see below (5)].
Upon receipt of a withdrawal declared by you [see below (5)] your personal data will be deleted within 7 days.
However, we will not delete your personal data, if we are entitled or obliged to further storage on the basis of a different legal ground than your consent or despite your objection (for example, in connection with the management of mandates).

(5) Right to withdraw and removal options

You have the option at any time to withdraw your consent to processing of your personal data, effective for the future, by clicking the withdrawal link in the newsletter emails or, for example, by email to datenschutz@tsp-law.com [see below XIII (8) Right to withdraw]. In such case, the receipt of our newsletter is not possible anymore.

VIII. Acquisition and management of our contractual relations

Our measures to acquire and maintain our contractual relationships, such as to maintain the relationship with current or potential clients are within the limits permitted by law and on the basis of your consent.

(1) Description and scope of the processing

We store the following personal data for the purpose of acquiring and maintaining our contractual relationships:

  • title, first name, surname, if applicable academic degree, title, company;
    a valid e-mail address;
  • a valid e-mail address;
  • address;
  • telephone number (landline and / or mobile) / fax number if applicable;
  • language(s) in which we communicate with you: German, English or Chinese;
  • our location(s) and the lawyers with whom you are in contact;
  • your status as a client, business partner or prospect (for example, a potential client or potential business partner).

(2) Legal basis for the processing

A contractual relationship with you can also justify measures for the acquisition and management of the contractual relationship pursuant to Art. 6(1)(b) GDPR. Outside this framework, the legal basis for the processing of your personal data for purposes of acquiring and maintaining the contractual relationship is your consent in accordance with Art. 6 (1)(a) GDPR and Sec. 7 UWG (Act Against Unfair Competition). To the extent we contact you by mail in paper form for the fulfilment of these purposes, the legal basis may be Article 6(1)(f) GDPR or your consent granted in this regard according to Art. 6(1)(a) GDPR

(3) Purpose of data processing

The processing of the data you submit serves the following purposes:

  • to inform and invite you about events of the law firm;
  • to give you the opportunity to exchange ideas/network with other participants of our events (name badges, list of all participants of the event with form of address, first name, surname, if applicable academic degree, title and company);
  • to inform you of news (for example, sending current publications / expert papers);
  • to take other measures of acquisition and management of the contractual relationship (for example, sending Christmas or birthday mail).

(4) Storage period

The personal data processed as part of the measures to acquire and maintain the contractual relationship will be deleted as soon as they are no longer necessary for the purpose of their collection.

After a withdrawal or objection [see below (5)], your personal data will be deleted within 7 days and we will not send you any further information regarding the acquisition and management of the contractual relationship, regardless of any contact in the context of the contractual relationship.

The personal data processed as part of the measures for acquiring and maintaining the contractual relationship will be deleted irrespective of the withdrawal of the consent or an objection, if we have not had contact with you for more than two years. The deletion of this data does not take place, however, if we are entitled or obliged to further storage on the basis of a different legal ground than your consent or despite your objection (for example, in connection with the processing of mandates).

(5) Right to object and removal options

You have the right to withdraw your consent to the processing of your personal data at any time [see below XIII. (8) Right to withdraw].

In addition, you can object to the processing of your personal data at any time, if and to the extent that this processing is carried out on the basis of Art. 6(1)(f) GDPR [see below XIII. (1) Right to object].

Both the withdrawal and the objection can be send by e-mail to privacy@tsp-law.com. After withdrawing your consent or objection, however, no action can be taken to acquire and maintain the contractual relationship.

IX. Career

(1) Description and scope of the processing

In the Career section, we publish our vacancies and ask you to submit your applications, among others also by email. We recommend that you transmit applications that you send us by email encrypted in your own interest.

Once you have applied for a job offered by us, only our HR department and the respective eligible department will be able to view your data. If your application is an unsolicited application, your information will be made accessible to all areas/departments with vacancies that match your applicant profile. The data will only be passed on to any third party to the extent that we are required to do so by law in the individual case.

If you are employed by us, we will store the data transmitted to us in your personnel file under observation of the legal rules.

(2) Legal basis for the processing

The legal basis for processing of the data that are transmitted to us in the scope of transmission of an application by email is Article 6(1)(b) GDPR, since the email contact is targeted at entering into a contract. The additional legal basis for processing of your data is Article 6(1)(f) GDPR.

(3) Purpose of data processing

The data transmitted by you serve only the purpose of making a decision about your employment and to subsequently process such an employment.

(4) Storage period

The data are erased as soon as they are no longer required to achieve the purpose of their collection. If no employment is entered into between you and us, the application documents will be erased automatically seven (7) days after disclosure of the negative decision, except if erasure is opposed by any other legitimate interests on our side. Other legitimate interests in this meaning shall include the burden of proof in proceedings under the Allgemeines Gleichbehandlungsgesetz (the general law on equal treatment, the AGG). Upon receipt of an objection or withdrawal declared by you [see below (5)] your personal data will be deleted within 7 days.

(5) Right to object and removal options

You may withdraw your application at any time and you have the option to withdraw your consent to processing of the personal data at any time [see below XIII. (8) Right to withdraw]. If you send us your application documents by email, you may object to storage of your personal data at any time [see below XIII. (1) Right to object]. In this case, the conversation and decision concerning your employment cannot be continued, however. All personal data that were stored in the scope of the application will be erased within a period of seven (7) days after receipt of the objection by us.

X. Use of cookies

(1) Description and scope of the processing

The firm uses so-called “cookies” on www.tsp-law.com in order to better align the firm’s offer with your wishes. We use own cookies and third party cookies [see also below third party cookies under XII. Google Analytics]. “Cookies” are small text files that your browser generates automatically, that are stored locally in the storage of your web browser on the end device used by you (e.g. laptop, tablet, smartphone, etc.) and permit analysis of your use of the website. Specifically, these cookies are being used:

  • pll_language (Homepage) and qtrans_front-language (Blog): These technically necessary cookies ensure that once the language has been selected, it will be retained when switching to another subpage of our website.
  • wp-setting-3 (Homepage) and wp-settings-2 (Blog): Technically necessary cookies which adapt the presentation of the homepage to the browser you use.

(2) Legal basis for the processing

The personal data processed by cookies are necessary for the purposes of our legitimate interests according to Article 6(1)(1)(f) GDPR [sic].

(3) Purpose of data processing

Use of cookies serves to make use of our offer more comfortable for you and to optimise user friendliness as well as for statistical purposes. The functions described — maintaining the language selection when switching to the bottom and adapting to browsers — serve the best possible representation of our offer, which serves our and your interest.

(4) Storage period

The data are erased as soon as they are no longer required to achieve the purpose of their collection.

(5) Right to object and removal options

Most browsers accept cookies automatically. You may, however, configure your browser so that no cookies will be stored on your computer or that you will always be informed before a new cookie is set up. Complete deactivation of cookies may, however, render you unable to use all functions of our Website. You can erase cookies once set again at any time on your own by calling up the corresponding menu item in your web browser or deleting the cookies from your hard disc. For details on this, see the help menu of your web browser.

XI. Google Analytics

  1. TSP uses “Google Analytics”, a web analysis service of Google Inc. (“Google”). Google Analytics uses “cookies”, i.e. text files that are stored on your computer and that permit analysis of your use of the website.
  2. The information produced by the cookie regarding your use of our Website (including your IP address) is usually transferred to a server of Google in the USA and stored there. However, TSP has activated IP anonymisation. Note that Google Analytics has been expanded by the code “gat._anonymizeIp();” on the website www.tsp-law.com, in order to ensure anonymised recording of IP addresses (IP masking). On this website, your IP address will be abbreviated first by Google within Member States of the European Union or in other contracting states of the Agreement on the European Economic Area.
    Only in exceptions will your full IP address be transferred to a server of Google in the USA and abbreviated there. For the exceptional cases in which personal information is transferred to the US, Google has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US Framework. The legal basis for the use of Google Analytics in this exceptional case is Article 6(1)(f) GDPR.
  3. On behalf of TSP, Google will use this information to evaluate your use of our Website, in order to compile reports on the website activities and to render further services connected to website use and internet use for TSP. For this purpose, TSP entered into a data processing agreement with Google.
    The processing of anonymous user data enables us to analyse the surfing behaviour of our users. By analysing the data obtained, we are able to compile information about the use of the individual components of our website. This helps us to constantly improve our website and its user-friendliness. However, the anonymization of the IP-address does not allow the usage behaviour to be assigned to an individual persons.
  4. The IP address submitted by your browser in the scope of Google Analytics will not be combined with any other data of Google. Google will also transfer this information to third parties if this is required by law or to the extent that third parties process these data on behalf of Google.
  5. You may erase cookies once set again at any time on your own by calling up the corresponding menu item in your web browser or deleting the cookies from your hard disc. For details on this, see the help menu of your web browser.
    You may also prevent saving of the cookies by making the corresponding settings in your browser software; however, note that you may be unable to fully use all functions of our Website in such a case. Moreover, you can prevent the cookie from recording data it generates and which pertains to your use of the website (including the IP address) at Google as well as the processing of this data by Google, by downloading and installing the available browser plugin under the following link: http://tools.google.com/dlpage/gaoptout?hl=de.
  6. If you are using a mobile application – such as a tablet or Smartphone – the browser plugin will not work. However, you can nevertheless prevent recording of your data by Google Analytics by clicking the following link Deactivate Google Analytics. This will set an opt-out cookie that will permanently prevent recording of your data during future visits to this website.
    For more details on this, see http://tools.google.com/dlpage/gaoptout?hl=de or http://www.google.com/intl/de/analytics/privacyoverview.html (general information on Google Analytics and data protection)..
  7. Third-Party information: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001. Terms of Use: http://www.google.com/analytics/terms/de.html, privacy information: http://www.google.com/intl/de/analytics/learn/privacy.html, as well as Privacy Policy: http://www.google.de/intl/de/policies/privacy.

XII. Social Media Plugins: Facebook, Twitter, Xing and LinkedIn

(1) We currently use the following social media plugins within the context of the blogs offered on the website: Facebook, Twitter, Xing, LinkedIn (hereinafter also: “Plugin Providers”). You can find the respective plugins to the left of the respective blog article.

(2) We use the 2-click solution in the scope of the plugin. This means that when you visit our page, personal data will generally not be passed on to the respective Plugin Providers initially. Only if you click one of the plugins and activate it in the window shown then will personal data be transferred: Activation of the plugin will therefore transfer data concerning you to the respective Plugin Provider automatically, where they will be stored (in the USA for US providers). We cannot influence the collected data and data processing operations, and we do not know the full scope of data collection, purposes and storage periods. Since the Plugin Provider collects data in particular using cookies, we recommend that you delete all cookies via the safety settings of your browser before activating the respective plugin – if you want to prevent transmission of data as far as possible.

(3) If you activate a plugin, the Plugin Provider will be informed that you have called the corresponding sub-page of our Website. The data named in item IV of this data protection statement will also be transferred. In case of Facebook and Xing, only an anonymised IP will be collected according to the information of the respective providers in Germany. This is done independently of whether you have an account with the Plugin Provider and are logged in there. If you are logged in with the Plugin Provider, these data will be associated with your account directly. If you click the activated button and, e.g., link the page, the Plugin Provider will also store this information in your user account and publicly disclose this to your contacts. If you do not wish assignment to your profile with the Plugin Provider, you need to log out before you activate the button of the respective Plugin Provider.

(4) The Plugin Provider stores these data in usage profiles and uses them for the purpose of advertising, market research and/or demand-oriented design of its website. Such evaluation shall specifically take place (also for users who are not logged in) in order to display demand-oriented advertisements and in order to inform other users of the social network of your activities on our Website. You have a right to object to the generation of these user profiles. In order to exercise this right, you must contact the respective Plugin Provider.

(5) Further information on the purpose and scope of data collection and processing by the Plugin Provider is available in the following data protection statements of these providers. They also contain further information on your rights in this respect and setting options for protecting your privacy.

(6) Addresses of the respective providers and URL with data protection notices:
a) Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA; http://www.facebook.com/policy.php; further information on data collection: http://www.facebook.com/help/186325668085084, http://www.facebook.com/about/privacy/your-info-on-other applications as well as http://www.facebook.com/about/privacy/your-info everyoneinfo.
b) Twitter, Inc., 1355 Market St, Suite 900, San Francisco, California 94103, USA; https://twitter.com/privacy.
c) Xing AG, Gänsemarkt 43, 20354 Hamburg, DE; http://www.xing.com/privacy.
d) LinkedIn Corporation, 2029 Stierlin Court, Mountain View, California 94043, USA; http://www.linkedin.com/legal/privacy-policy.

XIII. Your rights as data subject

If we process your personal data, you are a data subject within the meaning of the GDPR and you have the following rights towards us as the Controller:

(1) Widerspruchsrecht

(a) You have the right to object at any time to the process of your personal data on the basis of Art. 6 (1) (f) GDPR for purposes of direct advertisement without giving any reason. We will then no longer process your personal data for these purposes. This also applies to profiling to the extent as it is associated with such direct advertisement. However, we are currently not conducting profiling.

(b) Furthermore, you can object to the processing to other processing that we have a legitimate interest in pursuant to Art. 6 (1) (f) GDPR, for reasons that arise from your particular situation, stating these reasons. In principle, this also applies to profiling based on this provision. However, we are currently not conducting such profiling. We will then no longer process your personal information unless we can demonstrate compelling reasons for processing that outweigh your interests, rights and freedoms, or the processing is intended to assert, exercise or defend legal claims.

(c) Any objection can be made without a form requirement. It suffices for this purpose e.g. to send an email to: datenschutz@tsp-law.com.

(2) Right of access

You may obtain from us confirmation as to whether or not personal data concerning you are being processed by us.

In case of such processing, you may demand that we further provide access to the following information:

  1. the purposes for which the personal data are processed;
  2. the categories of personal data concerned;
  3. the recipients or categories of recipient to whom the personal data concerning you have been disclosed or will be disclosed;
  4. the envisaged period for which the personal data concerning you will be stored or, if specific information on this cannot be provided, the criteria used to determine that period;
  5. the existence of a right to request from the Controller rectification or erasure of personal data or a right to restriction of processing of personal data concerning you or to object to such processing;
  6. the right to lodge a complaint with a supervisory authority;
  7. all available information as to the source of the data, where the personal data are not collected from you as the data subject.

You have the right to be informed on whether the personal data concerning you are transferred to a third country or to an international organisation. In this context, you may demand to be informed of the appropriate safeguards pursuant to Article 46 GDPR relating to the transfer.

(2) Right to rectification

You have a right to rectification and/or completion towards us as the Controller, provided that the personal data processed by us concerning you are inaccurate or incomplete. We must perform the rectification without undue delay.

(4) Right to restriction of processing

You have the right to obtain restriction of processing of the personal data concerning you where one of the following conditions applies:

  • if you contest the accuracy of the personal data concerning you for a period enabling the Controller to verify the accuracy of the personal data;
  • the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;
  • we no longer need the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defence of legal claims; or
  • if you have objected to processing pursuant to Article 21(1) GDPR pending the verification whether the legitimate grounds asserted by us override your grounds.

Where processing of the personal data concerning you has been restricted, such data shall – with the exception of storage – only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.

If the restriction of processing was restricted according to the above conditions, you will be informed by us before the restriction of processing is lifted.

(5) Right to erasure

(a) Erasure obligation

We have the obligation to erase the personal data concerning you without undue delay if one of the following grounds applies:

  1. The personal data concerning you are no longer necessary in relation to the purposes for which they were collected or otherwise processed.
  2. You withdraw consent on which the processing is based according to Article 6(1)(a), or Article 9(2)(a) GDPR, and where there is no other legal ground for the processing.
  3. You object to the processing pursuant to Article 21(1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Article 21(2) GDPR.
  4. The personal data concerning you have been unlawfully processed.
  5. The personal data concerning you have to be erased for compliance with a legal obligation in Union or Member State law to which we are subject.
  6. The personal data concerning you have been collected in relation to the offer of information society services referred to in Article 8(1) GDPR.

(b) Information to third parties

Where we have made the personal data concerning you public and if we are obliged pursuant to Article 17(1) GDPR to erase the personal data, we, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform other controllers which are processing your personal data that you as the data subject have requested the erasure by such controllers of any links to, or copy or replication of, those personal data.

(c) Derogations

The right to erasure shall not exist if processing is necessary

  1. for exercising the right of freedom of expression and information;
  2. for compliance with a legal obligation which requires processing by Union or Member State law to which we are subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller;
  3. for reasons of public interest in the area of public health in accordance with Article 9(2)(h) and (i) as well as Article 9(3) GDPR;
  4. for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) GDPR in so far as the right to erasure is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
  5. for the establishment, exercise or defence of legal claims.

(6) Right to provision of information

If you have asserted a right to rectification, erasure or restriction of processing towards us, we are obligated to communicate this rectification or erasure of data or restriction of processing to each recipient to whom the personal data concerning you have been disclosed, unless this proves impossible or involves disproportionate effort. You have the right to provision of information about such recipients by us.

(7) Right to data portability

You shall have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format. In addition to this, you have the right to transmit those data to another controller without hindrance from us as the Controller to which the personal data have been provided, where

  1. processing is based on consent pursuant to Article 6(1)(a) GDPR or Article 9(2)(a) GDPR or on a contract pursuant to Article 6(1)(b) GDPR and
  2. the processing is carried out by automated means.

In exercising this right, you further have the right to have the personal data concerning you transmitted directly from us as one Controller to another controller, where technically feasible. Freedoms and rights of others must not be adversely affected by this.

That right to data portability shall not apply to processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us as the Controller.

(8) Right to withdraw the declaration of consent under data protection law

You shall have the right to withdraw your consent under data protection law at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

If you want to exercise your withdrawal right, simply send an email to datenschutz@tsp-law.com.

(9) Right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR.

The supervisory authority with which your complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Article 78 GDPR.

Please direct any requests in connection with rights of data subjects to datenschutz@tsp-law.com. Please note that the firm may demand that you prove that you are actually the person to the personal data of which access is demanded if requests for access are not made in writing, in order to protect the persons concerning whom data are stored.

Please also consider that we cannot store or derive any personal data concerning visitors to our Website if you have not transmitted your personal data freely before, e.g. in order to comment on the blog or to subscribe to the newsletter.

XIV. SSL encryption

This site uses SSL encryption for security reasons and to protect the transmission of sensitive content you send to us. You can recognize an encrypted connection by the change in the address line of the browser from «http: //» to «https: //» and the lock symbol in your browser line. The activation of the SSL encryption serves as protection and makes sure that the data, which you transmit to us, are not read by third parties.

XV. Reservation of changes

We reserve the right to adjust this data protection statement in order to adjust it to the respective applicable provisions at all times, as well as our offers on the website.
As of October 2018

Addresses of our Offices

  • Berlin

  • Kurfürstendamm 63
  • 10707 Berlin
  • T:+49 (0)30.8 87 17-00
  • Fx:+49 (0)30.8 85 00-75
  • berlin@tsp-law.com
  • Dresden

  • Käthe-Kollwitz-Ufer 83
  • 01309 Dresden
  • T:+49 (0)351.4 99 14-14
  • Fx:+49 (0)351.4 99 14-99
  • dresden@tsp-law.com
  • Frankfurt

  • Eschersheimer Landstraße 10
  • 60322 Frankfurt/Main
  • T:+49 (0)69.95 91 35-0
  • Fx:+49 (0)69.95 91 35-30
  • frankfurt@tsp-law.com
  • Singapore

  • 80 Anson Road
  • #24-02 Fuji Xerox Towers
  • Singapore 079907
  • T:+65 65 35 31 12
  • Fx:+65 65 34 31 00
  • singapore@tsp-law.com
  • Stuttgart

  • Urbanstraße 7
  • 70182 Stuttgart
  • T:+49 (0)711.16 67-0
  • Fx:+49 (0)711.16 67-290
  • stuttgart@tsp-law.com