We, lawcode GmbH, take data protection very seriously and would like to inform you in the following data protection information about how we process your personal data and, in particular, what rights you are entitled to.
Personal data is information that can be used to identify a person, i.e. information that can be traced back to a person. This typically includes the name, e-mail address or telephone number. However, purely technical data that can be assigned to a person is also considered personal data.
lawcode GmbH
Universitätsstraße 3
56070 Koblenz
Germany
Managing Director:
Dr. Ubbo Assmus
Peter Granat
Doug Polignano
Phone: +49 261 988 03 700
For operational data protection inquiries, please contact info@lawcode.eu
Lars Ebertz on behalf of EBERTZ DATENSCHUTZ GmbH
Ober den Wiesen 17
35756 Mittenaar - Offenbach
Contact
E-mail: info@ebertz-datenschutz.de
As part of our business activities, we process the following personal data of customers and business partners in particular:
We process your personal data for the following purposes:
We process personal data for the purpose of implementing and fulfilling the contract concluded between the customer and us for the provision of the lawcode Suite or partner solution, the execution of orders in connection with the lawcode Suite or the partner solution and for the implementation of measures and activities in the context of pre-contractual relationships, e.g. with interested parties.
Data processing is carried out on the basis of Article 6(1)(b) of the General Data Protection Regulation ("GDPR"). Accordingly, data processing is lawful if the processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
We may also process your personal data if data processing is necessary to protect our legitimate interests. Data processing is carried out on the basis of Art. 6 para. 1 lit. f) GDPR. This states that data processing is lawful if the processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child. Our legitimate interests exist:
We process your personal data because we are also legally obliged to do so in some cases. In particular, tax and commercial law regulations provide for a long storage period of up to 10 years. In such cases, data processing is carried out on the basis of Art. 6 para. 1 lit. c) GDPR in conjunction with the tax and commercial (retention) regulations. According to Art. 6 para. 1 lit. c) GDPR, data processing is lawful if the processing is necessary for compliance with a legal obligation to which the controller is subject.
We only transfer personal data to third parties if there is a legal basis for this, such as in particular consent to transfer to third parties, the execution of a contract requires this, a balancing of interests justifies this or to fulfill legal requirements according to which we are obliged to provide information, report or pass on data. Otherwise, data is only transferred to external service providers who process the data exclusively on our behalf, such as our hosting provider. Within the lawcode, only those persons receive the personal data that are necessary and required for the fulfillment of tasks.
We store your personal data for the duration of our business relationship, i.e. also for the implementation of pre-contractual measures up to the complete fulfillment of a contract. In addition, we store personal data in accordance with the statutory retention obligations under commercial and tax law for 6 to 10 years, depending on requirements. Furthermore, personal data may also be stored for longer if a legal basis permits this, for example if the personal data is also required for the assertion, exercise or defense of legal claims.
We generally process your personal data within the European Union. If service providers are used who are not or not only based in the EU, the comparable level of data protection is ensured by concluding standard contractual clauses in accordance with Implementing Decision (EU) 2021/914 for the transfer of personal data to third countries in accordance with Regulation (EU) 2016/679.
You have the following rights vis-à-vis us with regard to your personal data:
You can exercise your rights, for example, by sending an e-mail to the e-mail address given in section 1 or to datenschutz@lawcode.eu.
Furthermore, you have the right to complain to a data protection supervisory authority about the processing of your personal data by us (Art. 77 GDPR). You can contact the supervisory authority at our company headquarters. You can find the address under the following link on the Internet: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html
There is no legal obligation to provide us with your personal data. However, if you wish to conclude a contract with us, we require the necessary personal data for the purpose of concluding and performing the contract. Without this necessary personal data, it is not possible to conclude and execute a contract.
As part of the application process, we process in particular the following personal data provided by you ("application data"):
We process your application data exclusively for the purpose of deciding on the establishment of an employment relationship, i.e. to carry out the entire application process with us.
The application data provided to us will be processed on the basis of Section 26 (1) BDSG. According to this, personal data of applicants within the meaning of § 26 para. BDSG may be processed for the purposes of the employment relationship if this is necessary for the decision on the establishment of an employment relationship.
If no employment relationship is established, the application data provided by you and stored by us will be deleted 6 months after notification of rejection.
If you make use of the option to withdraw your application at any time, your applicant data will be deleted immediately and completely.
The provision of your application data is voluntary. You are also not obliged to provide us with your application data. Provision is neither legally nor contractually required. However, it is necessary to process your application data in order to actually process your application.
The following data protection information (Section C.) applies in addition to all our websites. If there are any differences between the various websites, this will be indicated separately in this section.
We host the content of our website with the following provider:
Hetzner
The provider is Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen (hereinafter referred to as Hetzner).
Details can be found in Hetzner's privacy policy: https://www.hetzner.com/de/legal/privacy-policy/.
The use of Hetzner is based on Art. 6 para. 1 lit. f GDPR. We have a legitimate interest in displaying our website as reliably as possible. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) within the meaning of the TDDDG. Consent can be revoked at any time with effect for the future.
Order processing:
We have concluded a data processing agreement (DPA) for the use of the above-mentioned service. This is a contract prescribed by data protection law, which ensures that it processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.
We process personal data on the websites operated by us for the following purposes:
2.1.1 Contact form and e-mail
When you contact us (e.g. by e-mail or by using the contact form), the information you provide will be processed for the purpose of processing the inquiry and in the event that follow-up questions arise.
Data processing is carried out on the basis of Art. 6 para. 1 lit. f) GDPR. Accordingly, data processing is lawful if the processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child. Our legitimate interest lies in processing the contact. You can object to this data processing at any time if there are grounds relating to your particular situation. All you need to do is send an email to the email address given under A. Section 1 or to datenschutz@lawcode.eu.
The personal data stored in the context of contacting us will be deleted when the matter associated with the contact has been fully clarified and it is not to be expected that the specific contact will be relevant again in the future.
If you only use the website for information purposes, i.e. if you do not register or otherwise provide us with information, we only collect the personal data that your browser transmits to our server. The so-called server log files include:
This data is not merged with other personal data that you may actively provide on the website. We collect server log files for the purpose of displaying and administering the website, ensuring stability and security and detecting and preventing unauthorized access.
The personal data in log files are processed on the basis of Art. 6 para. 1 lit. f) GDPR. Accordingly, data processing is lawful if the processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.
Our "legitimate interest" is the provision of our website, easier administration and the ability to detect and track hacking. You can object to this data processing at any time if there are grounds relating to your particular situation. All you need to do is send an email to the email address given under A. Section 1 or to datenschutz@lawcode.eu.
The server log files with the above-mentioned data are automatically deleted after 7 days [EDS3] at the latest. We reserve the right to store the server log files for longer if there are facts that suggest unauthorized access (such as an attempt at hacking or a so-called DDOS attack).
We use various cookies on our website. Cookies are small text files that are stored on your hard disk, assigned to the browser you are using, and through which certain information flows to the body that sets the cookie (in this case us). Cookies cannot execute programs or transmit viruses to your computer. They are used to make the website more user-friendly, effective and easier to administer.
We use transient and persistent cookies on our website: Transient cookies are automatically deleted when you close the browser. These include session cookies in particular. These store a so-called session ID, with which various requests from your browser can be assigned to the joint session. This allows your computer to be recognized when you return to our website. The session cookies are deleted when you log out or close the browser. Persistent cookies are automatically deleted after a specified period, which may vary depending on the cookie.
Before visiting our website, you will be asked to control or manage the use of cookies by means of a cookie box (see "Borlabs cookies" below). You can also delete cookies at any time in the security settings of your browser. You can configure your browser settings according to your wishes and, for example, refuse to accept cookies. We would like to point out that you may then not be able to use all the functions of this website.
In addition to our own cookies, we also use third-party cookies on our website that help us to make our website more interesting for you. Information on the cookies, such as the purpose of the individual cookies, the data processed in each case, the providers of the cookies and the recipients of the data collected, the data protection information of third-party providers and the storage period of the respective cookie can be found on the "Cookie details" page and "Individual data protection settings" in the cookie box.
2.3.1 Essential cookies
In order to ensure the secure and trouble-free operation of the website and to be able to offer you certain functions, we store the cookies that are displayed in the cookie box under "Cookie details" and "Individual data protection settings". It is not possible to use some functions of our website without these cookies.
These cookies are stored by us on the basis of Art. 6 para. 1 lit. f) GDPR, which permits the processing of personal data within the scope of our "legitimate interests", unless your fundamental rights, freedoms or interests prevail. Our legitimate interests consist in the technically error-free and optimized provision of our website.
2.3.2 Consent with Usercentrics
This website uses the consent technology of Usercentrics to obtain your consent to the storage of certain cookies on your end device or to the use of certain technologies and to document this in compliance with data protection regulations. The provider of this technology is Usercentrics GmbH, Sendlinger Straße 7, 80331 Munich, Germany, website: https://usercentrics.com/de/ (hereinafter "Usercentrics").
When you enter our website, the following personal data is transmitted to Usercentrics:
Furthermore, Usercentrics stores a cookie in your browser in order to be able to assign the consents you have given or revoke them. The data collected in this way is stored until you ask us to delete it, delete the Usercentrics cookie yourself or the purpose for storing the data no longer applies. Mandatory statutory retention obligations remain unaffected.
Usercentrics is used to obtain the legally required consent for the use of certain technologies. The legal basis for this is Art. 6 para. 1 lit. c GDPR.
Order processing
We have concluded a data processing agreement (DPA) for the use of the above-mentioned service. This is a contract prescribed by data protection law, which ensures that it processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.
2.3.3 Hubspot CRM - Knowledge Base - Chat
We use Hubspot CRM on this website. The provider is Hubspot Inc. 25 Street, Cambridge, MA 02141 USA (hereinafter Hubspot CRM).Hubspot CRM enables us, among other things, to manage existing and potential customers and customer contacts. With the help of Hubspot CRM, we are able to record, sort and analyze customer interactions via email, social media or telephone across various channels. The personal data collected in this way can be evaluated and used for communication with potential customers or for marketing measures (e.g. newsletter mailings). With Hubspot CRM, we are also able to record and analyze the user behavior of our contacts on our website.
The use of Hubspot CRM is based on Art. 6 para. 1 lit. f GDPR. The
The website operator has a legitimate interest in the most efficient customer management and customer communication possible. If a corresponding consent has been requested (e.g. for Hubspot Chat), the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG, insofar as the consent includes the storage of cookies or access to information in the user's end device (e.g. device fingerprinting) within the meaning of the TDDDG. Consent can be revoked at any time.
Details can be found in Hubspot's privacy policy.
The company is certified in accordance with the "EU-US Data Privacy Framework" (DPF). The DPF is an agreement between the European Union and the USA that is intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this can be obtained from the provider at the following link.
Order processing
We have concluded a data processing agreement (DPA) for the use of the above-mentioned service. This is a contract prescribed by data protection law, which ensures that it processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.
2.3.4 Friendly Captcha
We use Friendly Captcha (hereinafter referred to as "Friendly Captcha") on this website. The provider is Friendly Captcha GmbH, Am Anger 3-5, 82237 Woerthsee, Germany. Friendly Captcha is used to check whether the data input on this website (e.g. in a contact form) is made by a human or by an automated program. For this purpose, Friendly Captcha analyzes the behavior of the website visitor based on various characteristics. For the analysis, Friendly Captcha evaluates various information (e.g. anonymized IP address, referrer, visit time, etc.). Further information on this can be found at: https://friendlycaptcha.com/legal/privacy-end-users/. The data is stored and analyzed on the basis of Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in protecting its website from abusive automated spying and SPAM. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) within the meaning of the TDDDG. Consent can be revoked at any time. Order processing We have concluded an order processing contract (AVV) for the use of the above-mentioned service. This is a contract prescribed by data protection law, which ensures that the personal data of our website visitors is only processed in accordance with our instructions.
instructions and in compliance with the GDPR.
2.3.5 Google Analytics
This website uses functions of the web analysis service Google Analytics. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.
Google Analytics enables the website operator to analyze the behavior of website visitors. The website operator receives various usage data, such as page views, length of visit, operating systems used and origin of the user. This data is assigned to the user's end device. It is not assigned to a user ID.
We can also use Google Analytics to record your mouse and scroll movements and clicks, among other things. Google Analytics also uses various modeling approaches to supplement the collected data records and uses machine learning technologies for data analysis.
Google Analytics uses technologies that enable the recognition of the user for the purpose of analyzing user behavior (e.g. cookies or device fingerprinting). The information collected by Google about the use of this website is generally transmitted to a Google server in the USA and stored there.
The use of this service is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG. Consent can be revoked at any time.
Data transfer to the USA is based on the standard contractual clauses of the EU Commission.
Details can be found here: https://privacy.google.com/businesses/controllerterms/mccs/.
The company is certified in accordance with the "EU-US Data Privacy Framework" (DPF). The DPF is an agreement between the European Union and the USA, which is intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/participant/5780.
IP anonymization
Google Analytics IP anonymization is activated. As a result, your IP address will be shortened by Google within member states of the European Union or in other signatory states to the Agreement on the European Economic Area before being transmitted to the USA. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. Google will use this information on behalf of the operator of this website for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.
Browser plugin
You can prevent the collection and processing of your data by Google by downloading and installing the browser plug-in available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de.
You can find more information on how Google Analytics handles user data in Google's privacy policy: https://support.google.com/analytics/answer/6004245?hl=de.
Order processing
We have concluded an order processing contract with Google and fully implement the strict requirements of the German data protection authorities when using Google Analytics.
2.3.6 Google Tag Manager
We use the Google Tag Manager. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
The Google Tag Manager is a tool that we use to implement tracking or statistics tools and other
technologies on our website. The Google Tag Manager itself does not create
user profiles, does not store any cookies and does not carry out any independent analyses. It only serves the
Management and display of the tools integrated via it. However, Google Tag Manager records your IP address, which may also be transmitted to Google's parent company in the United States.
The Google Tag Manager is used on the basis of Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the fast and uncomplicated integration and management of various tools on its website. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1
TDDDG, insofar as the consent includes the storage of cookies or access to information in the user's end device (e.g. device fingerprinting) within the meaning of the TDDDG. Consent can be revoked at any time.
The company is certified in accordance with the "EU-US Data Privacy Framework" (DPF). The DPF is an agreement between the European Union and the USA that is intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this can be obtained from the provider at the following link.
2.3.7 Clarity
This website uses Clarity. The provider is Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland, https://learn.microsoft.com/en-us/clarity/faq (hereinafter referred to as "Clarity").
Clarity is a tool for analyzing user behavior on this website. In particular, Clarity records mouse movements and creates a graphical representation of which part of the website users scroll to most frequently (heat maps). Clarity can also record sessions so that we can view page usage in the form of videos. We also receive information about general user behavior within our website.
Clarity uses technologies that enable the recognition of the user for the purpose of analyzing user behavior (e.g. cookies or the use of device fingerprinting). Your personal data is stored on Microsoft servers (Microsoft Azure Cloud Service) in the USA.
If consent has been obtained, the above-mentioned service is used exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 TDDDG. Consent can be revoked at any time. If consent has not been obtained, this service is used on the basis of Art. 6 para. 1 lit. f GDPR; the website operator has a legitimate interest in effective user analysis.
Further details on Clarity's data protection can be found here.
The company is certified in accordance with the "EU-US Data Privacy Framework" (DPF). The DPF is an agreement between the European Union and the USA that is intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this can be obtained from the provider at the following link.
Order processing
We have concluded a data processing agreement (DPA) for the use of the above-mentioned service. This is a contract prescribed by data protection law, which ensures that it processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.
2.3.8 Meta Pixel (formerly Facebook Pixel)
This website uses the visitor action pixel from Meta to measure conversions. Provider of this
service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. However, according to Meta, the data collected is also transferred to the USA and other third countries.
In this way, the behavior of site visitors can be tracked after they have clicked on a meta
advertisement were redirected to the provider's website. This allows the effectiveness of the meta advertisements to be evaluated for statistical and market research purposes and future advertising measures to be optimized.
The data collected is anonymous to us as the operator of this website; we cannot draw any conclusions about the identity of the user. However, the data is stored and processed by Meta so that a connection to the respective user profile on Facebook or Instagram is possible and Meta can use the data for its own advertising purposes in accordance with the Meta Data Usage Policy ( https://de-de.facebook.com/about/privacy/). This enables Meta to place advertisements on Facebook or Instagram pages and other advertising channels. This use of the data cannot be influenced by us as the website operator.
The use of this service is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG. Consent can be revoked at any time.
We use the advanced matching function within the meta pixels.
The extended comparison enables us to compare different types of data (e.g. place of residence, federal state,
postal code, hashed email addresses, name, gender, date of birth or telephone number) of our customers and interested parties that we collect via our website to Meta. This allows us to tailor our advertising campaigns on Facebook and Instagram even more precisely to people who are interested in our offers. In addition, the extended comparison improves the allocation of website conversions and expands custom audiences.
Insofar as personal data is collected on our website with the help of the tool described here and forwarded to Meta, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland are jointly responsible for this data processing (Art. 26 GDPR). The joint responsibility is limited exclusively to the collection of the data and its transfer to Meta. The processing carried out by Meta after forwarding is not part of the joint responsibility. The obligations incumbent on us jointly have been set out in a joint processing agreement. The wording of the agreement can be found here.
According to this agreement, we are responsible for providing the data protection information when using the Meta tool and for the secure implementation of the tool on our website in accordance with data protection law. Meta is responsible for the data security of the Meta products. You can assert data subject rights (e.g. requests for information) regarding the data processed by Facebook or Instagram directly with Meta. If you assert your data subject rights with us, we are obliged to forward them to Meta.
Data transfer to the USA is based on the standard contractual clauses of the EU Commission.
Details can be found here and here.
You will find further information on the protection of your privacy in Meta's data protection information.
You can also deactivate the remarketing function "Custom Audiences" in the Ads Settings section . You must be logged in to Facebook to do this.
If you do not have a Facebook or Instagram account, you can deactivate usage-based advertising from Meta on the website of the European Interactive Digital Advertising Alliance: http://www.youronlinechoices.com/de/praferenzmanagement/.
The company is certified in accordance with the "EU-US Data Privacy Framework" (DPF). The DPF is an agreement between the European Union and the USA that is intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this can be obtained from the provider at the following link.
2.3.9 Matomo
This website uses the open source web analysis service Matomo.
With the help of Matomo, we are able to collect data about the use of our website by users.
to record and analyze website visitors. This enables us to find out, among other things, when which
page views and which region they come from. We also record various log files (e.g. IP address, referrer, browser and operating system used) and can measure whether our website visitors perform certain actions (e.g. clicks, purchases, etc.).
The use of this analysis tool is based on Art. 6 para. 1 lit. f GDPR. The
The website operator has a legitimate interest in analyzing user behavior in order to optimize both its website and its advertising. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) within the meaning of the TDDDG. Consent can be revoked at any time.
IP anonymization
We use IP anonymization for the analysis with Matomo. Your IP address is shortened before the analysis so that it can no longer be clearly assigned to you.
Cookieless analysis
We have configured Matomo so that Matomo does not store any cookies in your browser.
Hosting
We host Matomo exclusively on our own servers so that all analysis data remains with us and is not passed on.
2.3.10. LinkedIn Insight Tag
We use the "LinkedIn Insight Tag" conversion tool so that we can improve our website offering. It allows us to display targeted advertising outside our website without identifying you as a user of our website. This tool creates a cookie in your web browser, which enables the collection of the following data, among others: IP address, device and browser properties and page events (e.g. page views). This data is encrypted, anonymized within seven days and the anonymized data is deleted within 90 days. This tool is provided by LinkedIn Ireland Unlimited Company ("LinkedIn"). LinkedIn does not transmit any personal data to us. LinkedIn only provides us with anonymized reports on the website target group and display performance. LinkedIn offers the option of retargeting.
You can find more information on data protection at LinkedIn in LinkedIn's privacy policy.
Data processing as part of the "LinkedIn Insight Tag" conversion tool only takes place if you give us your consent to do so. The legal basis for this data processing is Art. 6 para. 1 lit. a) GDPR, which permits the processing of personal data with the consent of the data subject.
LinkedIn members can control the use of their personal data for advertising purposes in their account settings. To deactivate the Insight tag on our website again or to withdraw your consent, please do so via our cookie settings.
2.3.11. Microsoft UET tag
We use the Microsoft Advertising service provided by Microsoft Ireland Operations Limited (Ireland/EU) on our website. This is an online marketing service that uses the Universal Event Tracking (UET) tool to help us display targeted advertisements via the Microsoft Bing search engine. Microsoft Advertising uses cookies for this purpose. Personal data is processed in the form of online identifiers (including cookie identifiers), IP addresses, device identifiers and information about device and browser settings.
The purpose of using Microsoft Advertising is to optimize the display of advertisements. Further information on these processing activities, the technologies used, stored data and the storage period can be found in the settings of our Consent Management Tool. Processing only takes place on the basis of consent in accordance with Art. 6 para. 1 lit. a GDPR. Consent via our Consent Management Tool can be revoked at any time with effect for the future.
Further information on data protection at Microsoft can be found in Microsoft's privacy policy.
2.3.12. Visual Website Optimizer
We use the web analysis service Visual Website Optimizer ("VWO") for our website, operated by Wingfy (14th Floor, KLJ Tower North, Netaji Subhash Place, Pitam Pura, Delhi 110034, India). With the help of VWO, pseudonymized visitor data is collected, evaluated and stored on the basis of our legitimate interest in the statistical analysis of user behaviour for optimization and marketing purposes. We use VWO to create user tests to optimize and further develop our website. VWO analyzes static data about the use of our website. The tool is also used as an A/B test tool. Data such as the number of visitors, click behavior and the average active dwell time of website users are assigned to the corresponding test variants. VWO uses cookies which, among other things, serve to recognize the visitor's browser and thus enable a more precise determination of the statistical data. The information generated by the cookie about your use of this website is usually transferred to Visual Website Optimizer servers and stored there. The data is stored centrally in Google Cloud Platform data centers in the USA. The user's IP address is included in the information collected, but is pseudonymized immediately after collection and before it is stored in order to exclude any personal reference. In order to object to the collection and storage of your pseudonymized data in the future, you can obtain an opt-out cookie from VWO under the following link, which means that no visitor data from your browser will be collected and stored by VWO in the future: https://vwo.com/opt-out/.
The opt-out cookie is set by VWO. You can find more information about data protection here.
We process the information you enter on our website www.lawcode.eu in order to send you newsletters with news about the lawcode Suite and the topics of compliance, LkSG and CSRD. To register, it is sufficient to enter an e-mail address. The other details, such as your first name, surname and gender, are voluntary and are used to personalize the newsletter.
To register for our newsletter, we will send you an e-mail to the e-mail address you entered after you register on our website, in which we ask you to confirm your registration by clicking on the link provided. Only after this confirmation are you registered for the newsletter and you will receive our newsletter from then on (so-called double opt-in procedure). This double opt-in procedure is necessary so that no third party can register with a third-party e-mail address. If you do not confirm your registration within 24 hours, the data you have entered will be deleted. We also store the IP addresses you use and the times of registration and confirmation. The purpose of this procedure is to be able to prove your registration and, if necessary, to clarify any possible misuse of your personal data.
This data processing is only carried out on the basis of your consent, which you have given by fully subscribing to the newsletter. According to Art. 6 UAbs. 1 lit. a) i.V.m. Art. 7 GDPR, data processing is permitted if you have given your consent to data processing for one or more specific purposes. In addition, the sending of the newsletter is based on Section 7 (2) No. 3 UWG.
The registration data is stored on the basis of Art. 6 para. 1 lit. f) GDPR. Our legitimate interest lies in the proof of consent to the sending of the newsletter.
You can revoke your consent to receive the newsletter and information at any time. To do so, you can click on the unsubscribe link at the end of a newsletter sent to you. In addition, you can send an email to the email address given in section 1 or to datenschutz@lawcode.eu. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
The personal data stored as part of the newsletter registration will be deleted if you have successfully unsubscribed from the newsletter or have withdrawn your consent.
The provision of your personal data on this website is generally not required by law or contract. You are not obliged to provide personal data on this website unless we indicate this in individual cases in this data protection notice. Nevertheless, the provision of the functions of this website and its implementation require the processing of your personal data.
We maintain company pages on social networks such as LinkedIn, Xing, Facebook, Instagram, TikTok and YouTube. On these company pages, we offer interested parties, business partners and customers information about the lawcode Suite and the topics of compliance, LkSG and CSRD. We would like to point out that the terms of use and data protection notices of the respective service providers of the social networks apply to the use of these social networks. If you contact us via such social networks and provide us with your personal data, the information provided in this privacy policy applies to further data processing.
Our social media presence
This privacy policy applies to the following social media sites
Data processing by social networks
We maintain publicly accessible profiles on social networks. The individual social networks we use are listed below.
Social networks such as Facebook, X etc. can generally analyze your user behavior comprehensively when you visit their website or a website with integrated social media content (e.g. like buttons or advertising banners). Visiting our social media presences triggers numerous data protection-relevant processing operations. In detail:
If you are logged into your social media account and visit our social media presence, the operator of the social media portal can assign this visit to your user account. However, your personal data may also be collected if you are not logged in or do not have an account with the respective social media portal. In this case, this data is collected, for example, via cookies that are stored on your device or by recording your IP address.
With the help of the data collected in this way, the operators of the social media portals can create user profiles in which your preferences and interests are stored. In this way, interest-based advertising can be displayed to you inside and outside the respective social media presence. If you have an account with the respective social network, the interest-based advertising can be displayed on all devices on which you are logged in or were logged in.
Please also note that we cannot track all processing operations on the social media portals. Depending on the provider, further processing operations may therefore be carried out by the operators of the social media portals. For details, please refer to the terms of use and data protection provisions of the respective social media portals.
Legal basis
Our social media presences are intended to ensure the widest possible presence on the Internet. This is a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. The data collected by the social
The analysis processes initiated by the social networks may be based on different legal bases, which must be specified by the operators of the social networks (e.g. consent within the meaning of Art. 6 para. 1 lit. a GDPR).
Responsible party and assertion of rights
If you visit one of our social media sites (e.g. Facebook), we are jointly responsible with the operator of the social media platform for the data processing operations triggered during this visit. You can assert your rights (information, rectification, erasure, restriction of processing, data portability and complaint) both against us and against the operator of the respective social media portal (e.g. Facebook).
Please note that, despite our joint responsibility with the social media portal operators, we do not have full control over the data processing operations of the social media portals. Our options are largely determined by the corporate policy of the respective provider.
Storage duration
The data collected directly by us via the social media presence will be deleted from our systems as soon as you ask us to delete it, revoke your consent to storage or the purpose for data storage no longer applies. Stored cookies remain on your end device until you delete them. Mandatory statutory provisions - in particular retention periods - remain unaffected.
We have no influence on the storage period of your data that is stored by the operators of the social networks for their own purposes. For details, please contact the operators of the social networks directly (e.g. in their privacy policies, see below).
Your rights
You have the right at any time to request information free of charge about the origin, recipient and purpose of your
personal data stored by us. You also have the right to object, to
data portability and a right to lodge a complaint with the competent supervisory authority. You can also request the rectification, blocking, erasure and, under certain circumstances, the restriction of the processing of your personal data.
Social networks in detail
We have a profile on Facebook. The provider of this service is Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland (hereinafter referred to as Meta). According to Meta, the data collected is also transferred to the USA and other third countries.
We have entered into a joint processing agreement (Controller Addendum) with Meta. This agreement specifies which data processing operations we or Meta are responsible for when you visit our Facebook page. You can view this agreement at this link:
You can adjust your advertising settings yourself in your user account. To do this, click on the following link and log in: https://www.facebook.com/settings?tab=ads.
Data transfer to the USA is based on the standard contractual clauses of the EU Commission.
Details can be found here:
https://www.facebook.com/legal/EU_data_transfer_addendum and https://de-de.facebook.com/help/566994660333381.
Details can be found in Facebook's privacy policy: https://www.facebook.com/about/privacy/.
The company is certified in accordance with the "EU-US Data Privacy Framework" (DPF). The DPF is an agreement between the European Union and the USA that is intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this can be obtained from the provider at the following link:
https://www.dataprivacyframework.gov/participant/4452
We have a profile on Instagram. The provider of this service is Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland.
Data transfer to the USA is based on the standard contractual clauses of the EU Commission.
Details can be found here:
https://www.facebook.com/legal/EU_data_transfer_addendum and https://de-de.facebook.com/help/566994660333381.
Details on how they handle your personal data can be found in Instagram's privacy policy: https://privacycenter.instagram.com/policy/.
The company is certified in accordance with the "EU-US Data Privacy Framework" (DPF). The DPF is an agreement between the European Union and the USA that is intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this can be obtained from the provider at the following link:
https://www.dataprivacyframework.gov/participant/4452
We have a profile on LinkedIn. The provider is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland. LinkedIn uses advertising cookies.
If you wish to deactivate LinkedIn advertising cookies, please use the following link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
Data transfer to the USA is based on the standard contractual clauses of the EU Commission. You can find details here:
https://www.linkedin.com/legal/l/dpa and https://www.linkedin.com/legal/l/eu-sccs.
Details on how they handle your personal data can be found in LinkedIn's privacy policy: https://www.linkedin.com/legal/privacy-policy.
The company is certified in accordance with the "EU-US Data Privacy Framework" (DPF). The DPF is an agreement between the European Union and the USA that is intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this can be obtained from the provider at the following link:
https://www.dataprivacyframework.gov/participant/5448
YouTube
We have a profile on YouTube. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Details on how they handle your personal data can be found in YouTube's privacy policy: https://policies.google.com/privacy?hl=de.
The company is certified in accordance with the "EU-US Data Privacy Framework" (DPF). The DPF is an agreement between the European Union and the USA that is intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this can be obtained from the provider at the following link:
https://www.dataprivacyframework.gov/participant/5780
TikTok
We have a profile on TikTok. The provider is TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland. Details on how they handle your personal data can be found in TikTok's privacy policy: https://www.tiktok.com/legal/privacy-policy?lang=de.
Data transfer to non-secure third countries is based on the standard contractual clauses of the EU Commission. Details can be found here: