Our privacy policy

We, lawcode GmbH, take data protection very seriously and would like to inform you in the following data protection information about how we process your personal data and in particular what rights you are entitled to.

Personal data is information that can be used to identify a person, i.e. information that can be traced back to a person. This typically includes the name, e-mail address or telephone number. However, purely technical data that can be assigned to a person is also considered personal data.

A. Data protection information of lawcode GmbH

1. contact details of the person responsible / data protection officer

1.1 Contact details of the person responsible

lawcode GmbH
Universitätsstraße 3
56070 Koblenz
Germany

Managing Director:
Dr. Ubbo Aßmus
Patrick Diede
Lukas Hoffmann
Dominik Lienen

Phone: +49 261 988 03 700

For operational data protection inquiries, please contact datenschutz@lawcode.eu

1.2 Contact details of the data protection officer

esquilin GmbH

Joerg Weiss

Max-Beckmann-Weg 65

65428 Rüsselsheim am Main

E-mail: dpo@lawcode.eu

  1. Data to be processed and data categories
    As part of our business activities, we process the following personal data of customers and business partners in particular:
  1. Purposes of data processing and legal basis
    We process your personal data for the following purposes:

3.1 Data processing for contract fulfillment
We process personal data for the purpose of implementing and fulfilling the contract concluded between the customer and us for the provision of the lawcode Suite or ombuds solution, the execution of orders in connection with the lawcode Suite or the ombuds solution and for the implementation of measures and activities in the context of pre-contractual relationships, e.g. with interested parties.

Data processing is carried out on the basis of Article 6(1)(b) of the General Data Protection Regulation ("GDPR"). Accordingly, data processing is lawful if the processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.

3.2 Data processing within the legitimate interests
We may also process your personal data if data processing is necessary to protect our legitimate interests. Data processing is carried out on the basis of Art. 6 para. 1 lit. f) GDPR. Accordingly, data processing is lawful if processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child. Our legitimate interests exist:

3.3 Data processing to fulfill legal obligations
We process your personal data because we are also legally obliged to do so in some cases. In particular, tax and commercial law regulations provide for a long storage period of up to 10 years. In such cases, data processing is carried out on the basis of Art. 6 para. 1 lit. c) GDPR in conjunction with the tax and commercial (retention) regulations. According to Art. 6 para. 1 lit. c) GDPR, data processing is lawful if the processing is necessary for compliance with a legal obligation to which the controller is subject.

  1. Recipients or categories of recipients of your data
    We only transfer personal data to third parties if there is a legal basis for this, such as in particular consent to transfer to third parties, the execution of a contract requires this, a balancing of interests justifies this or to fulfill legal requirements according to which we are obliged to provide information, report or pass on data. Otherwise, data is only transferred to external service providers who process the data exclusively on our behalf, such as our hosting provider. Within the lawcode, only those persons receive the personal data that are necessary and required for the fulfillment of tasks.
  2. Duration of storage of personal data
    We store your personal data for the duration of our business relationship, i.e. also for the implementation of pre-contractual measures up to the complete fulfillment of a contract. In addition, we store personal data in accordance with the statutory retention obligations under commercial and tax law for a period of 6 to 10 years, depending on requirements. Furthermore, personal data may also be stored for longer if a legal basis permits this, for example if the personal data is also required for the assertion, exercise or defense of legal claims.
  3. Data processing within the European Union
    We process your personal data exclusively within the European Union.
  4. Your rights

You have the following rights vis-à-vis us with regard to your personal data:

You can exercise your rights, for example, by sending an e-mail to the e-mail address given in section 1 or to datenschutz@lawcode.eu.

Furthermore, you have the right to complain to a data protection supervisory authority about the processing of your personal data by us (Art. 77 GDPR). You can contact the supervisory authority at our company headquarters. You can find the address under the following link on the Internet: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html

  1. Your obligation to provide personal data (Art. 13 para. 2 lit. e) GDPR)
    There is no legal obligation to provide us with your personal data. However, if you wish to conclude a contract with us, we require the necessary personal data for the purpose of concluding and performing the contract. Without this necessary personal data, it is not possible to conclude and execute a contract.

B. Supplementary data protection information for applications / application data

  1. Data to be processed and data categories

As part of the application process, we process in particular the following personal data provided by you ("application data"):

  1. Purposes of data processing and legal basis

We process your application data exclusively for the purpose of deciding on the establishment of an employment relationship, i.e. to carry out the entire application process with us.

The application data provided to us will be processed on the basis of §\xa026 para.\xa01 sentence\xa01 BDSG. According to this, personal data of applicants within the meaning of §\xa026 para.\xa08 sentence\xa02 BDSG may be processed for the purposes of the employment relationship if this is necessary for the decision on the establishment of an employment relationship.

  1. Duration of storage of personal data

If no employment relationship is established, the application data provided by you and stored by us will be deleted 6\xa0months after notification of rejection.

If you make use of the option to withdraw your application at any time, your applicant data will be deleted immediately and completely.

  1. Information pursuant to Art. 13 para. 2 lit. e GDPR

The provision of your application data is voluntary. You are also not obliged to provide us with your application data. Provision is neither legally nor contractually required. However, it is necessary to process your application data in order to actually process your application.

C. Supplementary data protection information for our website www.lawcode.eu

  1. Purposes of data processing, legal basis and duration of data storage
    We process personal data on our website www.lawcode.eu for the following purposes:

1.1 Contact

1.1.1 Contact form and e-mail
When you contact us (for example by e-mail or by using the contact form), the information you provide will be processed for the purpose of processing the request and in the event that follow-up questions arise.

Data processing is carried out on the basis of Art. 6 para. 1 lit. f) GDPR. Accordingly, data processing is lawful if the processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child. Our legitimate interest lies in processing the contact. You can object to this data processing at any time if there are grounds relating to your particular situation. All you need to do is send an email to the email address given under A. Section 1 or to datenschutz@lawcode.eu.

The personal data stored in the context of contacting us will be deleted when the matter associated with the contact has been fully clarified and it is not to be expected that the specific contact will be relevant again in the future.

1.1.2 Chat (Freshchat)
We use the Freshchat tool as a communication tool on our website. As a user of our website, you can use it to get in touch with us about the lawcode suite and make inquiries. We can respond immediately or chat with you via this chat or communication tool.

Freshworks GmbH (Freshworks), Neue Grünstraße 17, 10179 Berlin, a provider of a chat tool Freshworks automatically processes the chat session data required to provide the chat service with the requesting party when the chat tool is used. On our behalf, Freshworks will carry out analyses to improve our website offering, our lawcode suite and our service and provide us with statistics. In this respect, Freshworks acts as our processor in accordance with Art. 28 GDPR.

Data processing is carried out on the basis of Art. 6 para. 1 lit. f) GDPR. According to this, data processing is lawful if the processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child. Our legitimate interest lies in the processing of contact via the chat. In addition, our legitimate interest in processing data for the purpose of statistical analysis is to be able to improve our website offering. You can object to this data processing at any time if there are reasons relating to your particular situation. All you need to do is send an email to the email address given under A. Section 1 or to datenschutz@lawcode.eu.

The personal data stored in the context of contacting us will be deleted when the matter associated with the contact has been fully clarified and it is not to be expected that the specific contact will be relevant again in the future.
Further information on the chat service can be found at https://www.freshworks.com/de/cookie-liste/, further information on data protection in the privacy policy at https://www.freshworks.com/de/datenschutz/.

1.2 Server log files
When you use the website for information purposes only, i.e. if you do not register or otherwise provide us with information, we only collect the personal data that your browser transmits to our server. The so-called server log files include:

This data is not merged with other personal data that you may actively provide on the website. We collect server log files for the purpose of displaying and administering the website, ensuring stability and security and detecting and preventing unauthorized access.

The personal data in log files are processed on the basis of Art. 6 para. 1 lit. f) GDPR. According to this, data processing is lawful if the processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.

Our "legitimate interest" is the provision of our website, easier administration and the ability to detect and track hacking. You can object to this data processing at any time if there are grounds relating to your particular situation. All you need to do is send an email to the email address given under A. Section 1 or to datenschutz@lawcode.eu.

The server log files with the above-mentioned data are automatically deleted after 7 days at the latest. We reserve the right to store the server log files for longer if there are facts that suggest unauthorized access (such as an attempt at hacking or a so-called DDOS attack).

1.3 Cookies
We use various cookies on our website. Cookies are small text files that are stored on your hard disk, assigned to the browser you are using, and through which certain information flows to the body that sets the cookie (in this case us). Cookies cannot execute programs or transmit viruses to your computer. They are used to make the website more user-friendly, effective and easier to administer.

We use transient and persistent cookies on our website: Transient cookies are automatically deleted when you close the browser. These include session cookies in particular. These store a so-called session ID, with which various requests from your browser can be assigned to the joint session. This allows your computer to be recognized when you return to our website. The session cookies are deleted when you log out or close the browser. Persistent cookies are automatically deleted after a specified period, which may vary depending on the cookie.

Before visiting our website, you will be asked to control or manage the use of cookies by means of a cookie box (see "Borlabs cookies" below). You can also delete cookies at any time in the security settings of your browser. You can configure your browser settings according to your wishes and, for example, refuse to accept cookies. We would like to point out that you may then not be able to use all the functions of this website.

In addition to our own cookies, we also use third-party cookies on our website that help us to make our website more interesting for you. Information on the cookies, such as the purpose of the individual cookies, the data processed in each case, the providers of the cookies and the recipients of the data collected, the data protection information of third-party providers and the storage period of the respective cookie can be found on the "Cookie details" page and "Individual data protection settings" in the cookie box.

1.3.1 Borlabs Cookie
We use a so-called Borlabs cookie on our website. This cookie is a tool for managing the use of first-party cookies and third-party cookies. You can use this "cookie banner" or "cookie box" to control the use of cookies before you visit our website.

The Borlabs cookie stores the settings of the visitors to our website that you have selected in the cookie box for a period of 1 year. Your IP address is not stored. Beyond this, we only process the stored data for statistical evaluations.

The processing of user data within the scope of this paragraph is based on legitimate interests in accordance with Art. 6 para. 1 lit. f) GDPR. Accordingly, data processing is lawful if the processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.

Our "legitimate interest" lies in the legally compliant implementation of the provisions of the GDPR for the use of cookies on our website. The use of various cookies, for example third-party or marketing cookies, requires the prior express consent of the website user. The Borlabs cookie is intended to implement these requirements accordingly.

We also have a legitimate interest in statistical analysis for the purpose of improving our website.
You can object to this data processing at any time if there are grounds relating to your particular situation. All you need to do is send an email to the email address given under A. Section 1 or to datenschutz@lawcode.eu.

1.3.2 Essential cookies
In order to ensure the secure and trouble-free operation of the website and to be able to offer you certain functions, we store the cookies that are displayed in the cookie box under "Cookie details" and "Individual data protection settings". It is not possible to use some functions of our website without these cookies.

These cookies are stored by us on the basis of Art. 6 para. 1 lit. f) GDPR, which permits the processing of personal data within the scope of our "legitimate interests", unless your fundamental rights, freedoms or interests prevail. Our legitimate interests consist in the technically error-free and optimized provision of our website.

1.3.3 Google Analytics (statistics)
We use Google Analytics to regularly analyze and evaluate the use of our website. We can use the statistics obtained to make our website and its offers more needs-based, user-friendly, effective and interesting and thus continuously improve and optimize them. Further information on data processing and the storage period in the context of Google Analytics can be found under "Cookie details" and "Individual data protection settings" in the cookie box.

Google Analytics is a web analytics service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google"). Google Analytics uses methods that enable your use of the website to be analyzed, such as cookies. The information collected by Google Analytics about the use of this website is generally transmitted to a Google server in the USA and stored there. By activating IP anonymization on this website, your IP address will be truncated by Google within the member states of the European Union or in other states party to the Agreement on the European Economic Area before being transmitted to the USA. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. Google will use this information on our behalf to evaluate your use of the website, to compile reports on website activity and to provide us with other services relating to website activity and internet usage. In this respect, Google acts as our processor in accordance with Art. 28 GDPR. For the exceptional cases in which personal data is transferred to the USA, Google has submitted to the EU-US Privacy Shield (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).

Data processing in the context of Google Analytics only takes place if you give us your consent to do so. The legal basis for the use of Google Analytics is Art. 6 para. 1 lit. a) GDPR, which permits the processing of personal data with the consent of the data subject.

Once you have given your consent, you can stop Google Analytics from collecting data at any time by withdrawing your consent.
You can find further information on the terms of use of Google Analytics at http://www.google.com/analytics/terms/de.html, and further information on data protection in Google's privacy policy at https://policies.google.com/privacy?hl=de.

1.3.4 Recaptcha v3
We use the Google service reCaptcha (version 3) to determine whether a human or a computer or bot makes a certain entry in our contact or newsletter form. Further information on data processing and the storage period in the context of Recaptcha can be found under "Cookie details" and "Individual data protection settings" in the cookie box.

Google reCaptcha is a service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google").Google uses the following data to verify whether you are a human or a computer or bot. Google uses the following data to verify whether you are a human being or a computer or bot: the IP address of the end device used, our website that you visit and on which Google reCaptcha is integrated, the date and duration of the visit, the identification data of the browser and operating system type used, a Google account if you are logged in to Google, mouse movements on the reCaptcha areas and website behavior.

The data collected by Google reCaptcha is generally transmitted to a Google server in the USA and stored there. By activating IP anonymization on this website, your IP address will be truncated by Google within the member states of the European Union or in other states party to the Agreement on the European Economic Area before being transmitted to the USA. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. Google will use this information on our behalf to evaluate the use of the website and to provide us with statistics on suspected cases of computer or bots. In this respect, Google acts as our processor in accordance with Art. 28 GDPR. For the exceptional cases in which personal data is transferred to the USA, Google has submitted to the EU-US Privacy Shield (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).

These cookies are stored by us on the basis of Art. 6 para. 1 lit. f) GDPR, which permits the processing of personal data within the scope of our "legitimate interests", unless your fundamental rights, freedoms or interests prevail. Our legitimate interest is to ensure the IT security of our website and to protect us from automated input from computers or bots (IT security).

Further information on Google reCaptcha can be found at https://www.google.com/recaptcha/, further information on data protection can be found in Google's privacy policy at https://policies.google.com/privacy?hl=de.

1.3.5 Hotjar
We use the Hotjar cookie to evaluate user behavior on our website so that we can improve our website offering. Hotjar can be used, for example, to store and analyze your mouse movements and clicks. This enables us to analyze which areas of our website tend to be clicked on and viewed by users and for how long. Areas of the websites in which personal data about you or third parties is displayed are automatically hidden by Hotjar and are therefore not traceable at any time. Furthermore, Hotjar makes it possible to determine at which point you canceled the information you entered in our contact form.

Hotjar can also be used to obtain direct feedback from website visitors. This function serves to improve the website operator's web offerings.

Hotjar is a service provided by Hotjar Ltd, Dragonara Business Centre, 5th Floor, Dragonara Road, Paceville St Julian's STJ 141 Malta, Europe. We have concluded an order processing contract with Hotjar, according to which Hotjar only processes the data on our behalf.

Data processing in the context of Hotjar only takes place if you give us your consent to do so. The legal basis for data processing is Art. 6 para. 1 lit. a) GDPR, which permits the processing of personal data with the consent of the data subject. Once you have given your consent, you can stop Hotjar processing your data at any time by withdrawing your consent. You can find more information about Hotjar at www.hotjar.com. You can also deactivate data processing by Hotjar by following the instructions on the following link: https://www.hotjar.com/privacy/do-not-track/. You can find more information about Hotjar at https://www.hotjar.com/privacy/.

Hotjar cookies are stored on your end device until you delete them. The stored data will be deleted after 12 months at the latest.

1.3.6 LinkedIn Insight Tag

We use the "LinkedIn Insight Tag" conversion tool so that we can improve our website offering. It allows us to display targeted advertising outside our website without identifying you as a user of our website. This tool creates a cookie in your web browser, which enables the collection of the following data, among others: IP address, device and browser properties and page events (e.g. page views). This data is encrypted, anonymized within seven days and the anonymized data is deleted within 90 days. This tool is provided by LinkedIn Ireland Unlimited Company ("LinkedIn"). LinkedIn does not transmit any personal data to us. LinkedIn only provides us with anonymized reports on the website target group and display performance. LinkedIn offers the option of retargeting.

You can find more information on data protection at LinkedIn in LinkedIn's privacy policy.

Data processing as part of the "LinkedIn Insight Tag" conversion tool only takes place if you give us your consent to do so. The legal basis for this data processing is Art. 6 para. 1 lit. a) GDPR, which permits the processing of personal data with the consent of the data subject.

LinkedIn members can control the use of their personal data for advertising purposes in their account settings. To deactivate the Insight tag on our website again or to withdraw your consent, please do so via our cookie settings.

1.3.7 Microsoft UET tag

We use the Microsoft Advertising service provided by Microsoft Ireland Operations Limited (Ireland/EU) on our website. This is an online marketing service that uses the Universal Event Tracking (UET) tool to help us display targeted advertisements via the Microsoft Bing search engine. Microsoft Advertising uses cookies for this purpose. Personal data is processed in the form of online identifiers (including cookie identifiers), IP addresses, device identifiers and information about device and browser settings.

The purpose of using Microsoft Advertising is to optimize the display of advertisements. Further information on these processing activities, the technologies used, stored data and the storage period can be found in the settings of our Consent Management Tool. Processing only takes place on the basis of consent in accordance with Art. 6 para. 1 lit. a GDPR. Consent via our Consent Management Tool can be revoked at any time with effect for the future.

Further information on data protection at Microsoft can be found in Microsoft's data protection information at https://privacy.microsoft.com/de-de/privacystatement.

1.4 Newsletter
We process the information you enter on our website www.lawcode.eu in order to send you newsletters with news about the lawcode Suite and the topics of compliance, LkSG and CSRD. To register, it is sufficient to enter an e-mail address. The other details, such as your first name, surname and gender, are voluntary and are used to personalize the newsletter.

To register for our newsletter, we will send you an e-mail to the e-mail address you have entered after you have registered on our website, in which we will ask you to confirm your registration by clicking on the link provided. Only after this confirmation are you registered for the newsletter and you will receive our newsletter from then on (so-called double opt-in procedure). This double opt-in procedure is necessary so that no third party can register with a third-party e-mail address. If you do not confirm your registration within 24 hours, the data you have entered will be deleted. In addition, we store the IP addresses you use and the times of registration and confirmation. The purpose of this procedure is to be able to prove your registration and, if necessary, to clarify any possible misuse of your personal data.

This data processing only takes place on the basis of your consent, which you have given by fully subscribing to the newsletter. According to Art. 6 UAbs. 1 lit. a) i.V.m. Art. 7 GDPR, data processing is permitted if you have given your consent to data processing for one or more specific purposes. In addition, the sending of the newsletter is based on Section 7 (2) No. 3 UWG.

The registration data is stored on the basis of Art. 6 para. 1 lit. f) GDPR. Our legitimate interest lies in the proof of consent to the sending of the newsletter.

You can revoke your consent to receive the newsletter and the information at any time. To do so, you can click on the unsubscribe link at the end of a newsletter sent to you. In addition, you can send an email to the email address given in section 1 or to datenschutz@lawcode.eu. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

The personal data stored as part of the newsletter registration will be deleted if you have successfully unsubscribed from the newsletter or have withdrawn your consent.

  1. Your obligation to provide personal data (Art. 13 (2) (e) GDPR)
    The provision of your personal data on this website is generally not required by law or contract. You are not obliged to provide personal data on this website unless we indicate this in individual cases in this privacy policy. Nevertheless, the provision of the functions of this website and its implementation require the processing of your personal data.
  2. Our company pages on LinkedIn, Xing, Facebook, Instagram, TikTok and YouTube
    We maintain company pages on social networks such as LinkedIn, Xing, Facebook, Instagram, TikTok and YouTube. On these company pages, we offer interested parties, business partners and customers information about the lawcode Suite and the topics of compliance, LkSG and CSRD. We would like to point out that the terms of use and data protection notices of the respective service providers of the social networks apply to the use of these social networks. If you contact us via such social networks and provide us with your personal data, the information provided in this data protection notice applies to further data processing.