The contents of our website have been produced with the utmost care and attention. However, we shall not be held liable for the correctness, completeness and topicality of the contents. As a service provider, we are responsible, pursuant to § 7 (1) TMG [German Telemedia Act] for our own content on this website in accordance with the general laws. However, pursuant to §§ 8 to 10 TMG [German Telemedia Act], as a service provider, we are not obligated to monitor or investigate sent or stored third-party information, which indicate an illegal activity. Obligations to remove or block the use of information in accordance with the general law remain unaffected by this. However, liability in this regard shall only be possible from the time of gaining awareness of a concrete legal violation. Once we become aware of such legal violations, we shall remove the respective contents immediately.
Liability for links:
Our offer contains links to external third-party websites, the contents of which we cannot influence. Therefore, we also cannot assume any liability for this third-party content. The relevant vendor or operator of the website is always responsible for the contents of linked websites. The linked websites were reviewed for legal violations at the time of setting the link. Illegal contents were not identifiable at the time of linking. However, without concrete indications, constant checking of the linked websites is cannot be reasonably expected. Once we become aware of such legal violations, we shall remove such links immediately.
The contents produced by the website operators and works on these websites are subject to German copyright law. The duplication, editing, dissemination and any type of exploitation outside of the boundaries of the copyright require the written consent of the relevant author/creator. Downloads and copies of this website are only permitted for private, non-commercial use. To the extent that the contents of this website have not been produced by the operator, the third-party copyrights shall be observed. In particular, third-party contents shall be identified as such. In the event that you should nevertheless become aware of a copyright violation, we request appropriate notification. Once we become aware of such legal violations, we shall remove such links immediately.
E-mail address: email@example.com
Managing Directors/Owners: Michael Ehret, Stefan Klein, Alex Indra, Guido Prummer
Link to legal notice: http://ehret-klein.de/de/untermen%C3%BC/information/impressum.html
Contact Data Protection Representative /r: Dr. Georg Schröder; Georg.Schroeder@heussen-law.de
Types of processed data:
– Master data (e.g. names, addresses).
– Contact data (e.g. e-mail, telephone numbers).
– Content data (e.g. text entries, photographs, videos).
– Utilization data (e.g. visited websites, interest in contents, access times).
– Metadata/communication data (e.g. device information, IP addresses).
Categories of data subjects
Visitors and users of the online services (In the following, we will also refer to the data subjects jointly as “users”).
Purpose of the processing:
– Provision of the online services, their functions and contents.
– Answering of contact inquiries and communication with users.
– Security measures.
– Range measurement/marketing
“Personal data” means any information relating to an identified or identifiable natural person (hereinafter “data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g. cookie) or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
“Processing” is any operation or set of operations, which is performed on personal data or on sets of personal data, whether or not by automated means. The term has a broad meaning and comprises virtually any handling of data.
„“Pseudonymization” means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person;
“Profiling” means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or movements.
“Controller” is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
“Processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
Relevant legal foundation
On the basis of Art. 32 GDPR, in consideration of the state-of-the-art, the implementation costs and the nature, scope, circumstances and purposes of the processing, as well as the different probability of occurrence and seriousness of the risk for the rights and freedoms of natural persons, the Controller and the Processor take appropriate technical and organizational measures, in order to guarantee the risk of an appropriate protection level.
These measures particularly include the assurance of confidentiality, integrity and availability of data by checking the physical access to the data, as well as the relevant access, the entry, disclosure, assurance of availability and their separation. Furthermore, we have set up procedures, which guarantee the exercising of rights by the data subjects, deletion of data and responding to endangering of the data. Furthermore, we already take the protection of personal data into consideration for the development/selection of hardware, software and procedures, in accordance with the principle of data protection through technology design and data-protection-friendly default settings (Art. 25 GDPR).
Cooperation with processors and third parties
Insofar as we disclose data to other persons and companies within the scope of our processing (processors or third parties), send data to these or otherwise grant them access to data, this only occurs on the basis of legal permission (e.g. if sending of the data to third parties, such as payment service providers is required for contract fulfillment in accordance with Art. 6 Para. 1 Letter b GDPR), if you have consented, a legal obligation prescribes this or on the basis of our vested interests (e.g. for the use of authorized representatives, web hosters etc.).
Insofar as we commission third parties with the processing of data on the basis of a so-called “contract data processing agreement”, this occurs on the basis of Art. 28 GDPR.
Transmissions to third countries
Insofar as we process data in a third country (i.e. outside of the European Union (EU) or the European Economic Area (EEA)) or disclose it within the scope of using third-party services or if disclosure/transmission of data occurs to third parties, this only occurs, if it is required for fulfilling our (pre-)contractual duties, on the basis of your consent, on the basis of a legal obligation or on the basis of our vested interests. Subject to legal or contractual permissions, we only process, or have the data processed, in a third country if the specific preconditions of Art. 44 et seqq. GDPR exist. I.e. the processing occurs, e.g. on the basis of specific guarantees, such as the officially acknowledged establishment of a privacy level corresponding to the EU (e.g. for the USA, by means of the “Privacy Shield”) or the observance of officially recognized specific contractual obligations (so-called “standard contractual clauses”).
Rights of the data subjects
You have the right to request a confirmation about whether relevant data are processed and to receive information about these data, as well as additional information and a copy of the data in accordance with Art. 15 GDPR.
In accordance with Art. 16 GDPR, you have the right to request the completion of the data relating to you or correction of the inaccurate data relating to you.
On the basis of Art. 17 GDPR, you have the right to request that relevant data are deleted immediately, or alternatively, on the basis of Art. 18 GDPR, to request a restriction to the processing of the data.
You have the right to request the receipt of the data relating to you, which you provided to us on the basis of Art. 20 GDPR and request that it be sent to other responsible parties.
Furthermore, in accordance with Art. 77 GDPR, you have the right to file a complaint with the responsible supervisory authority.
You have the right to revoke granted consents in accordance with Art. 7 Para. 3 GDPR with effect for the future
Right to object
You may object to the future processing of the data relating to you on the basis of Art. 21 GDPR at any time. The objection may specifically be made against processing for the purpose of direct marketing.
Cookies and the right to object to direct marketing
Small files that are stored on users’ computers are referred to as “cookies”. Various details can be stored within the cookies. A cookie is primarily used for storing the details of a user (or the device on which the cookie is stored) during or also after his or her visit within online services. Temporary cookies and/or “session cookies” or “transient cookies” are those cookies, which are deleted after the user leaves an online service and closes his or her browser. For example, the content of a shopping basket in an online shop or a login status can be stored in such a cookie. Cookies are referred to as “permanent” or “persistent”, which also remain stored after closing the browser. For example, the login status can be stored, if the users visit the site again after several days. The interests of the users can also be stored in such a cookie, which are used for measuring range or for marketing purposes. Cookies are referred to as “third-party cookies”, which are offered by providers other than the Controller, who operates the online services (otherwise, if they are only the Controller’s cookies, “first-party cookies” are referred to).
If the users do not want cookies to be stored on their computer, they are requested to deactivate the relevant option in the system settings of their browser. Stored cookies can be deleted in the browser’s system settings. The exclusion of cookies can lead to functional restrictions of these online services.
Deletion of data
According to the legal provisions in Germany, the retention specifically occurs for 10 years in accordance with §§ 147 Para. 1 AO [German Fiscal Code], 257 Para. 1 No. 1 and 4, Para. 4 HGB [German Commercial Code] (accounts, records, management reports, booking vouchers, trading accounts, relevant tax records, etc.) and 6 years in accordance with § 257 Para. 1 No. 2 and 3, Para. 4 HGB [German Commercial Code] (commercial letters).
According to the legal provisions in Austria, the retention specifically occurs for 7 years in accordance with § 132 Para. 1 BAO [Austrian Federal Tax Code] (accounting records, vouchers/bills, accounts, documents, business papers, schedule of income and expenses, etc.), for 22 years in relation to properties and for 10 years in the case of records in relation to electronically provided services, telecommunication, radio and television services, which are provided to non-entrepreneurs in the EU Member States and are used for the Mini-One-Stop-Shop (MOSS).
We process our customers’, clients’ and interested parties’ data (uniformly referred to as “customers”) in accordance with Art. 6 Para. 1 Letter b. GDPR, in order to provide them with our contractual or pre-contractual services. The data processed during the course of this, the scope, purpose and necessity of its processing, are determined according to the underlying commission. This basically includes the related personal and master data of the customers (name, address, etc.), as well as the contact data (e-mail address, telephone, etc.), the contract data (content of the commission, fees, terms, details about the referred companies/insurers/services) and payment data (commissions, payment history, etc.). Furthermore, we can process the details about the characteristics and circumstances of persons or the items belonging to them, if this is part of the subject matter of our commission. These can be e.g. details about personal circumstances, mobile or immobile material assets.
Within the scope of our commission, it can also be necessary to process specific categories of data in accordance with Art. 9 Para. 1 GDPR, particularly details about a person’s health. For this purpose, we obtain an express consent from the customers in accordance with Art. 6 Para. 1 Letter a., Art. 7, Art. 9 Para. 2 Letter a GDPR.
Insofar as it is necessary for contractual performance or by law, we disclose or send the customers’ data within the scope of cover requests, contracts and processing of contracts, data to providers of the referred services/properties, insurers, reinsurers, pools of brokers, technical service providers, other service providers, e.g. cooperating associations, as well as financial services providers, credit institutions and capital investment companies, as well as social security agencies, tax authorities, tax advisors, legal advisors, public accountants, insurance ombudsmen and the Federal Financial Supervisory Authority (BaFin). Furthermore, we can appoint sub-contractors, such as sub-brokers. We obtain a consent from the customers, if it is necessary to do so for disclosing/sending (which can be the case e.g. with specific categories of data in accordance with Art. 9 GDPR).
The deletion of the data occurs after the statutory warranty and comparable duties have elapsed, whereby the necessity for retaining the data is reviewed every three years; ceteris paribus, the statutory retention duties apply.
In the case of statutory archiving duties, the deletion occurs after they have elapsed. Under German law, in the insurance and financial industry, advisory records are specifically subject to retention for 5 years, brokerage contract notes for 7 years and brokerage contracts for 5 years, as well as 6 years generally for records that are relevant for commercial-code purposes and 10 years for records that are relevant for tax-code purposes.
We process our contracting parties’ and interested parties’ data, as well as the data of other principals, customers, clients or contracting parties (uniformly referred to as “contracting parties”) in accordance with Art. 6 Para. 1 Letter b. GDPR, in order to provide them with our contractual or pre-contractual services. The data processed during the course of this, the scope, purpose and necessity of its processing, are determined according to the underlying contractual relationship.
The data to be processed include the master data of our contracting parties (e.g., names and addresses), contact data (e.g. e-mail addresses and telephone numbers), as well as contract data (e.g., services used, contract contents, contractual communication, names of contact persons) and payment data (e.g. bank account details, payment history).
As a rule, we do not process specific categories of personal data, except if these are integral parts of commissioned or contractually-compliant processing.
We process data, which are required for the substantiation and fulfillment of contractual services and refer to the necessity of its processing, provided that this is not evident to the contracting parties. Disclosure to external persons or companies will only occur, if this is necessary during the course of a contract. For the processing of the data provided to us within the scope of a commission, we act in accordance with the instructions of the clients, as well as the legal stipulations.
Within the scope of use of these online services, we store the IP address and the time of the respective user action. The storage occurs on the basis of our vested interests, as well as the interests of the users, in respect of protection from misuse and other unauthorized use. Disclosure of these data to third parties does not occur, as a general rule, except if it is required for pursuing our claims in accordance with Art. 6 Para. 1 Letter f GDPR or if a legal obligation exists to do so in accordance with Art. 6 Para. 1 Letter c GDPR.
The deletion of the data occurs, if the data are no longer required for the fulfillment of contractual or legal duties of care, as well as for handling possible warranty and comparable duties, whereby the necessity for retaining the data is reviewed every three years; ceteris paribus, the statutory retention duties apply.
Administration, financial accounting, office organization, contact administration
We process data within the scope of administrative duties, as well as the organization of our business, financial accounting and compliance with the legal duties, such as archiving. In doing so, we process the same data, which we process during the course of providing or contractual services. The processing bases are Art. 6 Para. 1 Letter c. GDPR, Art. 6 Para. 1 Letter f. GDPR. Customers, interested parties, business partners and website visitors are affected by the processing. The purpose and our interest in the processing lies in administration, financial accounting, office organization, archiving of data, i.e. the duties for maintaining our business activities, exercising our duties and providing our services. The deletion of data in respect of contractual services and the contractual communication corresponds to the details referred to in these processing activities.
During the course of these, we disclose or send data to the tax authority, advisors, such as tax advisors or public accountant, as well as additional fee agencies and payment service providers.
Furthermore, on the basis of our business interests, we store details about suppliers, organizers and other business partners, e.g. for the purpose of establishing contact later on. As a rule, we permanently store these data, the majority of which are company-related.
Google is certified under the Privacy Shield Agreement and therefore offers a guarantee to comply with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
Google will use this information on our behalf, to evaluate the use of our online services by the users, to produce reports concerning the activities within the online services and to produce additional services associated with the use of these online services and the Internet for us. Pseudonymous utilization profiles of the users can be created from the processed data.
We only use Google Analytics with activated IP anonymization. However, in the case of activation of IP anonymization on this website, your IP address will be previously abbreviated by Google within Member States of the European Union or in other Contracting States of the Treaty on the European Economic Area. The full IP address will only be transferred to a Google server in the USA and abbreviated there in exceptional cases.
The IP address sent by the user’s browser will not be combined with other data of Google. The users can prevent the storage of the cookies with an appropriate setting in their browser software; furthermore, the users can prevent the recording of the data generated by the cookie and their use of the online services to Google, as well as the processing of these data by Google, by downloading and installing the browser plugin available under the following link: http://tools.google.com/dlpage/gaoptout?hl=de.
The personal data of the users are deleted or anonymized after 14 months.
Google Universal Analytics
We use Google Analytics in the form of “Universal Analytics”. “Universal Analytics” refers to a procedure of Google Analytics, during the course of which, the user analysis occurs on the basis of an alias user ID and an alias profile of the user is therefore created with information from the use of various devices (so-called “cross-device tracking”).
Google Analytics deaktivieren