Data protection terms and conditions for the Internet

1. Information about the collection of personal data

(1) The following provides information about the processing of personal data, which arise during the use of services offered by COHAUSZ & FLORACK. Personal data are all data that are personally identifiable to you, such as your name, address, e-mail addresses, telephone number or user behavior.

(2) The entity responsible pursuant to Art. 4 para. 7 of the Basic EU Data Protection Regulation (DS-GVO) is COHAUSZ & FLORACK Patent- und Rechtsanwälte Partnergesellschaft mbH, Bleichstrasse 14, 40211 Düsseldorf, Germany, represented by Gottfried Schüll, ibid. e-mail: g.schuell@cohausz-florack.de.

(3) You can reach our data protection officer by e-mail: datenschutz@cohausz-florack.de or our postal address with the addition "the Data Protection Officer".

COHAUSZ & FLORACK
The Data Protection Officer
Bleichstraße 14
D-40211 Düsseldorf
Germany

Tel.: +49 (0)211-90 490-0
Fax: +49 (0)211-90 490-49

(4) We process personal data for the purpose of fulfilling the contractual obligations arising from the mandates assigned to us and in connection with other contractual relationships (e.g. authorities, suppliers, banks, service providers), as well as for information about our services and related legal issues (Art. 6 para. 1 b DS-GVO) and in the context of a weighing of interests for self-promotion, unless you have objected to the use of your data (Art. 6 para. 1f DS-GVO). We expressly point out the existing right of objection for the aforementioned use.

2. Your rights

(1) You have the following rights towards us with regard to personal data concerning you:
•    The right to information
•    The right to correction or deletion
•    The right to limitation of processing
•    The right to object to processing, including in particular processing based on a weighing of interests
•    The right to data transferability
•    The right of withdrawal of consent to processing

(2) You also have the right to complain to a data protection supervisory authority about our processing of your personal data.

(3) The details of these rights can be found in the DSGVO and the BDSG.

3. Collection of personal data when visiting our website

(1) If you do not agree with the data collection and processing described below when accessing the website from the Internet, please leave this website, do not load any further parts of our website onto your computer and do not contact us by e-mail. This is because data collection and data storage is automatic. The processed data is required for the purposes described below in order to safeguard our legitimate interests and, if applicable, those of third parties in accordance with Art. 6 Para. 1 S. 1 lit. f DSGVO.

(2) We also process personal data that are collected during a simple visit to our website to improve our Internet offer, in compliance with the applicable data protection regulations. Personal data will neither be published by us without authorization nor passed on to third parties without authorization.
When you visit our websites, our web servers temporarily store each access in a log file. The following data are recorded and stored until they are automatically deleted:

  • IP address of the requesting computer*
  • Date and time of access
  • Time zone difference to Greenwich Mean Time (GTM)
  • Name and URL of the retrieved file
  • Amount of data transmitted
  • Message whether the retrieval was successful
  • Identification data of the browser and operating system used
  • Internet site from which access is made Content of the request - specific page
  • Access status/http Status code
  • Browser
  • Operating system and its interface
  • Language and version of the browser software
  • Visited pages (incl. entry and exit page)

(*The IP address is not linked to other data collected. In the system access log file only date, time and IP address are recorded, in case of an attack and its defense).

These data are processed for the purpose of enabling use of the website (connection establishment), system security, technical administration of the network infrastructure and optimization of the Internet offering. The IP address is only evaluated in the event of attacks on the COHAUSZ & FLORACK network infrastructure.
Personal, non-anonymous user profiles are not created. Recital 29 of the Basic Data Protection Regulation refers to the use of user profiles under a pseudonym, provided that the information with which the personal data can be assigned to a specific person is kept separately.

(3) In addition to the data mentioned above, cookies are stored on your computer when you use our website. Cookies are small text files that are stored on your end device (computer, laptop, tablet, smartphone or similar) assigned to the browser you are using and through which certain information flows to the location that sets the cookie (here by us). Cookies cannot execute programs or transfer viruses to your computer. The use of cookies serves on the one hand to make the use of our offer more pleasant for you. For example, we use so-called session cookies to recognize that you have already visited individual pages of our website. You can set your browser so that the cookies from our site are automatically deleted at the end of a session.

(4) Use of cookies:
a) This website uses the following types of cookies, the scope and functionality of which are explained below:
•    Transient cookies (see b)
•    Persistent cookies (see c).

b) Transient cookies are automatically deleted when you close your browser. This includes in particular the session cookies. These store a so-called session ID, with which different requests of your browser can be assigned to the common session. This will allow your computer to be recognized when you return to our website. Session cookies are deleted when you log out or close your browser.

c) Persistent cookies are automatically deleted after a specified period, which may vary depending on the cookie. You can delete cookies at any time in the security settings of your browser.

d) You can configure your browser settings according to your wishes and refuse the acceptance of third party cookies or all cookies, for example. Please note that you then may not be able to use all functions of this website.

The cookie stores information that is related to the specific terminal device used. This does not mean, however, that we obtain direct knowledge of your identity.

In addition, we also use temporary cookies to optimise user-friendliness, which are stored on your terminal device for a certain defined period of time. If you visit our site again to make use of our services, it is automatically recognised that you have already been with us and which entries and settings you have made so that you do not have to enter them again.

On the other hand, we use cookies in order to statistically record the use of our website and to evaluate it for the purpose of optimising our offer for website visitors (see section 5). These cookies enable us to automatically recognize that you have already been with us when you visit our site again. These cookies are automatically deleted after a defined period of time.

Most browsers accept cookies automatically. You can, however, configure your browser so that no cookies are stored on your computer or a message always appears before a new cookie is created. However, completely disabling cookies may mean that you cannot use all the functions of our website.

4. External contents

(a) Google Maps API: Under the heading "Contact" you will find a route planner with the Google Maps API. Here the visitor of the page can enter his start address. This data is then processed by the Google API. We have no control over the data collected and processed by Google. The privacy policy of Google applies.

b) Facebook: On the pages of our blog you will find buttons to call up so-called social networks or services, including Facebook (Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland) - Privacy Policy, Opt-Out and Privacy Shield.

c) Twitter: On the pages of our blog you will find buttons for accessing social networks and services, including Twitter (Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA) - data protection declaration, opt-out and privacy shield.

d) Xing: On the pages of our blog you will find buttons for accessing social networks and services, including Xing (XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany) - Privacy Policy/ Opt-Out.

e) LinkedIn: On the pages of our blog, you will find buttons for accessing so-called social networks and services, including LinkedIn (LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland) - data protection declaration, opt-out and privacy shield.

f) YouTube: COHAUSZ & FLORACK has integrated components of YouTube on this website. The operating company of YouTube is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. YouTube, LLC is a subsidiary of Google Inc, 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA. The privacy policy published by YouTube provides information about the collection, processing and use of personal data by YouTube and Google.

YouTube is an internet video portal that allows video publishers to post video clips for free and other users to view, rate and comment on them, also free of charge. YouTube allows the publication of all types of videos, which is why complete film and television programmes, but also music videos, trailers or videos created by users themselves can be accessed via the Internet portal. Each time the data subject accesses one of the individual pages of this website operated by the data controller and on which a YouTube component (YouTube video) has been integrated, the Internet browser on the information technology system of the data subject is automatically prompted by the respective YouTube component to download a display of the corresponding YouTube component from YouTube. Further information on YouTube can be found at www.youtube.com/yt/about/de/. As part of this technical process, YouTube and Google are informed which specific subpage of our website is visited by the data subject. If the person concerned is logged on to YouTube at the same time, YouTube recognizes which specific subpage of our website the person concerned is visiting by calling up a subpage containing a YouTube video. This information is collected by YouTube and Google and assigned to the respective YouTube account of the person concerned. YouTube and Google receive information via the YouTube component that the data subject has visited our website whenever the data subject is logged on to YouTube at the same time as he or she visits our website, regardless of whether the data subject clicks on a YouTube video or not. If the data subject does not wish this information to be transmitted to YouTube and Google, he or she can prevent the transmission by logging out of his or her YouTube account before accessing our website.

g) Vimeo: COHAUSZ & FLORACK has integrated components from Vimeo on this website. The operating company of Vimeo is Vimeo, Inc, 555 West 18th Street, New York, New York 10011, USA (https://vimeo.com). The privacy policy published by Vimeo, which can be found at www. vimeo, Inc. provides information about the collection, processing and use of personal data by Vimeo. The statements made above under letter f) apply accordingly to this service.

The services mentioned above under letters a)-e) use the buttons to obtain and evaluate information according to their data protection regulations. Visitors to the relevant pages who are not familiar with the respective data protection regulations should refrain from using the buttons. Visitors who do not agree with the collection and use of data by the companies mentioned may not use the buttons. In this case COHAUSZ & FLORACK also expressly advises against accessing their blog pages at all. 

5. Registrations via our website

a) Newsletter or seminar distribution list

COHAUSZ & FLORACK informs its customers and business partners at regular intervals by means of a newsletter about its own offers and specialist topics. On the COHAUSZ & FLORACK website, users are therefore given the opportunity to subscribe to the newsletter as well as information on COHAUSZ & FLORACK information events. The personal data transmitted to COHAUSZ & FLORACK when ordering these services is derived from the input masks used for this purpose.

Newsletter and event information can only be received by interested parties if (i) the person concerned has a valid e-mail address and (ii) the person concerned registers to receive the newsletter and event information. A confirmation e-mail will be sent to the e-mail address first registered by a person concerned for the newsletter dispatch using the double opt-in procedure. This confirmation e-mail is used to check whether the owner of the e-mail address, as a data subject, has authorized the receipt of the newsletter. Inclusion in the aforementioned mailing lists also takes place at the express request of the interested party, who is declared personally to a representative of COHAUSZ & FLORACK by e-mail or outside the internet.

When registering for newsletter or event notification services we also store the IP address assigned by the Internet Service Provider (ISP) of the computer system used by the person concerned at the time of registration as well as the date and time of registration. The collection of this data is necessary in order to be able to trace the (possible) misuse of a data subject's e-mail address at a later date and therefore serves to provide legal protection for the data controller.

The personal data collected during registration for newsletter or event notification services is used exclusively for the purpose of sending our newsletter. Furthermore, subscribers to the newsletter or event information service could be informed by e-mail if this is necessary for the operation of the newsletter or event information service or for registration in this respect, as could be the case if there are changes to the newsletter or event information service or if technical conditions change. The personal data collected within the scope of these services will not be passed on to third parties. The subscription to our newsletter or event information services can be cancelled by the person concerned at any time. The consent to the storage of personal data, which the person concerned has given us for newsletter or event information services, can be revoked at any time. For the purpose of revoking this consent, there is a corresponding link in every newsletter or event information. Furthermore, it is possible to unsubscribe at any time by e-mail, e.g. to cfticker@cohausz-florack.de, from the newsletter or event information or to inform us of this in another, suitable way. In order to ensure that interested parties only receive information that is supposedly of interest to them, we categorize and supplement your subscription profile with additional information. Both statistical information and information about yourself (e.g. basic data of your subscription profile) are used for this purpose. The aim is to provide you with advertising that is solely oriented towards your actual or supposed needs (mandate-related general information on meeting deadlines or on specialist events) and not to bother you with unnecessary advertising.

b) Registration for events, consultation hours or other one-time events

COHAUSZ & FLORACK offers interested persons the opportunity to register directly via the website for one of our events, consultation hours, or other comparable one-time events using an online form.

For these registrations, we store the IP address assigned by the Internet service provider (ISP) of the computer system used by the person concerned at the time of registration, as well as the date and time of registration. The collection of this data is necessary in order to be able to trace the (possible) misuse of a data subject's e-mail address at a later point in time and therefore serves as a legal safeguard for the controller.

The personal data collected in the context of such registration will be used exclusively for the implementation of the respective event or consultation hour, or the one-off event. No personal data collected in this context will be passed on to third parties. Exceptions to this are events that we organize together with external partners (e.g. companies or friendly law firms). In these cases, we pass on your registration data to our event partner, who is indicated on the invitation for the respective event. Conversely, we receive from them the registration data of persons who have registered with them for the event. We treat the personal data that we have received from our partners in this way in exactly the same way, in terms of data protection law, as the data of the persons who have registered with us. The transfer of data by us to the partners is for a specific purpose related to the event. For details of storage and processing by co-organizing partners who, like us, are subject to the GDPR, we refer you to the privacy policy on their website.

Consent to the storage and processing of this personal data by us can be revoked informally at any time by sending an e-mail to events@cohausz-florack.de or startups@cohausz-florack.de. The same applies to external event partners who are to be contacted directly. Even without revocation, the personal data collected on the occasion of these registrations will be deleted at the end of the half-year or year, but at the earliest 3 months after the event, unless the person concerned has also subscribed to the newsletter or seminar distribution list and has not revoked his or her consent for this or, in the case of a consultation, has not subsequently placed an order with COHAUSZ & FLORACK. In the latter case, the mandate-related regulations for the protection of personal data apply from the time the order is placed.

6. Data protection in applications and in the application process

COHAUSZ & FLORACK collects and processes the personal data of applicants for the purpose of processing the application procedure. The processing can also be done electronically. This is particularly the case if an applicant submits relevant application documents to the data controller by electronic means, for example by e-mail. If the data controller concludes an employment contract with an applicant, the data transferred is stored for the purpose of processing the employment relationship in accordance with legal requirements. If the controller does not conclude an employment contract with the applicant, the application documents are automatically deleted in accordance with the statutory deletion periods, provided that no other legitimate interests of the controller conflict with deletion. Other legitimate interests in this sense include, for example, an obligation to provide evidence in proceedings under the General Equal Treatment Act (AGG). The deletion of the application documents takes place after 6 months and at the same time the applicant data is reduced to rump data and anonymized for the evaluation.

7. Use and disclosure of personal data

Any use of personal data collected via the website of COHAUSZ & FLORACK will only be made for the purposes mentioned in section 1 and to the extent necessary to achieve these purposes. Personal data will only be transferred to state institutions and authorities within the framework of mandatory legal provisions or in the public interest, in particular if the transfer is necessary for legal or criminal prosecution in the event of attacks on our network infrastructure (Art. 6 Para. 1c and d DS-GVO). Data collected during visits or contacts via this website is not passed on to third parties for other purposes.

8. E-mail

Personal data that you transmit by e-mail will be stored and used by COHAUSZ & FLORACK to process the e-mail in accordance with the purpose for which it was sent. COHAUSZ & FLORACK does not wish to receive unsolicited advertising or other comparable offers.

Should you wish to contact us by e-mail, we would like to point out that the content of unencrypted e-mails can be viewed by third parties. We therefore recommend sending confidential information by post. Please note that personal data transmitted by e-mail will be stored and processed for the purpose of processing your enquiry (see no. 3 above).

9. Consent to further use

In addition to the purely informative use of our website, we offer various services which you can use if you are interested. For this purpose, you must usually provide additional personal data which we use to provide the respective service, such as electronic newsletters or forums which require prior registration and further processing of personal data; for example, long-term storage of e-mail addresses, user IDs and passwords.
Such data will only be used for the purposes stated at the time of collection, which go beyond the fulfilment of our contractual obligations arising from the client relationship and if you have provided us with the data for this purpose and have consented to its processing in advance (Art. 6 para. 1a DS-GVO).
Special note: You can revoke your consent at any time with effect for the future. Please send the revocation in writing (see above) or by e-mail to our data protection officer e-mail: datenschutz@cohausz-florack.de

10. Use in connection with (incipient) mandate, order or business relations or other communication relationships

(1) COHAUSZ & FLORACK processes your personal data only to the extent permitted by law, in particular the EU Data Protection Basic Regulation ("DSGVO") and the Federal Data Protection Act ("BDSG").

The object of data processing by us is your contact data as well as any other personal data that may be required for our service provision or our communication with you (e.g. information that (i) is typically contained in legal documents (contracts, briefs, etc.) and/or public registers, e.g. e.g. patent, trademark, design, land register, commercial and association registers, (ii) was the subject of our correspondence with you, or (iii) affects your legal relations with your employer or third parties, such as personal data, file numbers or loan or account numbers at credit institutions.

If you have not provided us with your personal data yourself, we have received this data from our clients, business partners, service providers or cooperation partners for whom you may work as a representative or employee or through whom you are invited to our events, or we have taken the data from publicly accessible sources such as, in particular, company websites, lists of participants in events or industry directories.

We process personal data insofar as this is necessary to protect the legitimate interests of COHAUSZ & FLORACK (Art. 6 Para. 1 lit. f DS-GVO), in particular

  • to conclude or execute mandate agreements, orders to our notaries, contracts and other business relationships (including for the processing of purchase orders, deliveries or payments) or to prepare or respond to requests for quotations and to determine the terms and conditions of the contractual relationship with our clients, business partners, service providers or cooperation partners for whom you may be acting as agent or employee;
  • for internal administrative purposes of the firm (e.g. for accounting purposes);
  • if necessary, for the performance of anti-terrorism and sanctions list screenings;
  • to conduct legal and administrative proceedings and/or for the purpose of asserting/exercising and defending against legal claims in Germany and abroad, including the exercise of professional privileges and other special confidentiality rights;
  • to send you our client information, such as newsletters with information on current legal topics or events at our law firm, to the extent relevant to your business activities;
  • for other communication purposes;
  • to ensure the IT security and IT operation of our law firm;
  • to use service providers (e.g. external IT service providers) that support our business processes;
  • to prevent criminal offences and, in individual cases, to conduct compliance investigations and the associated (also electronic) review of correspondence and documents;
  • to plan and conduct events to which you are invited, including reporting on these events on our intranet, which may include the publication of image and video material on the intranet on which you are represented.

In addition, personal data is processed for the purpose of fulfilling contracts with or orders from individuals (natural persons) with whom we have business relations (Art. 6 Para. 1 lit. b DS-GVO).

If a client/contractual partner does not provide the necessary personal data, COHAUSZ & FLORACK cannot carry out the contractual relationship or fulfil the above-mentioned communication purposes.

We are also partly required by law to process data (Art. 6 para. 1 lit. c) DS-GVO). For example, according to the provisions of the Money Laundering Act we are obliged to identify our clients and require the necessary information from you (Art. 11 Para. 6 Sentence 1 GWG). According to § 50 BRAO we are obliged by professional law to keep legal files and can use electronic data processing for this purpose.

(2) Confidentiality and deletion of your personal data: All our employees and all employees of external service providers who have access to personal data are obliged to treat this data confidentially.

We delete the personal data after termination of the mandate, assignment or contractual relationship or our contact if the storage is no longer necessary for the fulfilment of our (post-)contractual obligations or the legitimate interests mentioned in this data protection declaration and if there is no legal obligation to retain the data. Insofar as statutory storage obligations exist, we will restrict the processing of the data.

(3) Disclosure of your personal data: We will only transfer your personal data to third parties on the basis of legal regulations or if you have given your consent in individual cases.

Your personal data may be transferred to contractors within and outside the European Economic Area (EEA) who perform services for us, such as IT services (contract processors), to the extent necessary for the purposes mentioned in point (1). These contractors are bound by us to secrecy and process personal data only according to our instructions. In the normal course of business and for the purposes set out in point (1) above, we may also disclose your data to third parties within and outside the EEA, e.g. to our business partners or law firms with whom we work on a mandate, translators, opponents and other third parties.

In addition, we may, to the extent permitted by law, transfer your personal data to authorities (e.g. social security institutions, tax authorities or law enforcement agencies), public registers and courts in Germany and abroad in order to fulfil legal obligations or in the interest of our law firm. These may also be foreign authorities and courts.

Countries outside the EEA may have different data protection regulations than the EU. To the extent that no legal level of protection comparable to the European data protection law exists in these countries, we will take precautions to ensure the adequate protection of your personal data in these countries if your personal data is transferred to these countries. In particular, the standard contractual clauses published by the European Commission are available to us for this purpose. You can obtain further information from our data protection officers and, in particular, ask them to inspect the contracts concluded.

11. Security

COHAUSZ & FLORACK uses technical and organizational security measures to protect your personal data managed by us against accidental or intentional manipulation, loss, destruction or access by unauthorized persons.

12. Links to websites of other providers

Our website(s) may contain links to websites of other providers. We would like to point out that this data protection declaration applies exclusively to the website(s) of COHAUSZ & FLORACK. We are not able to influence and do not control that other providers comply with the applicable data protection regulations.

13. CFDataroom oder CFOnline

Under the name "CFDataroom" COHAUSZ & FLORACK offers certain clients web-based document storage within the scope of the client relationship, which contains certain interactive features. If and to the extent that personal data are stored and processed for access to CFDataroom and/or to the files in the file system, the use and protection of such data are regulated by COHAUSZ & FLORACK’s special General Terms and Conditions for CFDataroom.

14. Validity and timeliness of the data protection declaration

This Data Protection Declaration is dated as of February 2022 and is effective for as long as no updated version replaces it.

Due to the further development of our website or the implementation of new technologies, it may become necessary to change this Data Protection Declaration. COHAUSZ & FLORACK reserves the right to change the Data Protection Declaration at any time with effect for the future. We recommend that you re-read the current Data Protection Statement from time to time.