Data Protection Notice
We take the protection of your personal data very seriously. Therefore we process personal data in compliance with current European and national legislation.
The following declaration provides an overview of what kind of data is collected, how these data are used and forwarded, what security provisions we have to ensure the protection of your data and how you can acquire information about the data given to us.
Legal basis for processing personal data
If we obtain the consent of the data subject for the processing of his or her personal data, Article 6(1) Sec. 1 lit. a of the European General Data Protection Regulation serves as the legal basis.
For the processing of personal data necessary for the performance of a contract to which the data subject is party, the legal basis for processing personal data is Article 6(1) Sec. lit. b GDPR. This also applies to processing operations that are required for the implementation of pre-contractual measures.
Where processing of personal data is necessary to fulfil a legal obligation to which our company is subject, Art. 6(1) Sec. 1 lit. c GDPR serves as the legal basis.
If the processing is necessary to protect a legitimate interest of our company or of a third party and if the interests, fundamental rights and fundamental freedoms of the data subject do not override the first-mentioned interest, Art. 6(1) Sec. 1 lit. f GDPR shall serve as the legal basis for the processing.
Data erasure and storage period
The personal data of the data subject will be erased or blocked as soon as the purpose of storage ceases to apply. Personal data may be further stored if this is provided for by European or national legislation in EU regulations, laws or other provisions to which we are subject. Data is also blocked or erased when a storage period that has been prescribed by the stated standards has expired, unless there is a requirement for continued storage of the data to conclude or fulfil a contract.
- 1 The controller and the data protection officer
(1) Name and address of the responsible controller
The controller as defined by the General Data Protection Regulation and other national data protection laws of the Member States as well as other data protection regulations is:
Epping Hermann Fischer Patentanwaltsgesellschaft mbH
Tel.: 089 500 329 0
(2) Name and address of the data protection officer
The Data Protection Officer for the controller is:
Data protection & privacy – Nicole Grohmann
Tel.: 0831 – 5209 – 80680
- 2 Definitions
- Personal data means any information relating to an identified or identifiable natural person (in the following ‘data subject’). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
- Data subject means any identified or identifiable natural person whose personal data are processed by the controller responsible for the processing.
- Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction , erasure or destruction.
- Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or movements.
- Pseudonymisation means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.
- Controller or data controller means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
- Processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
- Recipient means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients.
- Third party means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data.
- Consent of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
- 3 Provision of the website and creation of log files
- If our website is used for information purposes only, i.e. if you have not registered or otherwise conveyed information to us, our system automatically collects the following data and information from the computer system of the accessing system each time our website is accessed:
- IP address (Internet Protocol address) of the device accessing the online service
- Internet address of the website from which the online service was accessed (so-called origin or referrer URL)
- Name of the service provider through which the online service is accessed;
- Name of the files / information accessed;
- Date, time and duration of the access;
- Volume of data transmitted;
- Operating system and information on the internet browser used including installed add-ons (e.g. for the Flash Player);
- HTTP status code (e.g. ‘request succeeded’ or ‘file not found’).
The data will also be stored in the log files of our system. These data are not stored together with other personal data of the user.
- The legal basis for the temporary storage of log files is Art. 6(1) Sec lit. f GDPR
- The temporary storage of the IP address by the system is necessary to
- enable the website to be delivered to the user’s computer. For this the IP address of the user must be stored for the duration of the session;
- optimize the content and advertisement of our website;
- ensure the functionality of our information technology systems and of our website;
- provide law enforcement authorities with the necessary information to prosecute in the event of a cyber attack.
Log files are used for storage in order to ensure the proper functionality of the website. The data also helps us to optimize the website and to safeguard the security of our information technology systems. In this context the data is not analysed for marketing purposes.
Our legitimate interest in data processing also lies in these purposes pursuant to Art. 6(1) Sec 1 lit. f GDPR.
- The data will be deleted as soon as they are no longer required for the purpose for which they were stored – in this case when the session has ended.
When data are stored in log files, they are deleted after not more than seven days. It is possible to store the data beyond that time. In this case the IP addresses will be deleted or anonymised so that it is no longer possible to determine the accessing client.
- The collection of data for the provision of the website and the storage of data in log files are essential for the operation of the website. Consequently there is no possibility of objection to this.
This website uses so-called cookies. Cookies are small text files that are sent to your browser from a web server when you visit a website and are stored on your computer or end device (PC, notebook, tablet, smartphone etc.) to give the website operator (in this case us) certain information. Cookies are used to make the website more user-friendly and secure as well as to track use-related information such as user traffic patterns and site usage. Cookies do not cause any damage to your computer and do not contain any viruses.
This cookie contains a characteristic string (so-called cookie ID) that allows the browser to be uniquely identified when the website is revisited.
- Language settings
- Entered search terms
- Frequency of site visits
- Use of website functions
- Application of language settings
- Retaining of search terms
User data collected through technically necessary cookies will not be used to create a user profile.
- 5 Disclosure of personal data to third parties
Links to external websites
- 6 Web analysis using Google Analytics (with pseudonymisation)
- Our website uses the services of Google Inc. (Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) to analyse the surfing patterns of our users. The software sets a cookie on your computer (see above for information on cookies). If individual pages of our website are accessed the following data are stored:
- part of the IP address of the calling system of the user
- website accessed
- entry pages, exit pages,
- session duration and bounce rate
- frequency with which the website is accessed
- geographical data, language, browser, operating system, screen resolution, use of Flash or Java
- search engines and search terms used
The information generated by the cookie about the use of this website is usually transmitted to a Google server in the USA and stored there.
This website uses the Google Analytics extension “_anonymizeIp()”. The software is configured so that IP addresses will not be fully stored, but will be truncated. In this way, it is not possible to assign the truncated IP address to the requesting computer. Only in exceptional circumstances is the full IP address sent to a Google server in the USA and truncated there. The IP address transmitted by your browser within the context of Google Analytics will not be merged with other data from Google.
- The legal basis for the processing of personal data is Art. 6(1) Sec 1 lit. 1f GDPR. For exceptional cases in which personal data are transmitted to the USA, Google has signed up to the EU-US Privacy Shield, https://www.privacyshield.gov/EU–US–Framework.
- Google will use this information on our behalf to evaluate your use of our website and compile reports on website activity. The analysis of this collected data enables us to gain information on the use of the individual components of our website. This helps us to make our site more user-friendly and continuously improve it. Our legitimate interest in processing the data also lies in these purposes pursuant to Art. 6(1) lit. f GDPR. By anonymising the IP address, users’ interest in protecting their personal data is sufficiently taken into account.
- • The data will be deleted as soon as they are no longer required for the purpose for which they were stored.
- The cookies will be stored on your computer and transmitted to our site from there. If you do not agree to the collection and analysis of your data, you can deactivate or limit the transmission of cookies through the settings of your internet browser. Cookies that are already stored can be deleted at any time. However, in this case it is possible that not all functions of this website can be used to their full extent.
You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (incl. your IP address) as well as the processing of this data by Google by downloading and installing the following link. The current link is:
- The third-party provider is Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001. Further information can be found in the user conditions under http://www.google.com/analytics/terms/de.html, the overview of data protection http://www.google.com/intl/de/analytics/learn/privacy.html, and the data privacy statement under http://www.google.de/intl/de/policies/privacy.
(1) This site uses so-called web fonts provided by Google for the homogenous display of fonts. On retrieving a website your browser downloads the necessary web fonts to your browser cache in order to correctly display texts and fonts. Accordingly, when you visit our website your browser will send requests to the Google server. In this process, the following data are logged by Google:
- IP address
- Browser information (name, version)
- User’s operating system
- User’s screen resolution
- Language settings of the browser / user’s operating system
- Font file
This is done regardless of whether you are logged into a user account provided by Google, or if there is no user account. When you are logged into Google, your data will be assigned directly to your account. The use of Google Web Fonts is to enable a homogenous and attractive display of fonts for our online services. Therein lies our legitimate interest pursuant to Art. 6(1) Sec. 1 lit. f GDPR.
(2) The legal basis for the processing of the personal data is Art. 6(1) lit. Sec. 1 f GDPR. Google also processes your personal data in the USA and has signed up to the EU-US Privacy Shield, https://www.privacyshield.gov/EU–US–Framework.
(3) Google stores your data as a user profile and uses this data for the purposes of advertising, market research and/or demand-oriented design of its website. Such analysis takes place in particular (even for users who are not logged in) to provide demand-oriented advertising and to inform other users about your activities on our website.
(4) You have the right to object to the creation of these user profiles, whereby you must contact Google to exercise this right.
- 7 Rights of the data subject
If your personal data are processed, you are the data subject as defined in the GDPR and you have the following rights vis-à-vis the controller:
- Right of access
- Right to rectification
- Right to restriction of processing
- Right to erasure
- Right to notification
- The right to data portability
- Right to object to processing
- Right to withdraw the data protection declaration of consent
- Right not to be subject to automated decision-making
- Right to lodge a complaint with a supervisory authority
- Right of access
- You can contact the controller to confirm whether personal data concerning you are processed by us. If such processing takes place, you can request access to your stored personal data free of charge from the controller at any time, as well as the following information:
- the purposes for which the personal data are processed;
- the categories of personal data processed;
- the recipients or categories of recipients to whom your personal data have been or are still being disclosed;
- the planned duration of storage of the personal data concerning you or, if specific information cannot be provided on this matter, criteria for defining the duration of storage;
- the existence of a right to rectification or erasure of your personal data, a right to restriction of processing by the controller or a right to object to such processing;
- the existence of a right to lodge a complaint with a supervisory authority;
- all available information on the origin of the data if the personal data are not collected from the data subject;
- the existence of automated decision-making, including profiling, pursuant to Art. 22(1) and (4) GDPR and – at least in those cases – meaningful information about the logic involved as well as the significance and the envisaged consequences of such processing for the data subject.
- You have the right to request information about whether the personal data relating to you are transferred to a third country or to an international organisation. In this context, you can request to be informed of the appropriate guarantees pursuant to Art. 46 of the GDPR in connection with such transmission.
- Right to Rectification
You have a right to immediate rectification and/or completion vis-à-vis the controller if your processed personal data are incorrect or incomplete.
- Right to restriction of processing
- Under the following conditions, you may request the controller to immediately restrict the processing of your personal data:
- if you contest the accuracy of your personal data for a period of time that enables the controller to verify the accuracy of the personal data;
- the processing is unlawful and the you oppose the erasure of the personal data and request the restriction of their use instead;
- the controller no longer needs the personal data for the purposes of processing, but they are required by you for the establishment, exercise or defence of legal claims, or if you have objected to processing pursuant to Art. 21(1) of the GPDR and verification is pending on whether the legitimate grounds of the controller override your grounds.
- Where processing of your personal data has been restricted, such data may only be processed – apart from being stored – with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State. If the restriction of the processing has been restricted in accordance with the aforementioned conditions, you will be notified by the controller before the restriction is lifted.
- Right to erasure
- a) You may request the controller to erase your personal data without undue delay where one of the following grounds applies:
- Your personal data are no longer necessary for the purposes for which they were collected or otherwise processed.
- You withdraw consent on which the processing pursuant to Art. 6(1) lit. a or Art. 9(2) lit. a GDPR was based and where there is no other legal ground for the processing.
- You lodge an objection to the processing pursuant to Art 21(1) GDPR and there are no overriding legitimate grounds for the processing, or you lodge an objection to the processing pursuant to Art. 21(2) GDPR.
- Your personal data have been unlawfully processed.
- Your personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject.
- Your personal data have been collected in relation to offered information society services pursuant to Art. 8(1) GDPR..
- b) Where the controller has made your personal data public and is obliged pursuant to Art 17(1) GDPR to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers who are processing the personal data that you as the data subject have requested the erasure by such controllers of all links to those personal data or copies or replications of those personal data.
- c) The right to erasure does not apply if processing is necessary
- for exercising the right of freedom of expression and information;
- for compliance with a legal obligation which requires processing by Union or Member State law, to which the controller is subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
- for reasons of public interest in the area of public health pursuant to Art. 9(2) lit. h and lit. i as well as Art. 9(3) GDPR;
- for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Art. 89(1) GDPR in so far as the right referred to in a) is likely to render impossible or seriously impair the achievement of the objectives of such processing or for the establishment, exercise or defence of legal claims.
- Right to notification
Where you have exercised your right to have the controller rectify, erase or restrict the processing, the controller is obliged to notify all recipients to whom your personal data have been disclosed of this rectification/erasure/restriction of processing, unless this proves impossible or involves a disproportionate amount of effort. You have the right vis-à-vis the controller to be notified of such recipients.
- Right to data portability
- You have the right to receive your personal data that you have provided to the controller in a structured, commonly used and machine-readable format. In addition, you have the right to transmit those data to another controller without hindrance from the controller to whom the personal data were provided, provided that
- processing is based on consent pursuant to Art. 6(1) lit. a GDPR or Art. 9(2) lit. a GDPR or on a contract pursuant to Article 6(1) lit. b GPPR; and
- processing is carried out using automated methods.
- In exercising this right you also have the right to request that your personal data be transmitted directly from one controller to another controller, where technically feasible. The freedoms and rights of other persons may not be affected by this.
- The right to data portability shall not apply to the processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
- The data subject has the right to contact the controller at any time to assert the right to data portability.
- Right to object
- You have the right to object at any time, on grounds relating to your particular situation, to processing of your personal data carried out pursuant to Art. 6(1) lit. e or lit. f GDPR; this also applies to profiling based on these provisions
- The controller then no longer processes your personal data unless he can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.
- If your personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for the purpose of such marketing; this also applies to profiling to the extent that it is related to such direct marketing. If you object to the processing for direct marketing purposes, your personal data will no longer be processed for such purposes.
- You may exercise your right to object in connection with the use of information society services – notwithstanding Directive 2002/58/EC – by automated means using technical specifications.
- •The data subject has the right to contact the controller at any time to assert the right to object.
- Right to withdraw the data protection declaration of consent
You have the right to withdraw your data protection declaration of consent at any time. The withdrawal of consent will not affect the legality of processing carried out on the basis of consent before withdrawal. To assert this right you may contact the controller.
- Automated individual decision-making, including profiling
- You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.
This does not apply if the decision
(1) is necessary for the conclusion or fulfillment of a contract between you and the controller, (2) is admissible due to Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests, or (3) takes place with your explicit consent
- However, these decisions may not be based on special categories of personal data according to Art. 9(1) GDPR unless Art. 9(2) lit. a or lit. g applies and appropriate measures have been taken to protect your rights, freedoms and legitimate interests.
- In the cases referred to in (1) and (3), the controller shall take suitable measures to safeguard your rights, freedoms and legitimate interests, including at least the right to obtain human intervention on the part of the controller, to state his or her own position and to contest the decision.
- The data subject has the right to contact the controller at any time to assert these rights regarding automated decision-making.
- Right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR. The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and outcome of the complaint including the possibility of a judicial remedy pursuant to Art. 78 GDPR.
We reserve the right to modify our data protection practices and this policy to bring them in line with changes to relevant laws and/or regulations where applicable or to better address your needs. Accordingly, any changes to our data protection practices will be disclosed here.