Call me!+49 30 235 904 37010117 BerlinFriedrichstraße 95

Suche

LEGAL MATTERS

Privacy & Co

Privacy, SSL & Co.

Privacy policy

Barbara Loth, as the operator of the website www.barbara-loth.de, is delighted that you have visited her website. Below I inform you about the processing of personal data when using the website.

I. Explanation of terms

The privacy policy uses terms that are defined in the EU General Data Protection Regulation (GDPR).

According to the GDPR, personal data is any information relating to an identified or identifiable natural person. This refers to information such as your name, your date of birth, your address, your e-mail address, your IP address or your telephone number as well as your user behavior. In contrast, information that is not directly associated with your real identity – such as generally preferred websites of all users or the number of users of a site – is not referred to as personal data.

Data subject is any identified or identifiable natural person whose personal data is processed by the controller responsible for the processing.

Processing is any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Restriction of processing is the marking of stored personal data with the aim of restricting its future processing.

Controller or controller responsible for the processing is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.

Processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

Recipient is a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, authorities that may receive personal data in the context of a specific investigation mandate under Union law or the law of the Member States are not considered recipients.

Third party is a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data.

Consent is any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her

II. Name and address of those responsible

The controller within the meaning of the General Data Protection Regulation and other national data protection laws of the member states as well as other data protection regulations is

Barbara Loth

Friedrichstrasse 95

10117 Berlin

Germany

Phone: +49 30 235 904 370

E-mail: info@barbara-loth.de

Website: www.barbara-loth.de

III. Name and address of the data protection officer

The data protection officer of the controller is

Anika Waltasaari

Friedrichstrasse 95

10117 Berlin

Germany

Phone: +49 ( 30 ) 555 787 110

E-mail: awaltasaari@hoepken-partner.de

Website: www.hoepken-partner.de

iV. Scope of the processing of personal data

I only process my users’ personal data to the extent necessary to provide a functional website and our content and services. The processing of personal data of my users takes place regularly only with the consent of the user. An exception applies in cases where prior consent cannot be obtained for factual reasons and the processing of the data is permitted by law.

V. Legal basis for the processing of personal data

Insofar as I obtain the consent of the data subject for the processing of personal data, Art. 6 para. 1 lit. a EU General Data Protection Regulation (GDPR) as the legal basis.

In the processing of personal data necessary for the performance of a contract to which the data subject is party, Art. 6 para. 1 lit. b GDPR as the legal basis. This also applies to processing operations that are necessary to carry out pre-contractual measures.

Insofar as the processing of personal data is necessary to fulfill a legal obligation to which our company is subject, Art. 6 para. 1 lit. c GDPR as the legal basis.

In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 para. 1 lit. d GDPR as the legal basis.

If the processing is necessary to safeguard a legitimate interest of my law firm or a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the first-mentioned interest, Art. 6 para. 1 lit. f GDPR as the legal basis for processing.

VI Data erasure and storage duration

The personal data of the data subject will be deleted or blocked as soon as the purpose of storage no longer applies. Data may also be stored if this has been provided for by the European or national legislator in EU regulations, laws or other provisions to which the controller is subject. The data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or fulfillment of a contract.

VII Provision of the website and creation of log files

1. description and scope of data processing

The scope and type of collection and use of your data differs depending on whether you visit my website only to retrieve information or whether you make use of the e-mail contact.

In principle, it is not necessary for you to provide me with personal data in order to use my website for information purposes only. Rather, during your visit to my website, I automatically collect, use and store information in the server log files that is transmitted to me by the browser you are using.

The following data is collected:

  • Information about your browser: Type, language and the version you are using (e.g. Mozilla Firefox, Microsoft Internet Explorer, Apple Safari, Google Chrome)
  • The operating system you are using
  • The Internet service provider commissioned by you
  • Your IP address
  • Date and time of your access
  • Websites from which your system accesses my website
  • Websites that are accessed by your system via my website
  • Content of the request (specific page)
  • Access status/http status code
  • Amount of data transferred in each case
  • The data listed above cannot be assigned to specific persons. I do not combine this data with other data sources, i.e. this data is not stored together with other personal data such as your name, your address, your telephone number or your e-mail address.

2. legal basis for data processing

The legal basis for this temporary storage of data and log files is Art. 6 para. 1 f) GDPR, as my legitimate interests in this storage as set out below outweigh your interests, fundamental rights and freedoms: The IP address is regarded as personal data.

  1. Purpose of data processing

The temporary storage of the IP address by the system is necessary to enable the transmission of my website to your browser. For this purpose, the IP address must remain stored for the duration of the session. Storage in log files takes place to ensure the functionality of my website. I also use the data to optimize my website and to ensure the security of my information technology systems. The data is not analyzed for marketing purposes in this context.

  1. Duration of storage

The data will be deleted as soon as it is no longer required for the purpose for which it was collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended.

If the data is stored in log files, this is the case after seven days at the latest. Storage beyond this is possible. In this case, the IP addresses of the users are deleted or alienated so that it is no longer possible to assign the calling client.

  1. Possibility of objection and removal

 

The collection of data for the provision of the website and the storage of data in log files is absolutely necessary for the operation of the website. Consequently, there is no possibility for the user to object.

VIII. Use of cookies

  1. Description and scope of data processing

 

I use cookies to make my website more user-friendly. Some elements of my website require that the accessing browser can be identified even after a page change.

For more information on the cookies used, the purpose and scope of individual cookies and the storage period, please refer to the cookie policy.

IX. Contact form and e-mail contact

1. description and scope of data processing

There is a contact form on my website which can be used to contact me electronically. If a user makes use of this option, the data entered in the input mask will be transmitted to me and stored.

  1. Legal basis for data processing

The legal basis for the processing of the data, if the user has given consent, is Art. 6 para. 1 lit. The legal basis for the processing of data transmitted in the course of sending an e-mail is Art. 6 para. 1 lit. f GDPR. If the e-mail contact is aimed at the conclusion of a contract, the additional legal basis for the processing is Art. 6 para. 1 lit. b GDPR.

  1. Purpose of data processing

The processing of personal data from the input mask is solely for the purpose of processing the contact. In the case of contact by e-mail, this also constitutes the necessary legitimate interest in the processing of the data if this is based on Art. 6 para. 1 f) GDPR are processed.

  1. Duration of storage

The data will be deleted as soon as it is no longer required for the purpose for which it was collected. For the personal data from the input screen of the contact form and those sent by email, this is the case when the respective conversation with the user has ended. The conversation is ended when it can be inferred from the circumstances that the matter in question has been conclusively clarified.

  1. Possibility of objection and removal

The user has the option to revoke their consent to the processing of personal data at any time. If the user contacts me by e-mail, he can object to the storage of his personal data at any time. In such a case, the conversation cannot be continued.

All personal data stored in the course of contacting us will be deleted in this case.

X. Rights of the data subjects

You have a right to rectification and/or completion vis-à-vis me as the controller if the personal data processed by me concerning you is incorrect or incomplete. I must make the correction immediately. If I process your personal data, you are a data subject within the meaning of the GDPR and you have the following rights vis-à-vis me as the controller:

  1. Right to information

You can request confirmation from me as to whether personal data concerning you is being processed by me. If such processing has taken place, you can request further information from me about the following information:

  • the purposes for which the personal data are processed;
  • the categories of personal data that are processed;
  • the recipients or categories of recipients to whom the personal data concerning you have been or will be disclosed;
  • the planned duration of storage of the personal data concerning you or, if specific information on this is not possible, criteria for determining the duration of storage;
  • the existence of a right to rectification or erasure of personal data concerning you, a right to restriction of processing by the controller or a right to object to such processing;
  • the existence of a right of appeal to a supervisory authority;
  • all available information about the origin of the data if the personal data is not collected from you as the data subject.
  • You have the right to request information as to whether the personal data concerning you is transferred to a third country or to an international organization. In this context, you can request to be informed about the appropriate guarantees in accordance with Art. Art. 46 GDPR in connection with the transfer.

2. right of rectification

You have a right of rectification and/or completion vis-à-vis me if the personal data processed by me concerning you is incorrect or incomplete. I must make the correction immediately.

3. right to restriction of processing

Under the following conditions, you may request the restriction of the processing of your personal data:

  • if you contest the accuracy of the personal data concerning you for a period enabling the controller to verify the accuracy of the personal data;
  • the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;
  • I no longer need the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defense of legal claims, or
  • if you object to the processing pursuant to Art. 21 para. 1 GDPR and it is not yet certain whether the legitimate reasons I have asserted outweigh your reasons.

If the processing of personal data concerning you has been restricted, such data may only be processed – apart from being stored – with your consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.

If the restriction of processing has been restricted in accordance with the above conditions, you will be informed by me before the restriction is lifted.

4. right of cancellation

Obligation to delete

I am obliged to delete your personal data immediately if one of the following reasons applies:

  • The personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed.
  • You revoke your consent on which the processing is based in accordance with. Art. 6 para. 1 lit. a) or Art. 9 para. 2 lit. a) GDPR and there is no other legal basis for the processing.
  • You create acc. Art. 21 para. 1 GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Article 6(1) GDPR. Art. 21 para. 2 GDPR to object to the processing.
  • The personal data concerning you has been processed unlawfully.
  • The deletion of personal data concerning you is necessary to fulfill a legal obligation under Union law or the law of the Member States to which I am subject.
  • The personal data concerning you have been collected in relation to the offer of information society services referred to in Art. 8 (1) GDPR. 1 DS-GVO collected.

Information to third parties

Have I made the personal data concerning you public and am I obliged pursuant to Art. Art. 17 para. 1 GDPR, I shall take appropriate measures, including technical measures, taking into account the available technology and the implementation costs, to inform other data controllers who process your personal data that you as the data subject have requested the deletion of all links to this personal data or of copies or replications of this personal data.

Exceptions

The right to erasure does not exist if the processing is necessary

  • to exercise the right to freedom of expression and information;
  • for compliance with a legal obligation which requires processing by Union or Member State law to which we are subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
  • for reasons of public interest in the area of public health pursuant to Art. 9 para. 2 lit. h) and i) and Art. 9 para. 3 GDPR;
  • for archiving purposes in the public interest, scientific or historical research purposes or for statistical purposes in accordance with Art. 6 para. 1 lit. a GDPR. Art. 89 para. 1 GDPR, insofar as the right to erasure is likely to render impossible or seriously impair the achievement of the objectives of that processing, or
  • for the assertion, exercise or defense of legal claims.

Right to information

If you have asserted the right to rectification, erasure or restriction of processing against me, I am obliged to notify all recipients to whom the personal data concerning you have been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves a disproportionate effort. You have the right to be informed about these recipients.

Right to data portability

You have the right to receive the personal data concerning you, which you have provided to me, in a structured, commonly used and machine-readable format. You also have the right to transmit this data to another controller without hindrance from me as the controller to which the personal data has been provided, where

  • the processing is based on consent pursuant to Art. Art. 6 para. 1 lit. a) GDPR or Art. 9 para. 2 lit. a) GDPR or on a contract pursuant to Art. Art. 6 para. 1 lit. b) DS-GVO is based and
  • the processing is carried out using automated procedures.
  • In exercising this right, you also have the right to obtain that the personal data concerning you be transferred directly by me as a controller to another controller, insofar as this is technically feasible. The freedoms and rights of other persons must not be impaired by this.

The right to data portability does not apply to the processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us as the controller.

Right of objection

You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on Article 6 (1) GDPR. 1 lit. e) or f) GDPR; this also applies to profiling based on these provisions.

I will no longer process the personal data concerning you unless I can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims.

If your personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such marketing, which includes profiling to the extent that it is related to such direct marketing. If you object to processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes.

Notwithstanding Directive 2002/58/EC, you have the option of exercising your right to object in connection with the use of information society services by means of automated procedures using technical specifications.

If you wish to exercise your right to object, simply send an e-mail to awaltasaari@hoepken-partner.de.

Revocation of the declaration of consent under data protection law

You have the right to revoke your declaration of consent under data protection law at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

If you wish to exercise your right of withdrawal, simply send an e-mail to awaltasaari@hoepken-partner.de.

Complaint to a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR.

The supervisory authority to which the complaint has been submitted will inform you as the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy pursuant to Art. 78 GDPR.

Please address inquiries in connection with data subject rights to awaltasaari@hoepken-partner.de. Please note that in the case of requests for information that are not made in writing, in order to protect the persons about whom data is stored, I may require proof that you are actually the person whose personal data is being requested.

Please also bear in mind that I do not store any personal data from visitors to my website or cannot derive any direct personal reference unless you have previously transmitted personal data voluntarily.

XI SSL encryption

I use SSL encryption for security reasons and to protect the transmission of confidential content that you send to me. You can recognize an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line. The activation of SSL encryption serves as protection against the data that you transmit to me being read by third parties.

XII. Updating the privacy policy

I reserve the right to adapt this data protection declaration in order to always adapt it to the applicable provisions as well as my offers on the website. Status: July 2022.