Since 25 May 2018, the General Data Protection Regulation (GDPR), adopted by the European Parliament and the Council of the European Union, has been in force to protect individuals from the processing of personal data and the free movement of such data.
According to the GDPR, the processing of personal data is lawful only under the conditions specified in the GDPR, which are referred to in Article 6 GDPR. In addition, the data subjects must be informed of their rights with regard to the processing of their personal data.
As a result, we would like to inform you at this point of the following, with references to the GDPR as amended from 25 May 2018.
This data protection declaration applies to the website of the LangPatent law firm IP Law Firm (hereinafter "our website") and to the personal data collected via this website as well as to the information provided to us by e-mail, telephone, post or fax.
2. Name and contact details of the controller
The person responsible for the processing of personal data is:
Dr.-Ing. Christian Lang Ingolstädter Straße 5 80807 Munich Phone: +49(0)89/46 22 464 0 Fax: +49(0)89/46 22 464 10 Email: firstname.lastname@example.org
3. Name and contact details of the Data Protection Officer
The data protection officer appointed by the controller is:
Gregor Kurt Rössling Ingolstädter Straße 5 80807 Munich Phone: +49(0)89/46 22 464 0 Fax: +49(0)89/46 22 464 10 Email: email@example.com
4. Type of personal data 4.1 Website
Already at the time of the access to our website, data from the device calling the website is transferred to the server of the Internet service provider and stored in a so-called log file. The data stored in this log file is the IP address and system configuration of the device used to access the website, the type of browser installed on this device, the website that has been visited previously, and the dates and times.
The purpose of the storage of this log data by our Internet service provider is to establish a connection to our website as well as to detect and prevent attacks on the server of the Internet service provider.
The legal basis for the storage of these log data is Article 6 (1) sentence 1 letter f GDPR.
Our Internet Service Provider is:
4.2 Contacting by e-mail, telephone, fax or post
On our website, of course, our e-mail address, telephone and fax number as well as our postal address are indicated in order to enable you to contact us.
In the event of contact, we store personal data to the extent necessary for an appropriate response to the concerns expressed to us. This includes in particular contact details such as name, address, e-mail address or telephone number.
The purpose of storing this data is to provide expeditious legal advice to those who contact us.
The legal basis for the storage of this data is Article 6 (1) sentence 1 letter b, c GDPR.
Important note: For data security reasons, we generally recommend the encrypted transmission of e-mails. The required public key of our law firm is indicated on our website under the section Contact/Encryption.
5. Duration of storage of personal data
The IP addresses stored by the Internet Service Provider when you visit our website are stored by the Internet Service Provider for a maximum of 7 days. The remaining log data is not personal data because it is not information relating to an identified or identifiable natural person.
Data collected by us is stored for the duration of the statutory retention obligation. The professional regulations applicable to patent attorneys and lawyers (Patent Attorneys' Regulations, Federal Lawyers' Regulations) oblige them to keep hand files and to keep them for a period of six years after the end of the calendar year in which the contract was terminated. Therefore, we are obliged to create a manual file and accordingly also to process personal data and to keep them at least for the specified duration as soon as a contact has been made with us.
6. Disclosure of personal data
As lawyers, we are of course aware of the sensitivity of the data entrusted to us and handle this data responsibly accordingly.
Therefore, personal data and other information will only be passed on by us to third parties if it is necessary to process the mandate given or if the consent of the data subject has been obtained, unless statutory provisions oblige us to disclose personal data or other information.
The scope of the personal data and other information we provide is generally limited to the extent necessary for the processing of the mandate or the fulfilment of legal obligations.
7. Cookies, analytics tools, social media plug-ins
8. Rights of data subjects
According to the GDPR, the data subjects have a number of rights which they can assert against the data controller, insofar as this does not include opposing statutory provisions, in particular those of the professional regulations referred to in point 5.
The rights of the data subject affected by the processing of personal data are:
- the right to revoke consent to the processing of personal data, Article 7 paragraph 3 GDPR
- Right to information in accordance with Article 15 GDPR: The data subject has the right to request confirmation from the controller as to whether personal data concerning him/her are being processed. If this is the case, it has a right to information about this personal data and to the following information: (a) the processing purposes; (b) the categories of personal data that are processed; (c) the recipients or categories of recipients to whom the personal data have been or are still being disclosed, in particular in the case of recipients in third countries or international organisations; (d) where possible, the planned duration for which the personal data will be stored or, if this is not possible, the criteria for determining that duration; (e) the existence of a right to rectification or erasure of personal data concerning them or to restriction of processing by the controller or a right to object to such processing; (f) the existence of a right of appeal with a supervisory authority; (g) if the personal data are not collected from the data subject, all available information on the origin of the data; (h) the existence of automated decision-making, including profiling, in accordance with Article 22 (1) and (4) and, at least in such cases, meaningful information on the logic involved and the scope and intended impact of a such processing for the data subject.
- Right to correction under Article 16 GDPR: The data subject has the right to request without delay the controller for correction of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject shall have the right to request the completion of incomplete personal data, including by means of a supplementary declaration.
- Right to erasure under Article 17 GDPR: The data subject has the right to require the controller to delete personal data concerning him or her without delay, and the controller is obliged to delete personal data without delay, provided that one of the following reasons applies: (a) The personal data are no longer necessary for the purposes for which they were collected or otherwise processed. (b) The data subject withdraws his consent, on which the processing was based in accordance with Article 6 (1) (a) or Article 9 (2) (a), and there is no other legal basis for the processing. (c) The data subject shall object to the processing in accordance with Article 21 (1) and there are no primary legitimate grounds for processing, or the data subject shall object to the processing in accordance with Article 21 (2). d) The personal data have been processed unlawfully. (e) The erasure of personal data is necessary to fulfil a legal obligation under Union law or the law of the Member States to which the controller is subject. (f) The personal data have been collected in relation to information society services offered in accordance with Article 8 (1).
Right to restrict processing in accordance with Article 18 GDPR: The data subject has the right to require the controller to restrict the processing if one of the following conditions is met: (a) the accuracy of the personal data is disputed by the data subject for a period of time which enables the controller to verify the accuracy of the personal data; (b) the processing is unlawful and the data subject refuses to delete the personal data and instead requests the restriction of the use of the personal data; (c) the controller no longer needs the personal data for the purposes of processing, but the data subject needs it to assert, exercise or defend legal claims; (d) the data subject has lodged an opposition to the processing referred to in Article 21 (1), pending the date on whether the legitimate reasons of the controller outweigh those of the data subject.
- Right to data portability under Article 20 GDPR: The data subject has the right to obtain the personal data concerning him or her, which he has provided to a controller, in a structured, common and machine-readable format, and he or she has the right to obtain such data from another controller. without hindrance by the controller to whom the personal data has been provided, provided that: (a) the processing is based on consent in accordance with Article 6 (1) (a) or Article 9 (2) (a) or on a contract referred to in Article 6 (1) (b) and (b) the processing is carried out using automated procedures.
- Right of objection pursuant to Article 21 GDPR: The data subject shall have the right, for reasons arising from his particular situation, to object at any time to the processing of personal data concerning him or her pursuant to Article 6 (1) (e) or (f); this shall also apply to profiling based on these provisions. The controller will no longer process the personal data unless he can prove compelling legitimate grounds for the processing that outweigh the interests, rights and freedoms of the data subject, or the processing serves the purpose of the assertion, exercise or defence of legal claims. Where personal data are processed for direct marketing purposes, the data subject has the right to object at any time to the processing of personal data concerning him or her for the purpose of such advertising; this also applies to profiling insofar as it is related to such direct marketing.
- The right not to be subject to an automated decision, Article 22 GDPR: The data subject has the right not to be subject to a decision based solely on automated processing, including profiling, which has legal effect on him or, in a similar way, significant affect.
Finally, without prejudice to any other administrative or judicial remedy, any data subject concerned has the right to lodge a complaint with a supervisory authority, in particular in the Member State of his/her place of residence, workplace or the place of the alleged infringement, if the data subject considers that the processing of personal data concerning him or her is in breach of the GDPR Regulation.
The supervisory authority responsible in Bavaria is:
Bavarian State Office for Data Protection Supervision (BayLDA) Promenade 27 91522 Ansbach