DATA PROTECTION POLICY (AS OF MAY 2018)
We, Becker Büttner Held PartGmbB, are pleased that you are visiting our website and are interested in our law firm. We know that careful handling of your personal data is important to you. We are, of course, committed to protecting your data in compliance with the statutory provisions for the protection of personal data.
In the following Data Protection Policy, we would like to inform you in particular about how we collect and process your personal data when you use our website as well as about your rights.
This Data Protection Policy refers to the following websites of Becker Büttner Held PartGmbB:
Controller within the meaning of Article 4(7) of the EU General Data Protection Regulation (GDPR) for the processing of your personal data in accordance with the statutory provisions on data protection is:
Becker Büttner Held PartGmbB
Phone: +49 (0)89 23 11 64 0
2. Data protection officer
If you have any questions regarding data protection or need additional information on data protection-related processes on our website, please feel free to contact our data protection officer:
Address: Becker Büttner Held PartGmbB, Pfeuferstraße 7, 81373 Munich, Germany
Phone: +49 (0)89 23 11 64 0
3. Information on the collection and processing of data
You can, in principle, visit our website without registration or logging in. Data is only collected and used to the extent governed by the following provisions. We only collect, store or use personal data to the extent that we have a lawful basis to do so or you have consented to it. The provision of personal data or giving consent is, in principle, voluntary. If you do not give us your consent or provide us with personal data it will, in principle, have no negative effects for you.
“Personal data” means any information relating to an identified or identifiable natural person. These include, in particular, name, address, email address, gender, birthday, phone number, age and bank details.
We collect and process the following data on our website:
3.1. Standard log files when visiting our website (server log)
When you access our websites, the web server automatically collects and stores information. The automatically collected information listed in the following is collected and evaluated to produce statistics on the use of and web traffic to our website and the contents primarily retrieved by the users as well as for the purpose of monitoring our website. In addition, the information specified below is used to ensure the operability and safety of our website. The knowledge thereby gained is then used for improving our services and optimising our websites and is stored for statistical purposes.
This automatically collected data includes:
• Domain name or IP address
• Date and time of the server request
• File names and URL you have accessed
• Access status/http status code
• Referrer URL (i.e. the website you have previously accessed)
• Web browser
• Operating system and its interface as well as
• Browser software version and language.
The legal basis for the collection of the IP address is Article 6(1) sentence 1 lit. (f) GDPR. It is necessary to record the IP address in order to ensure the safety and stability of our internet services, e.g. in the event of hacker attacks.
This information is stored separately from the further data you might have transmitted to us, in particular for the purpose of processing your inquiries. The data specified above is not linked to such further data. We cannot trace back the data to your person or your individual behaviour.
3.2. Under what circumstances and based on what legal basis is further “personal data” collected and processed?
We collect and process further personal data only if this is permissible under the applicable statutory provisions regarding the protection of personal data or you have given us your consent to do so.
If we collect personal data based on your consent, you may withdraw consent at any time notifying the controller (see section 1. above) or the data protection officer (see section 2 above) without the withdrawal of consent affecting the lawfulness of processing based on consent before its withdrawal.
3.2.1. Processing of personal data after contacting us
We collect and store the information and personal data that you provide us with via email for the purpose of making contact or within the context of an inquiry or job application (e.g. email address, name etc.). In order to be able to respond to such inquiries in the first place and to adequately deal with such inquiries as requested and according to the purpose of your inquiry we need to make use of the personal data provided to us in connection with the respective inquiry by collecting, processing and using such data.
The legal basis for processing your personal data which is provided to us via email and used to respond to and process your email is Article 6(1) sentence 1 lit. (f) GDPR.
3.2.2. Processing of personal data when applying for a job by way of the recruitment application form on our career website
You may apply for various vacancies (e.g. lawyer, tax advisor, office management etc.) at our law firm via our career website www.bbh-karriere.de/. To this end, we integrated a recruitment application form into our website which you may use to submit your application electronically.
If you fill in such a recruitment application form and transmit your data to us using the respective button, we will collect and process your personal data which you provided to us for the purposes of making contact and submitting an application online (such as e.g. your email address, name and address). For further details as to what specific information is requested by us in this respect, we kindly ask you to refer to our recruitment application form available at our website.
In order to be able to respond to and evaluate your application in the first place, we need to make use of the personal data – i.e. in particular the data to be entered in the mandatory fields of the application form which were provided to us in connection with the respective inquiry – by collecting and processing such data. If, in the context of your application, you provide us with further information on a voluntary basis, we will, as the case may be, process and respond to your application also on the basis of these data.
In this context, we process your personal data exclusively for the purpose of processing and responding to your application.
You agree to the above mentioned processing of your data by putting a check mark on the respective box of the contact form. The legal basis for the collection and processing of your personal data which you provided to us by submitting your application form is established by Article 6(1) sentence 1 lit. (a) GDPR.
Please note that all documents and information submitted to us within the context of the application process will be treated strictly confidential and, unless you have given us your explicit consent to do so, they will not be passed on in any form to any third party.
Our websites use so-called transient cookies. Transient cookies are cookies that enable you to move across several websites quickly, simply and efficiently without having to authenticate yourself anew every time. These include in particular the session cookies. These cookies store a so-called session ID with which various requests of your browser can be assigned to a shared session. This makes it possible to recognise your computer when you return to our website. Transient cookies are deleted automatically when you close your browser after finishing your session.
Furthermore, our career website uses persistent cookies. Persistent cookies lead to a faster and more convenient access to websites by remembering certain settings and ensuring that these are set in advance when you visit the website again, e.g. by saving your previous selection of language. Persistent cookies are stored for a specified period of time and are only deleted automatically after the expiry of such time.
4. Links to YouTube videos
On our website, you will also find links to YouTube videos which are stored at https://www.youtube.com and can be accessed via our website. YouTube is a streaming service of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter: “Google”).
The YouTube videos linked to our website cannot be played directly from our website. For data protection reasons, we have decided to make the YouTube videos only available to you by linking them back to the respective website of YouTube where you can play back the videos. This means that no data concerning you will be transferred to YouTube if you do not play back the YouTube videos linked to our website. However, as soon as you click a link we have placed to one of our YouTube videos, you will be forwarded to the website of YouTube. At this point, data will be transferred to YouTube. We have no influence on such transfer of data to and data collections by YouTube. We have no knowledge of the individual purposes of such processing activities or their scope and duration of storage, either. Whether YouTube performs any erasures or renders data anonymous is not known to us either, and is not subject to our influence. If you click the link and are simultaneously logged in to YouTube, YouTube will directly assign the data collected during the visit of its website to your YouTube account.
For further information on the purpose and scope of the collection and processing of data by YouTube, please refer to the data protection policy of YouTube. There, you will also find further information on your rights and how to adjust your settings to protect your privacy (https://policies.google.com/privacy?hl=en&gl=en). YouTube processes your personal data also in the USA and has subjected itself to the US-EU Privacy Shield. For further information please see https://www.privacyshield.gov.
Please note that clicking the link to our YouTube videos will cause you to leave the area of protection and responsibility of our website and that activating the plug-in will trigger data collection and processing by YouTube that is not subject to our control.
5. Use of Matomo (formerly Piwik)
We use Matomo, an open-source web analytics service, to analyse the website activities of our visitors as well as to optimise our website. Using Matomo provides us with statistics the evaluation of which helps us improve our website and enhance its attractiveness to our visitors.
We use Matomo exclusively with the “anonymizeIP“ plug-in, i.e. by anonymising your IP address. This means that your IP address is truncated before being processed further so that it is not possible to trace back the website activity to a specific computer or individual. The anonymised IP address is not combined with other data collected by us.
In order to be able to analyse the use of the website, Matomo sets a cookie (cf. section 3.3) on your computer. As soon as you access our website, your internet browser will automatically transfer data to our server for the purpose of web analytics. We store the information collected by the cookie on our server in Germany only for the purpose of analysing the usage of the website and do not pass this information on to third parties. You can deactivate the placement of cookies by our website in the settings of your browser. Information on this can be found in the help function of your browser. You can also terminate the evaluation of the collected information by deleting the cookie set by Matomo.
You may also object to our using Matomo and thus storing and subsequently evaluating your data by clicking on the following link and then unchecking the box. After clicking on the link and unchecking the box, a so-called opt-out cookie (with a validity of 2 years) will be downloaded to your browser which prevents Matomo from collecting data on your session. Please note that if you delete your cookies, also the opt-out cookie will be deleted and must therefore be activated again by you!
For further information as well as the applicable data protection provisions of Matomo, please see https://matomo.org/privacy-policy/.
6. Social media plug-ins
On our website, we use social media plug-ins from Facebook, Twitter and Xing (hereinafter: “providers”).
These social media plug-ins are displayed on our website as follows:
By clicking on the respective plug-in button, the aforementioned plug-ins will allow you to establish a direct connection to the website of the provider of the respective plug-in and directly use its web services. By moving the mouse cursor over the respective plug-in, you may see who the provider of each plug-in is. In addition, the plug-ins show the logos of the individual services.
In order to collect as little data as possible (in accordance with the data minimisation principle) when embedding the aforementioned social media plug-ins, we offer on our website the so-called Shariff solution to activate these plug-ins. This means that the providers of the individual plug-ins cannot collect personal data from you while you are visiting our website. The button with implemented Shariff solution will only establish the direct contact to the respective social network site of the aforementioned providers once you have actively clicked on the respective social media plug-in. It is only with this click that you will open the connection to and establish a direct connection with the respective provider of the plug-in, which is relevant under data protection law.
Please note that, depending on the provider of the plug-in, data transfer to the USA is possible as well. All of the above providers have, however, subjected themselves to the EU-US Privacy Shield (https://www.privacyshield.gov/EU-US-Framework) that serves the promotion of data protection.
We cannot influence the collection and processing of your personal data by the respective providers of the plug-ins. We also have no knowledge of the individual purposes of such processing activities or their scope and duration of storage. Whether the plug-in provider performs any erasures or renders data anonymous is not known to us either, and is not subject to our influence.
If you are logged in with a provider via a user profile or if you log in at a later time, the provider may assign your visit to our website and your action performed by activating the plug-in (e.g. “sharing”) to your user profile with the provider. Even if you do not have any user profile with the provider of the respective plug-in, it is possible that it will record and store your IP address or register your visit to our website via cookies.
For details regarding the purpose and scope of data collection and further processing and use of the personal data by the providers as well as your corresponding rights and setting options in order to protect your privacy, see the respective provisions on data protection of the providers.
Below, you will find the addresses of the providers of Facebook, Twitter and Xing, as well as the associated data protection notices for use of the individual services.
• Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA
Data protection notice:
• Twitter Inc., 1355 Market St, Suite 900, San Francisco, CA 94103, USA
Data protection notice:
• XING SE, Dammtorstraße 30, 20354 Hamburg, Germany
Data protection notice:
Please note that clicking one of the social media plug-ins will cause you to leave the area of protection and responsibility of our website and activating the plug-in will trigger data collection and processing by the individual providers of the plug-ins that is not subject to our control.
7. Links to social media networks / social media buttons
We have integrated the social media buttons of Twitter and LinkedIn (hereinafter: “provider(s)”) in our online presence as links. These links will take you to our respective profile with these providers, enabling you to follow us there. Twitter is a service of Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland. LinkedIn is a service of LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland.
For data protection reasons, we have decided to embed the social media buttons only as links to our respective profile with the provider. This means that no data concerning you will be transferred to the providers unless you click the respective button. However, as soon as you click the link that we have placed to our respective profile, you will be forwarded to the website of the provider. There, data are transferred to the respective provider. We have no influence on this potential transfer of personal data to and data collections by the providers. We also have no knowledge of the individual purposes of such processing activities or their scope and duration of storage. Whether the providers perform any erasures, generate or assign profiles, or render data anonymous is not known to us either, and is not subject to our influence.
If you click the respective link on our website and are, simultaneously, logged in to the service of one of the above providers, such provider will directly assign the data collected during the visit of its website to your profile with such provider.
For further information on the purpose and scope of collecting and processing data by the aforementioned providers, please refer to the data protection policy of these providers. There, you will also find further information on your rights and how to adjust your settings to protect your privacy (https://twitter.com/en/privacy and https://www.linkedin.com/legal/privacy-policy?trk=uno-reg-guest-home-privacy-policy). The providers process your personal data in the USA and have subjected themselves to the EU-US Privacy Shield. For further information please see https://www.privacyshield.gov.
Please note that clicking the link to Twitter will cause you to leave the area of protection and responsibility of our website and that activating the link will trigger data collection and processing by Twitter that is not subject to our control.
8. Duration of the storage of personal data
Your personal data, which we are allowed to process on a lawful basis or to the processing of which you have given your consent, is principally only stored for the duration required for the purposes specified under section 3 above or, alternatively, until you withdraw your previously given consent to the processing of your personal data or you object to such processing.
Your web server log files (cf. section 3.1 above) are deleted by us after three months.
The personal data that you provide us with on our career website within the context of a job application is stored for one year for the purpose of evaluating suitable vacancies for your person. Upon expiration of this period, such data including all documents provided to us with your application are deleted.
9. Data backup and location of processing activities
All our systems on which personal data is stored are password-protected and only accessible to a limited group of persons. Processing and use of the data will take place exclusively in the territory of the Federal Republic of Germany, in a Member State of the European Union or another contracting state of the Agreement on the European Economic Area.
10. Forwarding of data
We will not pass your personal data on to any third parties, except if we are legally entitled to do so or if you have given your consent.
Forwarding of data to any state facilities and/or public authorities shall only take place when we are required to do so by mandatory legal provisions or official or judicial orders.
If the aforementioned requirements are not met, we only forward personal data to third parties if you have consented thereto (Article 6(1) sentence 1 lit. (a) GDPR).
11. Your rights
You have the following rights vis-à-vis us regarding your personal data:
• Right to access (Article 15 GDPR),
• Right to rectification and right to erasure (Articles 16 and 17 GDPR),
• Right to restriction of processing (Article 18 GDPR),
• Right to data portability (Article 20 GDPR).
12. Right to lodge a complaint with the data protection supervisory authority
If you believe that our processing of your personal data is not in compliance with the provisions described herein and/or the applicable data protection laws, you have the right to lodge a complaint with one of the competent data protection supervisory authorities.
13. Right to object
According to Article 21(1) GDPR, you have the right to object at any time to the processing of your personal data within the meaning of Article 6(1) sentence 1 lit. (e) or (f) of GDPR. We kindly ask you to indicate in your objection the reasons why we should no longer process your personal data. You may address your objection to the controller (see section 1) or to our data protection officer (see section 2). In case of a substantiated objection, we shall no longer use your personal data for the respective purposes and erase them from our system, unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.