Data Protection Notice

We, lawcode GmbH, take data protection very seriously and would like to inform you in our following data protection information about how we process your personal data and in particular what rights you are entitled to.

Personal data is information with the help of which a person can be determined, i.e. information that can be traced back to a person. This typically includes the name, e-mail address or telephone number. In addition, purely technical data that can be assigned to a person is also considered personal data.

 

A. Data Protection Notice of lawcode GmbH

1. Contact details of the controller
lawcode GmbH
Universitätsstraße 3
56070 Koblenz
Germany

Managing directors:
Dr. Ubbo Assmus
Patrick Diede
Lukas Hoffmann
Dominik Lienen

Phone: +49 69 1200 1232
E-mail: datenschutz@lawcode.eu

2. Data to be processed and data categories
In the course of our business activities, we process the following personal data of customers and business partners in particular:

• Contact data of the customer and contact person, such as first and last name, business telephone as well as fax number, e-mail address as well as postal address;
• Bank account data, tax numbers, booking numbers, as well as other billing and accounting-related data of natural persons.

3. Purposes of data processing and legal basis
We process your personal data for the following purposes:

3.1. Data processing for the performance of the contract
We process personal data for the purpose of executing and fulfilling the contract concluded between the customer and us for the provision of the Hintbox and Ombuds Solution, the execution of orders in connection with the Hintbox and Ombuds Solution and for the performance of measures and activities in the context of pre-contractual relations, e.g. with interested parties.

The data processing is based on Art. 6 paragraph 1 lit b) General Data Protection Regulation (“GDPR”). According to this, data processing is lawful if the processing is necessary for the performance of a contract to which the data subject is a party or for the performance of pre-contractual measures which are carried out at the request of the data subject.

3.2. Data processing within the legitimate interests
We may also process your personal data if data processing is necessary to protect our legitimate interests. The data processing is based on Art. 6 paragraph 1 lit. f) GDPR. According to this, data processing is lawful if the processing is necessary to protect the legitimate interests of the controller or a third party, unless such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require the protection of personal data, in particular where the data subject is a child. Our legitimate interests are:

• for advertising or opinion research, unless you have objected to the data processing;
• for statistical evaluations and/or market analysis;
• for evaluation and optimization of the Hintbox and the Ombuds Solution;
• for the execution of a contract with us.

3.3. Data processing for the fulfillment of legal obligations
We process your personal data because we are also partly obliged to do so by law. In particular, tax and commercial law regulations provide for a long storage period of up to 10 years. In such cases, the data processing is based on Art. 6 paragraph 1 lit. c) GDPR in conjunction with the tax and commercial (storage) regulations. According to Art. 6 paragraph 1 lit. c) GPDR, data processing is lawful if the processing is necessary for compliance with a legal obligation to which the controller is subject.

4. Recipients or categories of recipients of your data
We only transfer personal data to third parties if there is a legal basis for doing so, such as, in particular, consent to transfer to third parties, the performance of a contract requires this, a balancing of interests justifies this, or in order to comply with legal requirements under which we are obliged to provide information, report or pass on data. Otherwise, data is only transferred to external service providers who process the data exclusively on our behalf, such as our hosting provider. Within lawcode, only those persons receive the personal data that are required and necessary for the fulfillment of tasks.

5. Duration of the storage of personal data
We store your personal data for the duration of our business involvement, i.e. also for the implementation of pre-contractual measures up to the complete fulfillment of a contract. In addition, we store personal data in accordance with the statutory retention obligations under commercial and tax law of – depending on the requirement – 6 to 10 years. Furthermore, the personal data may also be stored longer if a legal basis allows this, such as when the personal data is required for the assertion, exercise or defense of legal claims beyond that.

6. Data processing within the European Union
We process your personal data exclusively within the European Union.

7. Your rights
You have the following rights against us regarding the personal data concerning you:

• Right of access (Art. 15 GDPR);
• Right to rectification (Art. 16 GDPR) or erasure (Art. 17 GDPR);
• Right to restriction of processing (Art. 18 GDPR);
• Right to data portability (Art. 20 GDPR);
• Right to object to processing (21 DSGVO), in particular with regard to the specified procedures based on a legitimate interest or a balance of interests;
• Right to withdraw your consent at any time (Art. 7 paragraph 3 sentence 1 GDPR). The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.

You can exercise your rights, among other things, by writing an e-mail to the e-mail address given in section 1 or to datenschutz@lawcode.eu.

Furthermore, you have the right to complain to a data protection supervisory authority about the processing of your personal data by us (Art. 77 GDPR). For this purpose, you can contact the supervisory authority at our registered office. You can find the address under the following link on the Internet: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html

8. Your obligation to provide personal data (Art. 13 paragraph 2 lit. e) GDPR)
There is no legal obligation to provide us with your personal data. However, if you wish to conclude a contract with us, we require the necessary personal data for the purpose of concluding and executing the contract. Without this required personal data, it is not possible to conclude and execute a contract.

 

B. Supplementary Data Protection Information for applications / application data

1. Data to be processed and data categories

As part of the application process, we process in particular the following personal data provided by you (“Application Data“):

  • Personal data (in particular title, first and last name, street, postal code, city, country, cell phone number, telephone number and e-mail address);
  • Information in additional file attachments to your application (cover letter, CV, and references). 

2. Purposes of data processing and legal basis

We process your application data exclusively for the purpose of deciding whether to establish an employment relationship, i.e. to carry out the entire application process with us.

The application data provided to us is processed on the basis of Section 26 (1) Sentence 1 of the German Federal Data Protection Act (BDSG). According to this, personal data of applicants within the meaning of Section 26 (8) Sentence 2 of the German Federal Data Protection Act (BDSG) may be processed for purposes of the employment relationship if this is necessary for the decision on the establishment of an employment relationship.

3. Duration of the storage of personal data

If no employment relationship is established, the application data provided by you and stored by us will be deleted after 6 months following notification of a rejection.

If you make use of the option to withdraw your application at any time, your application data will be deleted immediately and completely.

4. Information according to Art. 13 Abs. 2 lit. e GDPR

The provision of your application data is voluntary. You are also not obliged to provide us with your application data. Provision is neither legally nor contractually required. However, in order to actually process your application, it is necessary to process your application data.

 

C. Supplementary Privacy Policy for our website www.hintbox.de

1. Purposes of data processing, legal basis and duration of data storage
We process personal data on the website www.hintbox.de operated by us for the following purposes:

1.1. Contact

1.1.1. Contact form an e-mail
When contacting us (for example, by e-mail or by using the contact form), the information you provide will be processed for the purpose of processing the request and in the event that follow-up questions arise.

The data processing is based on Art. 6 paragraph 1 lit. f) GDPR. According to this, data processing is lawful if the processing is necessary to protect the legitimate interests of the controller or a third party, unless the interests or fundamental rights and freedoms of the data subject which require the protection of personal data override these, in particular if the data subject is a child. Our legitimate interest is to process the contact. You can object to this data processing at any time if there are reasons relating to your particular situation. For this purpose, it is sufficient to send an e-mail to the e-mail address given under A. item 1 or to datenschutz@lawcode.eu.

The personal data stored in the context of contacting us will be deleted when the matter related to the contact has been fully clarified and it is also not expected that the specific contact will be relevant again in the future.

1.2. Server-log files
In the case of mere informational use of the website, i.e. if you do not register or otherwise transmit information to us, we only collect the personal data that your browser transmits to our server. The so-called server log files include:

• IP address
• Date and time of the request
• Time zone difference from Greenwich Mean Time (GMT)
• Content of the request (specific page)
• Access status/HTTP status code
• Amount of data transferred in each case
• Website from which the request comes
• Browser
• Operating system and its interface
• Language and version of the browser software.

This data is not merged with other personal data that you may actively provide as part of the website. We collect server log files for the purpose of displaying and administering the website, ensuring stability and security, and detecting and preventing unauthorized access.

The personal data in log files are processed on the basis of Art. 6 paragraph 1 lit. f) GDPR. According to this, data processing is lawful if the processing is necessary to protect the legitimate interests of the controller or a third party, unless the interests or fundamental rights and freedoms of the data subject which require the protection of personal data override these, in particular if the data subject is a child.

Our “legitimate interest” is to provide our website, easier administration and the ability to detect and track hacking. You can object to this data processing at any time if there are reasons relating to your particular situation. For this purpose, it is sufficient to send an e-mail to the e-mail address given under A. item 1 or to datenschutz@lawcode.eu.

The server log files with the above data are automatically deleted after 7 days at the latest. We reserve the right to store the server log files longer if facts exist that suggest the assumption of an unauthorized access (such as the attempt of hacking or a so-called DDOS attack).

1.3. Essential Cookies
In order to ensure the secure and trouble-free operation of the website and to be able to offer you certain functions, we store the cookies that are displayed in the cookie box under “Cookie details” and “Individual privacy settings”. Use of some functions of our website is not possible without these cookies.

These cookies are stored by us on the basis of Art. 6 paragraph 1 lit. f) GDPR, which allows the processing of personal data in the context of our “legitimate interests”, unless your fundamental rights, freedoms or interests prevail. Our legitimate interests consist in the technically error-free and optimized provision of our website.

1.4. Newsletter
We process the information you enter on our website www.hintbox.de to send you newsletters with news about the Hintbox / Ombuds solution and compliance. To register, it is sufficient to enter an e-mail address. The other information, such as first name, last name and gender, on the other hand, are voluntary and serve to personalize the newsletter.

For the registration to our newsletter, we will send you after your registration on our website an e-mail to the entered e-mail address, in which we ask you for a confirmation by clicking on the link there. Only after this confirmation, you are registered for the newsletter and you will receive our newsletter from now on (so-called double opt-in procedure). This double opt-in procedure is necessary so that no third party can register with a foreign e-mail address. If you do not confirm your registration within 24 hours, your entered data will be deleted. In addition, we store your IP addresses used in each case and the times of registration and confirmation. The purpose of this procedure is to be able to prove your registration and, if necessary, to clarify a possible misuse of your personal data.

This data processing takes place only on the basis of consent that you have given with the complete registration of the newsletter. According to Art. 6 paragraph 1 lit. a) in conjunction with Art. 7 GDPR, data processing is permitted if you have given your consent for data processing for one or more specific purposes. Furthermore, the sending of the newsletter is based on § 7 paragraph 2 no. 3 German Unfair Competition Act (UWG).

The storage of the registration data is based on Art. 6 paragraph 1 lit. f) GDPR. Our legitimate interest is the proof of consent to send the newsletter.

Your consent to receive the newsletter and information can be revoked at any time. To do so, you can click on an unsubscribe link at the end of a newsletter sent to you. In addition, you can send an e-mail to the e-mail address specified in section A item 1 or to datenschutz@lawcode.eu. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.

The personal data stored as part of the newsletter registration will be deleted if you have successfully unsubscribed from the newsletter or revoked your consent.

2. Your obligation to provide personal data (Art. 13 paragraph 2 lit. e) GDPR)
The provision of your personal data on this website is generally neither legally nor contractually required. You are not obliged to provide personal data on this website, unless we refer to this in individual cases in this data protection notice. Nevertheless, the provision of the functions of this website and the implementation requires the processing of your personal data.

3. Our company pages on LinkedIn, Xing and Facebook
We maintain company pages on social networks such as LinkedIn, Xing and Facebook. On these company pages, we offer interested parties, business partners and customers information about Hintbox / Ombuds Solution and the topic of compliance. We would like to point out that the terms of use and also data protection notices of the respective service providers of the social networks apply to the use of these social networks. If you contact us via such social networks and provide us with your personal data, the information provided in this data protection notice will apply to further data processing.