Our data processing
When you use the website www.vindelici.com and its functions, make contact and send a request, you send us personal data which we process for the purpose of responding to your requests. We handle these data in accordance with data protection laws strictly for the intended purpose only.
VINDELICI LEGAL Rechtsanwaltsgesellschaft mbH
Maximiliansplatz 12b
D-80333 München
Telefon-Nr.: +49 (0) 89 541 988 500
E-Mail: info@vindelici-legal.com
Represented by:
Prof. Dr. Peter Chrocziel
Scope of processing of personal data in general
As a basic principle, we only process personal data if this is necessary to provide a functional website along with our content and services.
Legal basis for processing personal data
The legal basis for processing this personal data can be found in the General Data Protection Regulation, Article 6(1)(a)-(f) GDPR.
If the data subject has given consent, the legal basis is Article 6(1)(a) GDPR.
Article 6(1)(b) GDPR is the legal basis for processing personal data as required for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
If processing is necessary for compliance with a legal obligation of the controller, the legal basis is Article 6(1)(c) GDPR.
If vital interests of the data subject or another natural person make it necessary to process data, the legal basis is Article 6(1)(d) GDPR.
If processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller, the legal basis is Article 6(1)(e) GDPR.
If processing is necessary to protect a legitimate interest of our company and overrides the interests, fundamental freedoms or fundamental rights of the data subject, the legal basis is Article 6(1)(f) GDPR.
Provision of personal data required to conclude a contract or based on statutory retention obligations
When you contact us, we collect personal data. We store these data partly due to legal requirements and partly for the purpose of concluding a contract. If you want to conclude a contract with us, you must provide us with your data so that we can provide our services to you. Tax and commercial law considerations also result in statutory retention obligations which we have to meet. Otherwise, we may be unable to provide you with our service.
Before providing your personal data, you can feel free to get in touch with your contact person in our company to find out whether we will need your data to conclude a contract and/or to meet our statutory retention obligations and what will happen if you do not provide us with the data.
Data erasure and storage period
We will store your personal data as long as this is necessary to fulfill a purpose or the storage of the data is mandatory based on legal requirements according to Article 6(1)(c) GDPR.
If the purpose for storing personal data no longer applies, these data will be erased after 6 months or processing will be restricted unless it is necessary to continue storing the data in order to conclude or fulfill a contract.
These data will only be stored otherwise if this has been stipulated by the European or national legislator.
SSL or TLS encryption
We use SSL or TLS encryption on the entire website for security reasons on the one hand and to protect your confidential data on the other.
Confidential data such as, for example, requests or orders that you have sent to us cannot be viewed by third parties as a result of this encryption.
You can recognize an encrypted connection from the address bar of the browser changing from “http://” to “https://” and a green padlock icon being displayed in the address bar.
IP adress
MXP GmbH
Ulmer Landstraße 333
86391 Stadtbergen near Augsburg
Hosting
The following hosting provider is active for us as a subcontractor based on a processing agreement pursuant to Article 28(2) and (4) GDPR:
MXP GmbH
Ulmer Landstraße 333
86391 Stadtbergen near Augsburg
The data categories concerned are:
User data
Communikation data
Contact data
Contract data
Server log files
MXP GmbH
Ulmer Landstraße 333
86391 Stadtbergen near Augsburg
This always includes your e-mail address and the date, time and content of the message. The following personal data may also be processed depending on the content of your e-mail:
First name, last name
Telephone number
The data are used solely for processing the conversation and/or executing and/or initiating a contractual relationship.
Depending on the information you provide during the telephone call, this may also include the following personal data:
First name, last name
Telephone number
Customer number
Payment data
Contract data
The data are used solely for processing the conversation and/or executing and/or initiating a contractual relationship.
Last name, first name
Company
Address of company
Contact data
We process these data in our CRM system.
Data that you send us by post as part of the application procedure may include:
o Name, address and contact details
o Resume including any further details
o Personal letter
o Qualifications
o Interests
If you send us your data by e-mail, we will also process your e-mail address and the date, time and content of the message. The following personal data may also be processed depending on the content of your e-mail:
o First name, last name
o Telephone number
The data are used solely to reach a decision on the vacancy to be filled as part of the application procedure.
If you provide us with special categories of personal data within the application procedure such as information on an existing severe disability or health data that are required to assess the possibility of employing you in a certain position, these data provided on your initiative are processed according to Article 9(2)(b), (h) GDPR, Article 26(3) BDSG (Federal Data Protection Act).
We maintain online presence within social networks and platforms in order to communicate with customers, interested parties and users active in social media and to inform them about our services.
We would like to point out that this might cause user data to be processed outside the European Union, which can pose risks for users because this might hinder the enforcement of users’ rights, for example.
Furthermore, user data are generally processed for market research and advertising purposes. Thus, for example, user profiles can be created from the user behaviour and the associated user interests. The usage profiles can in turn be used, for example, to display advertisements that presumably correspond to the interests of the users both within and outside of the platforms. For these purposes, cookies are usually stored on the user’s computer, in which the user’s usage behavior and interests are stored. Furthermore, data can also be stored in user profiles separate from the devices used by the users (especially if the users are members of the respective platforms and are logged in).
Supplementary Information on the online presence LinkedIn:
For data processing on the online presence LinkedIn we and LinkedIn Ireland Unlimited Company (Wilton Place, Dublin 2, Ireland) are joint controller within the meaning of data protection laws. in the sense of the data protection law. Thus, we concluded an agreement conforming with Article 26 (1) with LinkedIn which regulates the obligations in terms of data privacy of the parties. The agreement is provided by LinkedIn via the following link:
The data privacy policy of LinkedIn (https://www.linkedin.com/legal/privacy-policy) provides you with further information about the processing of your data by LinkedIn and by us when you access and interact with our online presence on LinkedIn. You will also find information about your rights as a data subject and setting options with regard to the processing of your data.
The information contained in this section of our information on data privacy only applies in addition to the information provided by LinkedIn.
Moreover, we process pseudonymized data of registered visitors like:
Statistics and insights about interactions with our online presence, the content pages, videos and other content provided via our fan page (page view activities, page visits, “likes”, coverage, general demographic, site and interest-related information about age, sex, country, city, language). These pseudonymized data is provided to us by LinkedIn in terms of statistics As a rule, even we ourselves are not able to connect these pseudonymized data to any personal data (identifying features like name specifications).
Matomo uses so-called cookies, i.e. text files that are stored in the memory of your computer and that allow an analysis of your use of the website.
The information created by the cookie about your use of the web content is stored with your approval as described in section V. You are entitled to withdraw your consent to the statistical analysis of your website access by Matomo anytime with effect for the future by changing the cookie settings in respect of Matomo.
Immediately after the processing and before its storage the IP-address will be rendered anonymous. You have the option to prevent cookies from being installed by customizing the settings of your browser software. Please note, however, that this might have the effect that the functions of this website are no longer fully available.
It is up to you to decide whether a unique web analysis cookie is installed in your browser in order to enable the collection and analysis of various statistical data by the website operator.
For further information about the privacy settings of the Matomo software please refer to the following link: https://matomo.org/docs/privacy/.
If your personal data are being processed, you are the data subject within the meaning of the General Data Protection Regulation. This means you have the following rights against the controller.
In order to exercise your rights against us as the controller, please send an e-mail to the following address: Peter.Chrocziel@vindelici-legal.com
If such data are being processed, you have the right of access to these personal data and the following information:
the purposes for which the personal data are processed;
the categories of personal data that are processed;
the recipients or categories of recipient to whom the personal data have been or will be disclosed;
where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine the storage period;
the existence of the right to request from the controller rectification or erasure of your personal data or the right to restrict their processing or to object to such processing;
the right to lodge a complaint with a supervisory authority;
any available information as to the source of the personal data where the data are not collected from the data subject;
the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
You are also entitled to request information about whether your personal data are transferred to a third country or to an international organization. In this context, you also have the right to be informed of the appropriate safeguards pursuant to Article 46 GDPR relating to the transfer.
Exceptions:
There is no right to erasure to the extent that processing is necessary
Where processing of your personal data has been restricted, such data shall, with the exception of storage, only be processed with your consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.
If there is a restriction of processing based on the aforementioned conditions, you will be informed by the controller before the restriction is lifted.
You also have the right to be notified of these recipients.
In exercising this right to data portability, you also have the right to have your personal data be transmitted directly from one controller to another, where technically feasible.
You have the right to object, on grounds relating to your particular situation, at any time to processing of your personal data which is based on Article 6(1)(e) or (f) GDPR, including profiling based on those provisions.
The controller shall no longer process your personal data unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms or unless the processing serves the purpose of establishing, exercising or defending legal claims.
Where personal data are processed for direct marketing purposes, you have the right to object at any time to processing of your personal data for such marketing, which includes profiling to the extent that it is related to such direct marketing.
Where you object to processing for direct marketing purposes, your personal data will no longer be processed for such purposes.
In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you have the option of exercising your right to object by automated means using technical specifications.
The supervisory authority with which you lodge the complaint must inform you as the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Article 78 GDPR.
Last update: February 2022.
This Data Protection Policy is updated on a regular basis.