Privacy Policy for ESDIP Berlin

Last updated: 27 August, 2018 12:35

Thank you for your interest in our website of ESDIP Berlin. The use of this website is possible without any indication of Personal Information; however, if you want to use our services via our website, processing of Personal Information could become necessary. If the processing of Personal Information is necessary and there is no statutory basis for such processing, we generally obtain consent from you.

This Privacy Policy describes how we collect, use and otherwise handle Personal Information that you provide or make available to us, or that we collect from you, when you use our Website, and it explains the circumstances in which we may transfer this to others. Furthermore, you are informed, by means of this Privacy Policy, of the rights to which you are entitled.

The processing of Personal Information, such as your name, address, e-mail address, or telephone number will always be in accordance with the General Data Protection Regulation (GDPR), and with the country-specific data protection regulations applicable to ESDIP Berlin.

1. Definitions

The Privacy Policy of ESDIP Berlin is based on the terms used by the European legislator for the adoption of the General Data Protection Regulation (GDPR). We want to ensure that our Privacy Policy is legible and understandable for everyone. Therefore, we would like to first explain some of the terminology used.

In this Privacy Policy, we use, inter alia, the following terms:

“Personal Information” means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

‘Processing’ means any operation or set of operations which is performed on Personal Information or on sets of Personal Information, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

‘Restriction of processing’ means the marking of stored Personal Information with the aim of limiting their processing in the future;

‘Profiling’ means any form of automated processing of Personal Information consisting of the use of Personal Information to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements;

‘Processor‘ is a natural or legal person, public authority, agency or other body which processes Personal Information on behalf of the controller.

‘Recipient‘ is a natural or legal person, public authority, agency or another body, to which the Personal Information are disclosed, whether a third party or not. However, public authorities which may receive Personal Information in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing.

‘Third party‘ is a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process Personal Information.

‘Consent‘ of the data subject is any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of Personal Information relating to him or her.

‘Controller or controller responsible‘ for the processing is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of Personal Information; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.

2. Name and Address of the controller

This Privacy Policy applies to:

ESDIP Berlin – María Luján
Grünberger Straße 48 B
10245 Berlin
Deutschland
Phone: +4917632997287
Email: hi@esdipberlin.com
Website: www. esdipberlin.com

You may, at any time, contact me, María Luján, directly with all questions and suggestions concerning data protection or if you want to exercise on of your rights explained below.

3. Cookies

Our website uses cookies. Cookies are small pieces of information sent to your computer or device and stored in its memory to allow our website to recognize you when you visit.

Many websites and servers use cookies to obtain an overview of visitor habits and visitor volumes. Many cookies contain what is called a cookie ID. A cookie ID is a unique identifier of the cookie. It consists of a character string through which internet pages and servers can be assigned to the specific internet browser in which the cookie is stored. This allows visited internet sites and servers to differentiate the individual browser from other internet browsers that contain other cookies. A specific internet browser can be recognized and identified using the unique cookie ID.

You may, at any time, prevent the setting of cookies through our website using the settings of the internet browser, and may thus permanently prevent the setting of cookies. Furthermore, already set cookies can be deleted at any time using your internet browser or other software programs. If you deactivate the setting of cookies in the internet browser used, not all functions of our website may be entirely usable.

4. Collection of general data and information

Our website collects a series of general data and information when you call up the website. The general data and information are stored in the server log files. Collected may be

- The browser types and versions used.
- The operating system used by the accessing system.
- The website from which an accessing system reaches our website (so-called referrers).
- The sub-websites visited.
- The date and time of access to the internet site.
- An internet protocol address (IP address).
- The internet service provider of your system.
- Any other similar data and information that may be used in the event of attacks on our information technology systems.

By using these general data and information, we do not draw any conclusions regarding your person. Rather, this information is needed to

- Deliver the content of our website correctly.
- Optimize the content of our website.
- Ensure the long-term viability of our information technology systems and website technology.
- Provide law enforcement authorities with the information necessary for criminal prosecution in case of a cyber-attack.

5. Contact information for meeting a room or a desk

Our website contains information that enables you to quickly contact us. It also includes an e-mail address. If you contact us by e-mail or via a contact form, the Personal Information transmitted are automatically stored. Such Personal Information transmitted on a voluntary basis by you are stored for processing or contacting you. There is no transfer of this personal Information to third parties.

6. Deletion and blocking of Personal Information

We will process and store your Personal Information only for the period necessary to achieve the purpose of storage, or for as long as granted by the European legislator or other legislators in laws or regulations to which we are subject.

If the storage purpose is not applicable, or if a storage period prescribed by the European legislator or another competent legislator expires, the Personal Information are routinely blocked or deleted in accordance with legal requirements.

7. Your rights

a) You right of confirmation

You have the right granted by the European legislator to obtain from us the confirmation as to whether or not Personal Information concerning you are being processed.

b) Your right of access

You have the right to obtain a copy of your Personal Information (if we are processing it), and other certain information about how it is used. This is so you are aware and can check that we are using your Personal Information in accordance with data protection law. Furthermore, the European directives and regulations grant you access to the following information:

- The purposes of the processing.
- The categories of Personal Information concerned.
- the recipients or categories of recipients to whom the Personal Information have been or will be disclosed, in particular recipients in third countries or international organisations.
- Where possible, the envisioned period for which the Personal Information will be stored, or, if not possible, the criteria used to determine that period.
- The existence of the right to request from us rectification or deletion of Personal Information, or restriction of processing of your Personal Information, or to object to such processing.
- The existence of the right to file a complaint with a supervisory authority.
- Where the Personal Information are not collected from you, any available information as to their source.
- The existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) of the GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and envisioned consequences of such processing for you.

c) Your right to rectification

You can ask us to take reasonable measures to correct your Personal Information if it is inaccurate or incomplete, for example if we have your name or address wrong.

d) Your right to erasure (Right to be forgotten)

You have the right to demand from us the erasure of Personal Information concerning you without undue delay, and we have the obligation to delete Personal Information without undue delay where one of the following grounds applies, as long as the processing is not necessary:

- The Personal Information are no longer necessary in relation to the purposes for which they were collected or otherwise processed.
- You withdraw consent to the processing according to point (a) of Article 6(1) of the GDPR, or point (a) of Article 9(2) of the GDPR, and where there is no other legal ground for the processing.
- You object to the processing pursuant to Article 21(1) of the GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Article 21(2) of the GDPR.
- The Personal Information have been unlawfully processed.
- The Personal Information must be erased for compliance with a legal obligation in Union or Member State law to which we are subject.
- The Personal Information have been collected in relation to the offer of information society services referred to in Article 8(1) of the GDPR.

If we have made Personal Information public and are obliged pursuant to Article 17(1) to delete the Personal Information, we shall take reasonable steps, including technical measures, to inform other controllers processing the Personal Information that you have requested deletion by such controllers of any links to, or copy or replication of, those Personal Information, as far as processing is not required.

e) Your right to object

You have the right to object the processing of your Personal Information stored by us under the following circumstances:

- You contest the accuracy of the Personal Information, for a period of time to enable us to verify the accuracy of the Personal Information.
- The processing is unlawful, you oppose the erasure of the Personal Information and requests instead the restriction of their use.
- We no longer need the Personal Information for the purposes of the processing but for the establishment, exercise or defense of legal claims.
- You have objected to processing pursuant to Article 21(1) of the GDPR pending the verification whether our legitimate grounds override yours.

f) Your right to data portability

You have the right to receive your Personal Information provided to us in a structured, commonly used and machine-readable format. You have the right to transmit those data to another controller without hindrance from us, as long as the processing is based on consent pursuant to point (a) of Article 6(1) of the GDPR or point (a) of Article 9(2) of the GDPR, or on a contract pursuant to point (b) of Article 6(1) of the GDPR, and the processing is carried out by automated means, as long as the processing is not necessary for the performance of a task carried out in the public interest.

In exercising your right to data portability, you have the right to have Personal Information transmitted directly from one controller to another, where technically feasible and when doing so does not adversely affect the rights and freedoms of others.

g) Automated individual decision-making, profiling

You have the right not to be subject to decision-making based only on automated processing. This includes profiling, which produces legal effects, or similarly significantly affects you, as long as the decision (1) is not necessary for entering into, or the performance of, a contract between you and us, or (2) is not authorised by Union or Member State law to which we are subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests, or (3) is not based on your explicit consent.

If the decision (1) is necessary for entering into, or the performance of, a contract between you and us, or (2) it is based on your explicit consent, we have implemented suitable measures to safeguard your rights and freedoms and legitimate interests.

h) Your right to withdraw data protection consent

You have the right to withdraw your consent to processing of your Personal Information at any time.

8. Provisions regarding Facebook

Our website uses components of the social network Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, United States. For users outside of the United States or Canada Facebook is controlled by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

When accessing any individual pages of our website, your web browser will download the respective Facebook component from Facebook. You can find an overview of all the Facebook plug-ins here: https://developers.facebook.com/docs/plugins/.

By downloading Facebook components, Facebook will be informed which individual pages of our website you have visited. If you are logged in at the same time to Facebook, Facebook detects with every call-up to our website—and for the entire duration of your stay on our website—which specific page of our website you have visited. This occurs regardless of whether you click on the Facebook component or not.

Facebook will collect this information and associate it with your Facebook account. If you click on one of the Facebook buttons integrated into our website, for example the “Like” button, or if you submit a comment, Facebook will match this information with your personal Facebook user account and store the Personal Information.

You can find the data protection guideline of Facebook here: https://facebook.com/about/privacy/, if you are interested in information about the collection, processing and use of Personal Information by Facebook. In the data protection guideline, you will also find information regarding ways to limit and configure the collection and use of Personal Information by Facebook.

9. Provisions regarding Instagram

Our website uses components of the audiovisual platform Instagram LLC, 1 Hacker Way, Building 14 First Floor, Menlo Park, CA, UNITED STATES.

When accessing any individual pages of our website your web browser will download the respective Instagram component from Instagram. By downloading Instagram components, Instagram will be informed which individual pages of our website you have visited. If you are logged in at the same time to Instagram, Instagram detects with every call-up to our website—and for the entire duration of your stay on our website—which specific page of our website you have visited. This occurs regardless of whether you click on the Instagram component or not.

Instagram will collect this information and associated with your Instagram account. If you click on one of the Instagram buttons integrated into our website, then Instagram will match this information with your personal Instagram user account and store the Personal Information.

You can find the data protection guideline of Instagram here: https://help.instagram.com/155833707900388 and https://www.instagram.com/about/legal/privacy/.

10. Provisions regarding Twitter

Our website uses components of the multilingual, publicly-accessible microblogging platform Twitter on which users may publish and spread so-called ‘tweets. Tweets are available for everyone, including those who are not logged on to Twitter. Followers are other Twitter users who follow a user’s tweets. Furthermore, Twitter allows you to address a wide audience via hashtags, links or retweets. The operating company of Twitter is Twitter, Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, UNITED STATES.

When access any individual pages of our website your web browser will download the respective Twitter component from Twitter. You can find an overview of all the Twitter buttons here: https://about.twitter.com/de/resources/buttons.

When accessing any individual pages of our website your web browser will download the respective Twitter component from Twitter. By downloading Twitter components, Twitter will be informed which individual pages of our website you have visited. If you are logged in at the same time to Twitter, Twitter detects with every call-up to our website—and for the entire duration of your stay on our website—which specific page of our website you have visited. This occurs regardless of whether you click on the Twitter component or not.

Twitter will collect this information and associate it with your Twitter account. If you click on one of the Twitter buttons integrated into our website, then Twitter will match this information with your personal Twitter user account and store the Personal Information.

You can find the data protection provisions of Twitter here: https://twitter.com/privacy?lang=en.

11. Provisions regarding YouTube

Our website uses components of the internet video portal YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, UNITED STATES. The YouTube, LLC is a subsidiary of Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, UNITED STATES.

When access any individual pages of our website your web browser will download the respective YouTube component from YouTube. Further information about YouTube may be obtained under https://www.youtube.com/yt/about/en/.

By downloading YouTube components, YouTube will be informed which individual pages of our website you have visited. If you are logged in at the same time to YouTube, YouTube detects with every call-up to our website—and for the entire duration of your stay on our website—which specific page of our website you have visited. This occurs regardless of whether you click on the YouTube component or not.

YouTube will collect this information and associate it with your YouTube account. If you click on one of the YouTube buttons integrated into our website, YouTube will match this information with your personal YouTube user account and store the Personal Information.

You can find YouTube’s and Google’s data protection provisions here: https://www.google.com/intl/en/policies/privacy/.

12. Lawfulness of processing

The processing of Personal Information is lawful only under the following conditions:

You have given consent to the processing your Personal Information for one or more specific purposes. Processing is necessary for the performance of a contract to which you are party or in order to take steps at your request prior to entering into a contract. Processing is necessary for compliance with a legal obligation to which we are subject. Processing is necessary to protect your vital interests or of another person. Processing is necessary for the performance of a task carried out in the public interest. Processing is necessary for the purposes of the legitimate interests pursued by us or by a third party, except where such interests are overridden by your interests or fundamental rights and freedoms which require protection of Personal Information.

13. Statutory and contractual requirements for providing your Personal Information, our obligation to provide Personal Information and consequences of failure to do so

In some cases, the law will require us to collect your Personal Information (for example tax regulations). In other cases, we will need your Personal Information simply to carry out the contract with you. You must contact one of our employees before providing your Personal Information. We will clarify with you if the provision of Personal Information is required by law or by contract or if it is necessary for the conclusion of the contract. We can also examine whether there is an obligation to provide Personal Information and the consequences if you choose not to provide Personal Information.

14. CHANGES TO THIS PRIVACY POLICY

We may make minor changes to our Privacy Policy. When we make these changes, we will publish the updated notice on our website. If we make any significant changes, we will take additional steps to inform you of these.