DATA PROTECTION DECLARATION ACCORDING TO THE DSGVO / GDPR
GENERAL
Name and address of the responsible person
The responsible person within the meaning of the General Data Protection Regulation and other national data protection laws of the member states as well as other data protection regulations is:
Matthias Hirzel
HLP Hirzel & Partner
Griesheimer Ufer 31
D‑65933 Frankfurt am Main, Germany
Mobile: +49 (0)172 6 71 14 90
Mail: matthias.hirzel@hlp-hirzel.com
Web: https://hlp-hirzel.com
Germany
Domains: https://hlp-hirzel.com/
Name and address of the data protection officer
Matthias Hirzel
HLP Hirzel & Partner
Griesheimer Ufer 31
D‑65933 Frankfurt am Main / Germany
Mobil: +49 (0) 172 6 71 14 90
Mail: matthias.hirzel@hlp-hirzel.com
Web: https://hlp-hirzel.com
Germany
Domains: https://hlp-hirzel.com/
Matthias Hirzel, HLP Hirzel & Partner, as operator of the website https://hlp-hirzel.com/ works according to the regulations of the Federal Data Protection Act (BDSG) and the General Data Protection Regulation (GSGVO).
General privacy policy
Personal data is only collected in the context of ordering and processing services (e.g. membership in the network or participation in events), for registering to use our newsletter, for processing inquiries or when commenting on articles on our website.
We store personal data for as long as a business relationship exists or legal retention obligations exist. Personal data will not be made available to third parties in any form without your consent. Your user data for the newsletter will be deleted after you unsubscribe.
You have the right to obtain information about all data relating to your person that is stored by us and to correct it if, in your opinion, it is out of date or incorrect. Likewise, you can revoke your consent to the use of your personal data at any time. To do so, send us an email request to the contact address listed in the imprint.
We use technical and organizational security measures to protect the data of our customers, business partners or interested parties from accidental or intentional manipulation, loss, destruction or access by unauthorized persons. These measures are continuously revised in line with technological developments.
Links to other websites
This website contains links to other websites. This privacy statement applies only to this our website. If you visit other websites from our site, please read the privacy policy on the linked site. There you will get information about what happens with your data / information.
Extended data protection declaration for the online offer
In principle, all statements of the general data protection declaration also apply to the online offer. Additional explanations for the online offer are given in the following text.
By using our website, you agree to the collection, processing and use of data as described below. Our website can generally be visited without registration. In the process, data such as pages called up or names of the file called up, date and time are stored on the server exclusively in anonymous form for statistical purposes, without this data being directly related to your person.
The data is stored in our company or with the provider we use (see the description of the providers). Personal data will not be made available to third parties in any form without your consent. Insofar as data is passed on to external service providers, we have taken technical and organizational measures to ensure that data protection regulations are observed.
HOSTING
DATA PRIVACY 1&1 Ionos
Further information in the privacy policy at: https://www.ionos.de/hilfe/datenschutz/allgemeineinformationen/
What log files are there and what data is collected?
Access log files and error log files are stored on the server. These log files contain the IP address of the visitor, and thus personal data. The following data is recorded there:
Visited website
Time at the time of access
Amount of data sent in bytes
Source/reference from which you reached the page
Browser used
Operating system used
IP address used
You can view the log files yourself. They are located in the /log folder on your web space. The current data is stored in the files access_log and error_log. The IP address is anonymized after 24 hours; for this purpose the last octet is zeroed. The deletion then takes place after 7 days at the latest.
The log files are collected and stored to maintain server operation and for statistical analysis.
What data is stored and processed on the server?
Apart from the log files, no further storage of data takes place from our side. However, keep in mind that your scripts also contain, collect or/and process personal data and also store them in databases. This concerns, for example, data sent via a contact form or data that is stored in the database when orders are placed from your online store. Here, in accordance with Art. 32 DSGVO, it must be noted that the transmission of personal data must always be encrypted, which in practice means that the connection must always be made via HTTPS. The use of an SSL certificate is therefore necessary.
This data is then technically processed on our systems by us as your service provider. For this reason, an order processor contract is necessary, in which the rights and obligations of you as the client and us as the contractor are regulated and we undertake to protect the data from third-party access to the appropriate extent.
PAGE CALL VIA A PROXY SERVER
The proxy server functions more or less as a proxy that requests the pages and forwards them to the user. Consequently, the log file contains the IP address of the proxy and not the address of the workstation that originally requested the page.
Some proxies send a header field called X‑Forwarded-For, in which the original IP is entered, so that it is possible to trace where a request originally came from when it is accessed via proxies. This X‑Forwarded-For header is appended to the end of each entry in the log file at 1&1 WebHosting.
When using the 1&1 SSL proxy, as well as proxy calls that transmit the corresponding information, the IP address of the actual requesting computer is in the last column of each log line. This improves the possibility of creating meaningful visitor statistics.
Please note:
Due to data protection guidelines on personal data, the IP addresses of the callers in the log files are anonymized with an ‘x’ after 7 days. For more info, see 1und1’s data protection agreement at https://www.ionos.de/hilfe/datenschutz/allgemeineinformationen/
PRIVACY POLICY FOR GOOGLE ANALYTICS
Our website uses Google Analytics, a web analytics service provided by Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. To disable Google Analytics, Google provides a browser plug-in at http://tools.google.com/dlpage/gaoptout?hl=de.
Google Analytics uses cookies. These enable an analysis of the use of our website offer by Google. The information collected by the cookie about the use of our website (including your IP address) is usually transferred to a Google server in the USA and stored there.
We point out that on this website Google Analytics has been extended by the code “gat._anonymizeIp();” to ensure anonymized collection of IP addresses (so-called IP masking). If anonymization is active, Google truncates IP addresses within member states of the European Union or in other contracting states to the Agreement on the European Economic Area, which is why no conclusions can be drawn about your identity. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and shortened there.
Google Analytics usage according to DSGVO requirements
In order to use Google Analytics in a legally compliant manner, we fulfill the necessary requirements:
- Contract for order data processing concluded
- IP anonymization activated
- Privacy policy updated
- Opt Out Cookies + Link to Browser PlugIn set
This website uses the plugin “Google Analytics Germanized”by Bajorat Media – WordPress Agency.
With this plugin, website operators can integrate Google Analytics in compliance with EU data protection law (DSGVO / GDPR).
1. AV contract
HLP COMPETE of has concluded a so-called AV contract (order processing contract) with Google for the account of HLP Hirzel & Partner. This is now possible with the validity of the DSGVO electronically in our Google Analytics account, directly in yours. The old procedure of printing it out and sending it to Google by mail is now obsolete.
2. IP Anonymization
The following settings have been made on this page:
- Enable Anonymize IP: This parameter is required by European Union laws. We have left this enabled.
3. Privacy policy updated
This privacy policy has been updated.
The data processing addendum has been accepted and released for this contract our account.
In addition, other services have been enabled.
Enable demographics and interest reports: this setting will add the demographics and remarketing features in the Google Analytics tracking code. Please make sure that Demographics and Remarketing are also active in your Google Analytics account. For more information on remarketing, please refer to the Google Analytics documentation.
Enable advanced link attribution: Advanced link attribution improves the accuracy of in-page analytics reports. Links to the same URL are automatically distinguished based on link element IDs.
4. Opt-out link / disable tracking / manage yourself
- Google Analytics Opt-out: With this link you can disable tracking: Disable Google Analytics
GOOGLE FONTS
For the body text on our site, we use the “Web Safe Font” Verdana. All Google fonts used are cached via the “WP EU DGSVO HELPER” plugin so that the Google Fonts are not uploaded directly from the Google server when the page is accessed. We use version 1.0.6.1 | By Eric Marten | View details.
AVATARS AND PLUGINS
We have set the site so that it does not use or display avatars.
Furthermore, this site uses the following plugins, among others:
WP Cerber Security & Antispam
We use the “Cerber Security & Antispam” service provided by Cerber Tech Inc. New York, NY, 1732 1st Ave, 10128, USA. The hacker protection plugin blocks intruders via IP or subnet and protects against further attempts when a set limit of retries is reached. This makes brute force attacks or distributed brute force attacks from botnets impossible. In addition, by creating an IP blacklist or whitelist, blocking or allowing logins from specific IP addresses is possible. (More information about the functions at: https://wpcerber.com/). According to the provider, no data is collected or processed in this context – neither by the services nor by the software offered.
More information about the collection and use of data by WP Cerber Security & Antispam can be found in the privacy policy of Cerber: https://wpcerber.com/privacy-policy/.
YOAST SEO
To support search engine optimization of the site, we use the plugin “YOAST SEO”. According to WP Support (https://wordpress.org/support/topic/yoast-gdpr/), the tool does not store any personal data and is therefore DSGVO compliant.
Broken Link Checker
Does not process any personal data.
Webcraftic Clearfy
Increases performance and helps to make the site DSGVO compliant.
Google Analytics Germanized
Helps to integrate Google Analytics in a privacy-compliant way, e.g. by IP anomyization and opt-in and opt-out function.
WP Super Cache
Does not process any personal data.
CONTACT FORM, E‑MAIL, COMMENTS
Our website uses a contact form through which users can contact us electronically. When using this service, the data entered in the input form is transmitted to us and stored. These data are:
– Name
– e‑mail address
– Telephone number (not obligatory)
– Subject
– Message
– Captcha (Completely Automated Public Turing test to tell Computers and Humans Apart)
The following data is also stored at the time the contact form is sent:
– The IP address of the user
– Date and time of registration
In addition, the user has the alternative of contacting us electronically via the e‑mail address provided. If he chooses this way, the personal data of the user sent via e‑mail will be stored.
We would like to point out that we will not pass on any data to third parties in connection with the contact and the process. They are used exclusively for mutual contact and dialogue.
IP ADDRESSES: ANONYMIZATION AND DELETION
Deleting the existing IP addresses
The website is set up in such a way that IP addresses of comments are anonymized directly when they are posted before they are saved. Upon request, the existing IP addresses of already posted comments will be deleted.
LEGAL BASIS OF THE DSGVO AND SOURCES OF THE DATA PROTECTION DECLARATION
In accordance with the requirements of the Basic Data Protection Regulation (DSGVO) applicable as of May 25, 2018, we inform you that the consents to the sending of email addresses are based on Art. 6 para. 1 lit. a, 7 DSGVO as well as § 7 para. 2 No. 3, or para. 3 UWG.
The use of the dispatch service provider MailChimp, implementation of statistical surveys and analyses as well as logging of the registration process, are based on our legitimate interests pursuant to Art. 6 para. 1 lit. f DSGVO. Our interest is directed towards the use of a user-friendly as well as secure newsletter system that serves our business interests as well as meets the expectations of the users.
We would also like to point out that you can object to the future processing of your personal data in accordance with the legal requirements pursuant to Art. 21 DSGVO at any time. The objection can be made in particular against the processing for purposes of direct advertising.
Sources:
Significant parts of the privacy policy use the
- the sample data protection declaration from anwalt.de
” Note on the newsletter according to the sample of lawyer Dr. Thomas Schwenke
SOCIAL PLUGINS
Vimeo, Vimeo, Inc. 555 West 18th Street, New York, New York 10011, USA, Email: legal@vimeo.com, Phone: 1−212−314−7457, Authorized Representative: Michael A. Cheah (General Counsel)
The plugins are marked with an icon of the respective network and are recognizable. When using these plugins, a connection is established with the server of the respective social network and your data is passed on. Only when you press an icon independently, information is passed on to a network. The providers of the social media can thereby create usage profiles of the users. We have no influence on the information storage and data transfer of the external sites, nor on the extent and nature of the handling of this data by them.The purpose and scope of the data collection and the further processing and use of the data by the providers of the social media, as well as the related rights and settings options for protecting the privacy of users, can be found in the following privacy notices: