1. Name and contact details of the controller
This data protection information applies to data processing by:
Controller:
QIVIVE Rechtsanwaltsgesellschaft mbH, Konrad-Adenauer-Ufer 71, D-50668 Cologne, managing director: Dr. Christophe Kühl, HR: HRB 74204 Cologne, Tel: +49 (0)221 1 39 96 96 0. Email: privacy@qivive.com.
2. Name and contact details of the Data Protection Officer
The Data Protection Officer of the controller is:
Dr. jur. Andreas Pinheiro
ap-datenschutz GmbH
Berrenrather Str. 274, D-50937 Cologne
Tel +49 221 99989 030
Email: info@ap-datenschutz.de
3. Collection and retention of personal data and nature and purpose of their use
- Visiting the website
When you access our website www.qivive.com information is automatically sent to our website’s server by the browser used on your terminal device. Such information is temporarily stored in a so-called logfile. In the course of this procedure, the following information is captured, without any action on your part, and stored until it is automatically deleted:
- IP address of the requesting computer,
- date and time of access,
- name and URL of the retrieved file,
- website from which access takes place (referrer URL),
- browser used and, where appropriate, your computer’s operating system and the name of your access provider.
The indicated data are processed by us for the following purposes:
- ensuring the establishment of a smooth connection to the website,
- ensuring comfortable use of our website,
- evaluating system security and stability, and
- other administrative purposes.
Under no circumstances do we use the collected data for the purpose of drawing conclusions about you as a person.
When you visit our website, moreover, we use cookies and analytical services. Please refer to sections 6 and 7 of this privacy statement for more information.
- Registering for our newsletter
You can subscribe to our Newsletter by sending us an e-mail to koeln@qivive.com. Your consent to process the data will be obtained as part of the registration process and reference will be made to this privacy policy. The data will be processed on the basis of your consent in accordance with Art. 6(1), point a of the GDPR and within the scope of the legitimate interest in accordance with Art. 6(1), point f of the GDPR.
This data is used exclusively for the purpose of sending the newsletter. Your data will not be shared with third parties and will not be used for other internal purposes. The newsletter registration system, which includes an additional confirmation message with a link to the final registration (double opt-in), is designed to ensure that you and not a third party have requested the newsletter. When you register, your data is stored on our servers and a confirmation message with a link to the final registration is generated and sent to the e-mail address provided. The data will be deleted after 24 hours if you do not confirm the registration by clicking the link in that e-mail. Only after you confirm the link in the e-mail will the data used to send the newsletter be stored for the duration of your use of our offer.
If you no longer agree to the retention of your data for this purpose and therefore no longer wish to take advantage of our offer, you can unsubscribe from our newsletter at any time. Every newsletter contains a link that you can click on to unsubscribe. You can also unsubscribe at any time by sending an e-mail to privacy@qivive.com. The personal data you provided for the newsletter subscription will then be deleted.
- Registering for a webinar
You can attend our webinars. The data entered for registration to our webinars is stored and used for sending newsletters on legal topics. The legal basis for this is Art. 6(1), sentence 1, point a of the GDPR and Art. 6(1), point f of the GDPR.
Our webinars are conducted using Zoom. Zoom presents webinar participants with various options for customising their visibility in the webinar. If you do not want to make your real name publicly visible, you can change it using a clearly visible function next to your name. This means that you can decide for yourself whether you want to make use of it. You can also disable your computer’s audio and video connections.
In addition to conducting webinars, participant data can also be post-processed for sending the webinar documentation to the participants.
Zoom is certified under the EU-U.S. Privacy Shield.
By registering for the webinar, you accept our privacy policy and the terms of use of Zoom. Zoom’s terms and conditions.
- Using our contact form
Should you have questions of any kind, we offer you the possibility of contacting us using a form provided on the website. This requires providing a valid email address so that we know who the source of the enquiry is and so that we can respond to it. Further information can be provided voluntarily.
The data processing for the purpose of contacting us takes place under Art. 6(1), sentence 1, point a of the GDPR on the basis of your voluntarily given consent.
The personal data that we collect when you use the contact form are automatically deleted after your enquiry has been handled, unless the Law Firm is obliged under Art. 6(1), sentence 1, point c of the GDPR to store them for a longer period owing to retention and documentation obligations, or you have consented to longer storage under Art. 6(1), sentence 1, point a of the GDPR.
- For an application
If you submit an employment application to us, we will process your contact data, CV, cover letter, certificates and internal notes on job interviews.
We process your personal data for the purpose of your employment application, to the extent that this is necessary for the decision to establish an employment relationship with us. The legal basis for this is § 26(1) in conjunction with paragraph 8, sentence 2 of the German Federal Data Protection Act (BDSG). We may also process personal data about you if this is necessary to defend against legal claims asserted against us in the application process. The legal basis for this is Art. 6(1), point f of the GDPR; a legitimate interest is, for example, the obligation to provide evidence in proceedings under the German General Act on Equal Treatment (AGG).
If an employment relationship arises between you and us, we may, pursuant to § 26(1) BDSG, further process your personal data for the purposes of the employment relationship if this is necessary for the implementation or termination of the employment relationship or for the exercise or fulfilment of the rights and obligations of employee representation arising from a law.
- For other communication of personal data
We collect personal information when you voluntarily choose to provide it, such as when you contact us by email, telephone or otherwise.
A communication of your contact data takes place expressly on voluntary basis and with your consent. If this involves information on communication channels (e.g. e-mail address, telephone number), you also agree that we may contact you via this communication channel in order to respond to your request.
You can of course revoke your declarations of consent at any time in the future. Please contact privacy@qivive.com.
4. Legal grounds of data processing
The processing of personal data collected by the law firm is based on the following legal grounds:
- you have granted your express consent to that under Art. 6(1), sentence 1, point a of the GDPR;
- the processing is necessary under Art. 6(1), sentence 1, point f of the GDPR for the protection of the law firm’s legitimate interests pursuant to;
- there is a legal obligation to process under Art. 6(1), sentence 1, point c of the GDPR, and
- processing is permitted by law and necessary for the execution of contractual relations with you under Art. 6(1), sentence 1, point b of the GDPR.
According to Art. 6(1), sentence 1, point f of the GDPR, the legitimate interests of the law firm on the basis of which personal data can be processed:
- the pursuit of our business activities, which includes, among other things, informing our contact persons, whose data we process, about legal innovations and services of the law firm. In this regard, there is a right of objection according to Art. 21 of the GDPR,
- the guarantee of a smooth connection of the website, as well as a comfortable use of our website,
- the evaluation of system security and stability,
- the assertion, exercise or defence of legal claims.
5. Purpose and legal grounds of the disclosure of data
Your personal data are not transmitted to third parties for any purposes other than those specified in the following.
We disclose your personal data to third parties only if:
- you have granted your express consent to that under Art. 6(1), sentence 1, point a of the GDPR,
- the disclosure is necessary under Art. 6(1), sentence 1, point f of the GDPR for the establishment, exercise or defence of legal claims and there is no reason to consider that you have an overriding legitimate interest in the nondisclosure of your data,
- there is a legal obligation to disclose under Art. 6(1), sentence 1, point c of the GDPR, and
- disclosure is permitted by law and necessary for the execution of contractual relations with you under Art. 6(1), sentence 1, point b of the GDPR.
6. Cookies
We use cookies on our site. Cookies are small files that your browser automatically generates that are stored on your terminal device (laptop, tablet, smartphone, or similar) when you visit our site. Cookies are not harmful to your terminal device and contain no viruses, Trojan horses, or other malware.
The cookie contains information about the specific terminal device in use. However, this does not mean that we directly gain knowledge of your identity through cookies.
The purpose of cookies is, on the one hand, to make your use of our offerings more pleasant. We use so-called session cookies to detect whether you have previously visited individual pages on our website. Such cookies are automatically deleted after you leave our site.
In order to optimise user-friendliness, we also use temporary cookies, which are stored on your terminal device for a specific defined time. If you visit our site again in order to make use of our services, the fact that you were there previously is automatically recognised, together with your entries and settings, thus avoiding the need to re-enter them.
On the other hand, we use cookies in order to track statistics on the use of our website and evaluate such use for the purpose of optimising our offerings for you (cf. section 7). When you return to our site, these cookies allow us to automatically recognise that you were on our site previously. Such cookies are automatically deleted after a defined time.
The data processed by cookies are necessary for the indicated purposes of our legitimate interests and those of third parties under Art. 6(1), sentence 1, point f of the GDPR.
Most browsers accept cookies automatically. However, you can configure your browser not to retain cookies on your computer or to always have a prompt appear before a new cookie is stored. Fully deactivating cookies could, however, mean that you are unable to use all of our website’s functions.
7. Analytical tools
The tracking measures that we use as indicated in the following are carried out on the basis of Art. 6(1), sentence 1, point f of the GDPR. The intention behind our use of these tracking measures is to ensure that our website is designed in keeping with the users’ needs and can be continually optimised. On the other hand, we use tracking measures to track statistics on the use of our website and to evaluate such use for the purpose of optimising our offerings for you. These interests must be regarded as legitimate within the meaning of the above provision.
The respective data processing purposes and data categories can be inferred from the corresponding tracking tools.
- Google Analytics
This website uses Google Analytics, a web analytics service provided by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland). The use includes the “Universal Analytics” operating mode. This makes it possible to assign data, sessions and interactions across multiple devices to a pseudonymous user ID and to analyse the activities of a user across devices.
Google Analytics uses cookies, which are text files placed on your computer that can be used to analyse your use of the website. The information that the cookie provides about your use of this website is usually transferred to a Google server in the US and stored there. However, in the event that IP anonymisation is activated on this website, Google will automatically truncate your IP address within Member States of the European Union or in other States party to the Agreement on the European Economic Area. The full IP address will only be transferred to a Google server in the US and truncated there in exceptional cases. The IP address transmitted by your browser through Google Analytics is not merged with other data from Google. Google has been certified under the US-EU Privacy Shield data protection agreement and is therefore committed to comply with the European data protection directives. On behalf of the operator of this website, Google will use this information for the purpose of analysing your use of the website, generating reports on website activity and providing other services to the website operator in connection with website and internet usage. Our legitimate interest in data processing is also based on these purposes. The legal basis for the use of Google Analytics is § 15(3) of the German Telemedia Act (TMG) and Art. 6(1), point f of the GDPR. Sessions and campaigns are terminated after a certain period of time. By default, sessions end after 30 minutes of inactivity and campaigns end after six months. Campaigns can be limited to a maximum of two years. Further information on terms and conditions of use and data protection.
You can prevent the storage of cookies by configuring your browser software accordingly; please note, however, that in that case you may not be able to fully use all of this website’s functions. You can also prevent the recording of the data generated by the cookie relating to your use of the website (incl. your IP address) and the processing of such data by Google by downloading and installing the browser add-on. Opt-out cookies prevent future collection of your information when you visit this website. To prevent Universal Analytics from collecting data across multiple devices, you must opt-out on all systems in use. If you click here, the opt-out cookie will be set: Disable Google Analytics
- Google AdWords Conversion Tracking
In order to track statistics on the use of our website and evaluate such use for the purpose of optimising our offerings for you, we also use Google Conversion Tracking. Through this, a cookie (cf. section 4) is set on your computer by Google AdWords if you have reached our website via a Google ad.
These cookies expire after 30 days and do not identify you personally. If the user visits certain pages of the AdWords customer’s website before the cookie has expired, Google and the customer can tell that the user clicked on the ad and was directed to that page.
Each AdWords customer receives a different cookie. Therefore, cookies cannot be traced across the websites of AdWords customers. The information obtained using the conversion cookie is used to generate conversion statistics for AdWords customers that have opted for conversion tracking. The AdWords customers learn the total number of users who have clicked on their ad and who were directed to a page containing a conversion tracking tag. However, they receive no information with which users can be personally identified.
If you do not wish to take part in the tracking procedure, you can also refuse the setting of a cookie necessary for this – for example, through a browser setting that deactivates the setting of cookies in general. You can also deactivate cookies for conversion tracking by configuring your browser to block cookies.
- Google Tag Manager
We use Google Tag Manager. Google Tag Manager is a solution that enables marketers to manage website tags through a single interface. Google Tool Manager only implements tags. This means that: No cookies are used and no personal data is collected. Google Tool Manager triggers other tags, which in turn may collect data. However, Google Tag Manager does not access this data. If you deactivate it at the domain or cookie level, this deactivation will remain in effect for all tracking tags that are implemented with Google Tag Manager. https://marketingplatform.google.com/about/analytics/tag-manager/use-policy/.
- Google Ads remarketing
We use the Google Ads remarketing function on our website. This function is used to present interest-related ads to visitors to our website on other websites within the Google advertising network.
The application is used to analyse visitor behaviour and interests. Google uses cookies to analyse website use, which forms the basis for the creation of interest-related ads. These text files, which are stored on your computer, make it possible to recognize the visitor when he or she visits websites that are part of the Google advertising network. They are used to uniquely identify a web browser on a particular device and not to identify a person. Google has stated that it does not collect any personal data during this process.
You can disable participation in this tracking process in a number of ways: a) by adjusting your browser software settings accordingly, in particular by disabling third-party cookies, which will prevent you from receiving third-party ads; b) by installing the plug-in provided by Google; c) by permanently deactivating it in your Firefox, Internet Explorer or Google Chrome browser, d) by using the appropriate cookies setting. Please note that in this case you may not be able to make use of the full extent of the functions of this offer.
Google has complied with the EU-US Privacy Shield.
8. Social media plugins
Based on Art. 6(1), sentence 1, point f of the GDPR, we use social plugins of the LinkedIn, Xing, Facebook and Instagram social networks on our website to make our Law Firm better known by those means. The underlying promotional purpose must be regarded as a legitimate interest within the meaning of the GDPR. The responsibility for operating in conformity with data protection requirements must be borne by the respective providers. We integrate these plugins using the so-called two-click method in order to offer our website visitors the best possible protection.
Our website uses functions of the LinkedIn network. The provider is LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA. Every time you access one of our pages containing LinkedIn functions, a connection is established to LinkedIn’s servers. LinkedIn is informed that you have visited our Internet pages with your IP address. If you click the LinkedIn “recommend button” and you are logged into your LinkedIn account, it is possible for LinkedIn to assign your visit on our Internet site to you and your user account. Please note that as provider of the pages we have no knowledge of the contents of the transmitted data or of their use by LinkedIn.
Further information can be found in the LinkedIn privacy statement.
Our website uses functions of the Xing network. The provider is XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany. Every time you access one of our pages containing Xing functions, a connection is established to Xing’s servers. To our knowledge, no personal data are retained through this process. In particular, no IP addresses are retained and there is no evaluation of usage behaviour.
Further information on data protection and the Xing share button can be found in the Xing privacy statement.
We operate a law firm presence on the Instagram platform.
We are jointly responsible on this social media platform with Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland.
The Instagram data protection officer can be reached via a contact form.
We have set out the joint responsibility in an agreement regarding the respective obligations within the meaning of the GDPR.
The legal basis for the subsequent processing of personal data is Art. 6(1), point f of the GDPR. We have a legitimate interest in the analysis, communication, sales and promotion of our products and services.
The legal basis may also be the user’s consent to the platform operator in accordance with Art. 6(1), point a of the GDPR. In accordance with Art. 7(3) of the GDPR, the user can revoke this consent at any time for the future by notifying the platform operator.
When accessing our online presence on the Instagram platform, Facebook Ireland Ltd., as operator of the platform in the EU, processes user data (e.g. personal information, IP address, etc.).
This user data is used for statistical information about the use of our company presence on Instagram. Facebook Ireland Ltd. uses this data for market research and advertising purposes and to create user profiles. For example, these profiles allow Facebook Ireland Ltd. to promote the interests of users within and outside of Instagram. If the user is logged into his or her account on Instagram at the time of access, Facebook Ireland Ltd. may also link the data to the respective user account.
If the user makes contact via Instagram, the user’s personal data entered at that time will be used to process the request. We will delete the user’s data provided that the user’s enquiry has been conclusively answered and no legal retention obligations, e.g. in the case of subsequent contract processing, conflict with our doing so.
Facebook Ireland Ltd. may also use cookies to process the data.
If the user objects to such processing, he/she can prevent the setting of cookies by changing the browser settings accordingly. Cookies that have already been set can also be deleted at any time. The settings for this depend on the browser. The processing of Flash cookies cannot be prevented by adjusting the settings of the browser, but by changing the settings of the Flash player accordingly. If the user prevents or restricts the installation of cookies, this may result in the partial or complete unavailability of Facebook functions.
Details on processing activities, their prevention and the deletion of data processed by Instagram can be found in the Instagram data policy.
Processing by Facebook Ireland Ltd. may also take place via Facebook Inc., 1601 Willow Road, Menlo Park, California 94025 in the US.
Facebook Inc. has complied with the EU-US Privacy Shield and therefore declares that it complies with EU data protection regulations when processing data in the US.
9. Links to websites of other providers
Our websites may contain links to websites of other providers. Please note that this privacy statement applies exclusively to the www.qivive.com website. We have no influence over and do not verify whether other providers comply with the applicable data protection provisions.
10. Rights of data subjects
You have the right:
- to obtain, pursuant to Art. 15 of the GDPR, information about your personal data that are being processed by us. In particular, you can request information about the purposes of the processing, the category of the personal data, the categories of recipients to which your data have been or will be disclosed, the envisaged storage time, the existence of the right to rectification, erasure, restriction of processing or objection, the existence of the right to lodge a complaint, the source of their data in the case of data not collected by us, and the existence of automated decision-making, including profiling, and where applicable meaningful information about the particulars thereof;
- to obtain, pursuant to Art. 16 of the GDPR, without undue delay the rectification of inaccurate personal data stored by us or to have incomplete personal data completed;
- to obtain, pursuant to Art. 17 of the GDPR, the erasure of your personal data stored by us, if the processing is no longer necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, on the grounds of public interest or for the establishment, exercise or defence of legal claims;
- to obtain, pursuant to Art. 18 of the GDPR, the restriction of processing of your personal data, if the accuracy of the data is contested by you, the processing is unlawful but you oppose their erasure and we no longer need the data but they are required by you for the establishment, exercise or defence of legal claims or you have objected to processing pursuant to Art. 21 of the GDPR;
- to receive, pursuant to Art. 20 of the GDPR, your personal data that you have provided to us in a structured, commonly used and machine-readable format or to obtain transmission to another controller;
- to withdraw at any time, pursuant to Art. 7(3) of the GDPR, your consent granted to us. This means that from that time on we are no longer allowed to continue the data processing based on that consent and
- to lodge a complaint with a supervisory authority pursuant to Art. 77 of the GDPR. As a rule, you can do so with the supervisory authority in your habitual residence or place of work or where our firm has its registered office.
11. Right to object
If your personal data are processed on the basis of legitimate interests pursuant to Art. 6(1), sentence 1, point f of the GDPR, you have the right, pursuant to Art. 21 of the GDPR, to object to the processing of your personal data if there are grounds for doing so relating to your particular situation or the objection relates to direct marketing. In the latter case, you have a general right to object, which is implemented by us without specification of a particular situation.
If you wish to exercise your right to withdraw or to object, an email sent to privacy@qivive.com is sufficient.
12. Storage period
The criterion for the storage period of personal data is the respective legal retention period. After the expiry of this period, the corresponding data will be deleted, provided that they are no longer required for the achievement of the purpose, fulfilment of the contract or contract initiation.
13. Data security
We employ appropriate technical and organisational security measures to protect your data against accidental or deliberate manipulation, partial or complete loss, destruction or unauthorised third-party access. Our safety measures are continually improved in keeping with technological advances.
14. Status of and changes in this privacy statement
This privacy statement is up to date as of April 2020.
Enhancements in our website and offerings or changes in statutory or regulatory requirements can make it necessary to amend this privacy statement.