Responsible for the processing of your personal data on this website is

MARAIT Rechtsanwaltsgesellschaft mbH

Managing Director: Dr. Jana Jentzsch
Neuer Wall 75
D – 20354 Hamburg

Germany

Tel. +49 – 40 – 228683860

Email: mail@marait.de

a. Scope & purpose of the processing of personal data

As a matter of principle, we process your personal data as a user of this website only insofar as this is necessary to provide a functional website and our content and services. The processing of your personal data is only carried out according to your purpose-related consent, unless the data processing is also permitted by law without obtaining prior consent. The purposes of the processing result from the processing activities described in more detail below. We do not use your personal data for automated individual case decisions within the meaning of Article 22 (1) DSGVO.

b. Legal basis for the processing of personal data

Insofar as we obtain your consent for processing operations of personal data, Art. 6 (1) a) EU General Data Protection Regulation (GDPR) serves as the legal basis.
If the processing of your data is necessary for the performance of a contract to which you are a party, Art. 6 (1) b) GDPR serves as the legal basis. This also applies to processing operations that are necessary for the implementation of pre-contractual measures.
If processing of your personal data is necessary for compliance with a legal obligation to which we are subject, Art. 6 (1) c) GDPR serves as the legal basis.
In the event that vital interests of you or another natural person make processing of personal data necessary, Art. 6 (1) d) GDPR serves as the legal basis.
If the processing is necessary to protect a legitimate interest of our company or a third party and your interests, fundamental rights and freedoms do not override the former interest, Art. 6 (1) f) GDPR serves as the legal basis for the processing.

c. Data deletion and storage period

Your personal data will be deleted or blocked as soon as the purpose of storage ceases to apply. Storage may take place beyond this if this has been provided for by laws or other legal provisions binding on us. Data will also be blocked or deleted if a storage period prescribed by the aforementioned legal provisions expires, unless there is a need for further storage of the data for the conclusion or performance of a contract.

d. Types of data processed

– inventory data (e.g. name, address);
– Contact data (e.g. e-mail address, telephone number);
– Content data (e.g. text input, photographs, videos);
– Usage data (e.g., website views, access times, personal interests);
– Communication and metadata (e.g., IP addresses, device information).

e. Purposes of processing:

– Making available the online offer, its functions and content.

– Responding to contact requests and communicating with users and applicants;

– Security measures.

f. Categories of data subjects:

• Visitors and users of the online offer (hereinafter “users”).
• Applicants
• Participants in Online meetings via Microsoft Teams
• Clients.

When processing your personal data, you have the following rights, which we would like to inform you about below. For this purpose, you can contact us as the responsible party, the contact details can be found above under 1.

a.Right to information
Upon request, we will confirm whether personal data concerning you is being processed. If this is the case, you have the right to be informed about the following information

• the purpose(s) of the data processing,
• the categories of data processed, and
• the recipients or categories of recipients to whom data is disclosed on the basis of legal obligations or contractual relationships; in particular in the case of recipients in third countries
• the planned storage period, or if this is not possible, the criteria for determining the period
• the existence of a right to rectification or erasure of the personal data concerning them, or to restriction of processing by us, or a right to object to such processing
• the existence of a right of appeal to the supervisory authority
• in the event that the personal data are not collected from the data subject: Any available information about the origin of the data
  the existence of automated decision-making, including profiling, and meaningful information about the logic involved and the scope and intended effects of such processing for the data subject.
• In the event of transfer to a third country or to an international organization, about the appropriate safeguards in connection with the transfer.
• Upon request, you will thereby receive a copy of the data collected and processed from you. This will generally be done free of charge.

b. Right to rectification
You have the right to request that inaccurate personal data concerning you be corrected without delay. You have the right, taking into account the purposes of the processing, to request the completion of incomplete personal data – also by means of a supplementary declaration.

c. Right to erasure (so-called right to be forgotten).
Upon request or after fulfillment or termination of the contract with us, your personal data will be deleted immediately if this does not conflict with tax or commercial law storage or documentation obligations or if the safeguarding of the legitimate interests of the responsible party is at risk.
In this context, a claim for deletion exists under the following conditions:
– The personal data was collected or otherwise processed for such purposes for which it is no longer necessary.
– You revoke your consent on which the processing was based pursuant to Art. 6 (1) a GDPR or Art. 9 (2) a GDPR and there is no other legal basis for the processing.
– You object to the processing pursuant to Art. 21 (1) GDPR and there are no overriding legitimate grounds for the processing, or an objection to the processing has been lodged pursuant to Art. 21 (2) GDPR.
– The personal data have been processed unlawfully.
– The erasure of the personal data is necessary for compliance with a legal obligation under Union or Member State law to which the controller is subject.
– The personal data has been collected in relation to information society services offered in accordance with Article 8(1) of the GDPR (consent was given by a child).

d. Right to restriction of processing (blocking).

Under the following conditions, you have the right to request the restriction of processing, i.e. the blocking of your personal data for processing:

the accuracy of the personal data is disputed by you, for a period of time that allows us to verify the accuracy of the personal data.
the processing is unlawful, you object to the erasure of the personal data and request instead the restriction of the use of the personal data.
The controller no longer needs the personal data for the purposes of processing, but you need it for the assertion, exercise or defense of legal claims.
The user has objected to the processing pursuant to Article 21 (1) of the GDPR and it is not yet clear whether the legitimate grounds of the controller outweigh those of the user.
e. Right to data portability (data portability).
Upon request, your data can be made available in a structured, common and machine-readable format for you and a service provider working in the connection, subject to a charge, in order to enable rapid transfer. This applies in any case insofar as the processing is based on consent pursuant to Art. 6 para. 1 a GDPR or Art. 9 para. 2 a) GDPR or on a contract pursuant to Art. 6 para. 1 b GDPR and the processing is carried out with the aid of automated processes.

f. Right to withdraw your consent (Art. 7 (3) GDPR).
You may revoke your consent once given at any time by declaration to us. This has the consequence that we may no longer continue the data processing based on this consent for the future.

g. Right of complaint to the supervisory authority (Art. 77 GDPR).
If you are of the opinion that there has been a breach of data protection regulations, you have the right to lodge a complaint with the competent supervisory authority. For companies in Hamburg, for example, this is the Hamburg Commissioner for Data Protection and Freedom of Information: https://www.datenschutz-hamburg.de

h. Right of objection (Art. 21 GDPR)
You also have the right to object to the processing of your personal data. If the processing is carried out for the purpose of direct advertising (e.g. newsletter), this right exists at any time. Otherwise, the right may also exist for reasons arising from your particular situation to object at any time to the processing of personal data concerning you. This applies only insofar as the processing is carried out on the basis of Art. 6 (1) (e) or (f) GDPR (safeguarding public interests or legitimate interests by the controller). We will then no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
To exercise this right of revocation, you can also send us an informal message via the contact options mentioned under point 1, stating your intention to revoke.

In the case of mere informational use of the website, i.e. if you do not register or otherwise transmit information to us, we only collect the personal data that your browser transmits to our server. If you wish to view our website, we collect the following data, which is technically necessary for us to display our website to you and to ensure its stability and security (legal basis is Art. 6 para. 1 p. 1 f) EU GDPR):
Date and time of access, name of the pages accessed, IP address of the requesting device, referrer URL (origin URL from which visitors came to our websites), the amount of data transferred, loading time, browser type, language & version, name of the visitor’s access provider, operating system and its interface. The IP address is anonymized after 24 hours; for this purpose, the last octet is zeroed. The deletion then takes place after 7 days at the latest.

We use a so-called hoster to provide certain services in connection with the operation of this website: in detail, IT infrastructure, computing services, database services, e-mail dispatch, security services, server storage space and technical maintenance services are provided. In doing so, we. or our hoster, respectively, process inventory data, contact data, content data, contract data, usage data, meta data and communication data of our visitors to our website on our behalf on the basis of Art. 28 GDPR due to our legitimate interests in a professional and secure provision of our website in accordance with Art. 6 (1) f) GDPR.

In addition to the previously mentioned data, only necessary cookies are stored on your computer when you use our website. Cookies are small text files that are stored on your hard drive by the browser you are using and allow certain information to flow to us as the entity that set the cookie. Cookies cannot execute programs or transfer viruses to your computer. They serve to make the Internet offer more user-friendly and effective overall.

Use of cookies:

a) Temporary cookies are automatically deleted when you close the browser. These include, in particular, session cookies. These store a so-called session ID, with which various requests of your browser can be assigned to the common session. This allows your computer to be recognized when you return to our website. The session cookies are deleted when you log out or close the browser.

b) Permanent cookies remain stored even after you close the browser. In this way, settings or preferences can be saved, for example.

c) First-party cookies are set by the respective website operator itself, whereas third-party cookies are used by third parties (e.g. advertising partners).

d) Necessary cookies (also referred to as required cookies) are, on the one hand, absolutely necessary for the operation of a website (e.g. to enable the technically flawless retrieval of the website) or are required for security reasons.

e) Furthermore, there are cookies that are set, for example, for personalization, statistical or other analytical purposes or marketing.

This website does not use analytical cookies or marketing cookies or other cookies for personalization.

This website only uses necessary cookies. Legal basis of data processing Art. 6 para. 1 f) GDPR. Our interest in maintaining the functionality of our website is thereby to be regarded as legitimate within the meaning of the aforementioned provision.

Advertising only with consent

No data about you will be processed for advertising purposes simply by using this website. We process your data that you provide to us yourself (for example, to submit a mandate request to us) for marketing purposes only on the basis of your express consent to these purposes pursuant to Art. 6(1)(a) GDPR.
Proper commissioned processing agreements have been concluded with service providers whom we engage for the purpose of supplying advertising and who process data on our behalf strictly in accordance with instructions.

Reference to the right of objection

You may object to the use of your personal data for the aforementioned advertising purposes at any time, free of charge and with effect for the future, by using the contact details provided in section 1.

If you object, your data will be blocked for further data processing for advertising purposes. We would like to point out that in exceptional cases, advertising material may still be sent temporarily after receipt of your objection. This is technically due to the necessary lead time within the selection process and does not mean that we have not implemented your objection.

Contact us by e-mail, mail & phone

You have the option to contact us in several ways. By e-mail, by phone or by mail. When you contact us, we use the personal data that you voluntarily provide in this context solely for the purpose of contacting you and processing your request.
The legal basis for this data processing is Art. 6 (1) b). Your data will be deleted when it is no longer needed for the purpose of processing and there is no legal obligation to store it.

Contact Form

A contact form is available on our website, which can be used for electronic contact. If a user takes advantage of this option, the data entered by you in the input mask will be transmitted to us in encrypted form and stored.

The legal basis for the processing of your data is Art. 6 (1) a) GDPR if you have given your consent. If there is no individual consent from you, we process your data on the basis of Art. 6 (1) b) GDPR. The processing of personal data from the input mask serves us solely to process the contact.

Comments/contributions

If you leave comments or other contributions in our news area, your IP address may be stored for up to 7 days on the basis of our legitimate interests pursuant to Art. 6 (1) f) GDPR. This is done for our security and to protect others from illegal content. In this case, we are liable as the operator of this website and would therefore like to try to identify the author. In addition, this enables the detection of spam and its exclusion as a legitimate interest on our part Art. 6 para. 1 f) GDPR.
The content provided in the context of your comments and / or contributions will be permanently stored by us until your objection, unless there is any other obligation to remove.

Mandate Data

If you contact us by e-mail, this data, insofar as it is mandate-related, will be stored by us and added to the so-called “hand file” in accordance with Section 50 of the Federal Lawyers’ Act (BRAO). Hand files must be kept for six years in accordance with legal requirements.

The lawyer’s duty of confidentiality applies to the information you provide. This obligation applies to everything that is entrusted to us or otherwise becomes known to us within the scope of the mandate. Exceptions apply only if something else has been expressly agreed with you in advance or if certain information from the client relationship has already become public knowledge.

The transfer to service providers, which we need to integrate to operate this website, will only take place without your explicit informed consent on the basis of a proper contract processing agreement in accordance with Art. 28 GDPR. We use a so-called hoster to provide certain services in connection with the operation of this website: in detail, IT infrastructure, computing services, database services, e-mail dispatch, security services, server storage space and technical maintenance services are provided, among others. In this context, we or our hoster process usage data, meta data and communication data of the visitors of our website on our behalf on the basis of Art. 28 GDPR due to our legitimate interests in a professional and secure provision of our website.

Otherwise, we transmit personal data to other recipients only if there is a legal permission for this or you have previously consented. You can revoke any consent you may have given at any time with effect for the future. We will only pass on your data to state authorities within the scope of legal obligations or on the basis of an official order or court decision and only insofar as this is permitted under data protection law.

Within the scope of our website, we use offers from third-party providers to integrate their content and services, such as videos or fonts (hereinafter uniformly referred to as “content”), on the basis of consent pursuant to Art. 6 (1) f) GDPR or, if consent does not exist in an individual case and is not legally required, on the basis of our legitimate interests (i.e., interest in evaluating the use of our website and improving the operation of our website within the meaning of Art. 6 (1) f) GDPR).

This may require that the respective third-party providers perceive your IP address, as without the IP address they could not send the content to your browser. The IP address is thus required for the delivery and display of this content.

LinkedIn Plugin

Our website uses functions of the LinkedIn network. The provider is LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA.

Each time you access one of our pages that contains functions of LinkedIn, a connection to LinkedIn servers is established. LinkedIn is informed that you have visited our web pages with your IP address. If you click the “Recommend button” of LinkedIn and are logged into your account at LinkedIn, it is possible for LinkedIn to assign your visit to our website to you and your user account. We would like to point out that we, as the provider of the pages, have no knowledge of the content of the transmitted data or its use by LinkedIn.

You can find more information on this in LinkedIn’s privacy policy at: https://www.linkedin.com/legal/privacy-policy.

Online meetings via Microsoft Teams

We use the “Microsoft Teams” tool to conduct online meetings with clients, prospects and business partners in the form of video or telephone conferences. “Microsoft Teams” is a service of Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA. Participation in online meetings via Microsoft Teams is voluntary. If you do not wish to participate in an online meeting, please let us know. We will then arrange an exchange with other communication means.

If you participate in an online meeting organized by us via Teams, the legal basis is your consent in accordance with Art. 6 para. 1 a) GDPR. The online meeting will not be recorded unless, exceptionally, you have given your express consent in advance for the recording in accordance with Art. 6 (1) a) GDPR (e.g. in the course of participation in a webinar).

Microsoft processes personal data of the participants, in particular the IP address, the content of the conversation, e-mail addresses, names and, if applicable, other service-related data, for the purpose of conducting online meetings via Teams on our behalf and stores this data for the duration of the video conference or, if you use Microsoft Teams beyond this, for the duration of the use. Microsoft is duly bound by us as a processor to comply with data protection. The provider may also process the data outside the European Economic Area. In order to ensure a level of data protection that complies with the EU General Data Protection Regulation (GDPR) in this regard, we have agreed with Microsoft on the EU standard data protection clauses in accordance with the EU Commission Decision (2010/87/EU). You can find more information about processing by Microsoft at: https://docs.microsoft.com/de-de/microsoftteams/teams-privacy.

Automated decision-making within the meaning of Art. 22 GDPR is not used.

We process the personal data of applicants for the purpose of handling the application process. The legal basis for the processing of your personal data is Section 26 (1), (8) sentence 2 BDSG or Section 26 (2), (8) sentence 2 BDSG. The processing may also be carried out electronically. This is particularly the case if an applicant submits corresponding application documents to us electronically, for example by e-mail. If an employment contract is concluded with an applicant, the transmitted data will be stored for the purpose of processing the employment relationship in compliance with the statutory provisions. If no employment contract is concluded, the application documents are automatically deleted six months after notification of the rejection decision, provided that no other legitimate interests of the responsible party oppose deletion.

We as the Controller reserve the right to adapt this Privacy Policy insofar as this becomes necessary due to technical or legal developments. Please therefore note the current version of our data protection information of January 30th, 2023.

For a better understanding, we would like to provide you below with the definitions of the GDPR here, as far as they are relevant for our privacy notices.

Consent
Consent is any indication of intention given voluntarily by the data subject for the specific case in an informed manner and unambiguously in the form of a statement or other unambiguous affirmative act by which the data subject indicates that he or she consents to the processing of personal data relating to him or her.

Controller

The controller is the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its designation may be provided for under Union or Member State law.

Personal data
Personal data is any information relating to an identified or identifiable natural person (hereinafter “data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Personal data is, simplified, individual information about personal or factual circumstances of an identified or identifiable natural person, i.e. not legal entities, such as a GmbH. Personal data primarily includes details such as the name, address, e-mail address but also the IP address.

Processing
Processing means any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organization, arrangement, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Processor
Processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

Profiling
Profiling is any type of automated processing of personal data that consists of using such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects relating to that natural person’s job performance, economic situation, health, personal preferences, interests, reliability, behavior, location or change of location.

Restriction of processing
Restriction of processing is the marking of stored personal data with the aim of limiting their future processing (in the sense of blocking).

Recipient
Recipient means a natural or legal person, public authority, agency or other body to whom personal data are disclosed, whether or not a third party. However, public authorities that may receive personal data in the context of a specific investigation mandate under Union or Member State law are not considered recipients.

Supervisory Authority
“Supervisory Authority” means an independent governmental body established by a Member State pursuant to Article 51 of the GDPR.

Third Party 
Third party means a natural or legal person, public authority, agency or other body other than the data subject, the controller, the processor and the persons authorized to process the personal data under the direct responsibility of the controller or the processor.