Privacy policy
Thank you for your interest in our firm! Data protection is of very high importance to the management of LEBUHN & PUCHTA. The web pages of the firm can be used without any indication of personal data. However, if a data subject wants to use particular services of the via our website, processing of personal data can become necessary. If processing of personal data is necessary and there is no other legal basis for such processing, we will generally obtain the consent of the data subject.
The processing of personal data, such as the name, address, email address, or telephone number of a data subject always takes place in accordance with the country-specific data protection regulations applicable to LEBUHN & PUCHTA. This data protection statement explains why, how and for what purpose LEBUHN & PUCHTA processes personal data, and what rights data subjects have in relation to such processing.
As data controller, LEBUHN & PUCHTA has implemented numerous technical and organisational measures to ensure the protection of personal data processed through this website. Nevertheless, Internet-based data transmissions can always be subject to security vulnerabilities, so that absolute protection cannot be guaranteed. For this reason, every data subject is free to transmit personal data to us by alternative means, for example by telephone.
Name and address of the data controller
LEBUHN & PUCHTA Partnership of Lawyers and Solicitors mbB
Am Sandtorpark 2, 20457 Hamburg
In addition, you can contact our external data protection officer:
External data protection officer:
Swetlana Winter - CompanyCheck Deutschland GmbH
Schillerstr. 47/49
22767 Hamburg
Phone: 0 40 - 54 09 03 15 0
datenschutz@companycheck-deutschland.de
companycheck-deutschland.de/services/datenschutz.html
Deputy External Data Protection Officer:
Ingo Passoth - CompanyCheck Deutschland GmbH
Schillerstr. 47/49
22767 Hamburg
Phone: 0 40 - 54 09 03 15 0
datenschutz@companycheck-deutschland.de
companycheck-deutschland.de/services/datenschutz.html
Collection and storage of personal data
as well as kind and purpose of use
Below, we explain how we handle your personal data when you interact with our online presence, such as our website. This also applies when you interact with us online using mobile devices, e.g. smartphones or tablets. Personal data is any data with which you can be personally identified or which makes you identifiable via an identifier, such as your IP address.
Data collection on this website
How do we collect your data?
Your data is collected when you provide it to us. This can be, for example, data that you send to us by email or provide to us over the telephone. Other data is collected automatically or with your consent by our IT systems when you visit our website. This mainly consists of technical data (e.g. internet browser, operating system or time of page view). This data is collected automatically as soon as you enter this website.
-
a) When you visit the website
When you visit our website, information is automatically sent to our website server by the browser used on your device. This information is temporarily stored in a so-called log file. The following information is collected without your intervention and stored until automatic deletion:
- IP address of the requesting computer,
- date and time of access,
- name and URL of the retrieved file,
- website from which the access is made (referrer URL),
- the browser used and, if applicable, the operating system of your computer as well as the name of your access provider.
The above data will be processed by us for the following purposes:
- ensuring a smooth connection to the website,
- ensuring a comfortable use of our website,
- evaluation of system security and stability and
- other administrative purposes.
The legal basis for data processing is Art. 6(1)(f) of the General Data Protection Regulation (GDPR). Our legitimate interest follows from the purposes of data collection listed above. In no case do we use the collected data for the purpose of drawing conclusions about your person.
-
b) Analysis of surfing behaviour (Matomo)
We use a software called Matomo on our website to analyse the surfing behaviour of our users. The software runs exclusively on the servers hosting our website. The following data is stored on the servers hosting our website when an individual page is visited:
- anonymised IP address of the requesting computer (two bytes),
- date and time of access,
- name and URL of the accessed website,
- frequency of access to the website,
- dwell time on the website,
- website from which the access is made (referrer URL),
- the browser used and, if applicable, the operating system of your computer as well as the name of your access provider.
To improve the analysis, a cookie may be set with your consent.
The above data will be processed by us for the following purposes:
- improving the user-friendliness of our website and
- ensuring comfortable use of our website.
The legal basis for data processing is Art. 6(1)(f) GDPR. Our legitimate interest follows from the purposes of data collection listed above. In no case do we use the collected data for the purpose of drawing conclusions about your person. By anonymising the IP address, we take into account the interest of users relating to the protection of their personal data. The data is not passed on to third parties. The data stored for the analysis of surfing behaviour is deleted after 90 days.
You can deactivate the anonymised analysis in your browser by setting a cookie:
You may choose to prevent this website from aggregating and analyzing the actions you take here. Doing so will protect your privacy, but will also prevent the owner from learning from your actions and creating a better experience for you and other users.
Please note that deleting this cookie reactivates the anonymised analysis.
-
c) Enquiries by email, telephone or fax
If you contact us by email, telephone or fax, your enquiry including all personal data resulting from it (name, enquiry) will be stored and processed by us for the purpose of processing your enquiry. We will not pass on this data without your consent.
The processing of this data is based on Art. 6(1)(b) GDPR if your request is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the enquiries addressed to us (Art. 6(1)(f) GDPR) or on your consent (Art. 6(1)(a) GDPR) if this has been requested.
The data you send to us by contacting us remains with us until you request us to delete it, revoke your consent for it be stored or until the purpose for storing the data no longer applies (e.g. once your enquiry has been fully processed). This is subject to mandatory statutory provisions - in particular statutory retention periods.
-
d) Processing of personal data from online applications
We process the application documents you send us, including the files you provide to us, exclusively for the purpose of the application process (Art. 6(1)(b) GDPR). We will contact you during the application process to inform you about the progress of your application or to invite you to an interview. After completion of the application process, your data will be deleted after six months at the latest, unless you have consented to us keeping your data and informing you about suitable job offers in the future. (Art. 6(1)(a) GDPR).
Why do we use your data?
Part of the data is collected in order to ensure error-free functioning of the website. Other data may be used to communicate with you.
Passing on data
Your personal data will not be transferred to third parties for purposes other than those listed below.
We will only share your personal information with third parties if:
- you have given your express consent in accordance with Art. 6(1)(a) GDPR,
- the disclosure comes within Art. 6(1)(f) GDPR as being necessary for the assertion, exercise or defence of legal claims and there is no reason to assume that you have an overriding interest worthy of protection in the non-disclosure of your data,
- we are subject to a legal obligation to make the disclosure in accordance with Art. 6(1)(c) GDPR, as well as if
this is legally permissible and necessary according to Art. 6(1)(b) GDPR for the processing of contractual relationships with you.
Data security
We use the widespread SSL procedure (Secure Socket Layer) in connection with the highest encryption level supported by your browser when visiting the website. As a rule, this is 256-bit encryption. If your browser does not support 256-bit encryption, we use 128-bit v3 technology instead. You can tell whether an individual page of our website is encrypted by the closed display of the key or lock symbol in the lower status bar of your browser.
We also have appropriate technical and organisational security measures in place to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorised access by third parties. Our security measures are continuously improved in line with technological developments.
Linking with social media platforms
Integration of LinkedIn and XING
We do not use social plug-ins as active buttons in our online presence. We only refer to our presence in the following social networks via icons:
- LinkedIn, LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland
- Xing: New Work SE, Dammtorstraße 30, 20354 Hamburg, Germany
We only display the social media icons on our website. They are designed as inactive icons with a link to the respective social media platform.
When you click on such a social media icon on our website, a connection to these third-party providers is established via your web browser in a separate tab (tab card). These third-party providers can thereby track your visit to our pages. If you are a member of one of the social networks, you can share the content of our webpage with other members from your social network by activating the button.
Through your participation in social networks or by visiting or accessing our social media sites, your data may be processed outside the EU. This may result in risks, for example because it may be more difficult to enforce your rights.
When you access a social network, cookies are usually stored on your device to record user behaviour. If you have a user account on the respective network and are logged in there, your usage behaviour can be saved to your user account. Social networks can analyse usage behaviour and use it for market research and advertising purposes. This may result in advertising being displayed to you within and outside these social networks. We have no influence on this.
We have no influence on the personal data collected and stored by social networks. We receive evaluations of user data via our above-mentioned social media presences and can address users with interest-based advertising. If users interact with our social media presence and are logged in with a user account, we can in principle also recognise the user profile and see the content of comments or postings on our presence. This data processing is therefore carried out under joint responsibility with the respective provider of the social network. For the evaluation of data in connection with our social media presences, we have therefore concluded a joint responsibility agreement with the providers in each case (Art. 26 GDPR). You can find further information in the data protection provisions of the respective social networks. You can also assert the rights to which you are entitled against us. However, the provider of the social network can fulfil your rights more comprehensively because the data for use and evaluation is also stored there.
Integration of Youtube videos
We have embedded YouTube videos on our website which can be played there directly if you have clicked on “I accept”.
Initially, you will only see an inactive preview image. Your data will only be transmitted to YouTube with your consent (“I accept”) (Art. 6(1)(a) GDPR).
YouTube is a service offered in the EU, the EEA and Switzerland by Google Ireland Limited Gordon House, Barrow Street Dublin 4. Ireland, and in the USA by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
If you have given this consent or access a video directly on YouTube, your data may be transferred to a Google server in the USA and stored there. In this way, Google evaluates the use of the video offering on YouTube in order to compile anonymised reports on video views for us and to provide other services associated with video use.
We have no influence on the data collected and stored about you by social networks. Further information on data protection pertaining to the Google “YouTube” app can be found in the privacy policy of the provider at: https://policies.google.com/privacy?hl=de&gl=de or https://policies.google.com/technologies/cookies?hl=de&utm_source=ucb The storage period for your consent is 1 day. After that, you can give your confirmation again.
If you want to cancel the consent earlier, press the lock next to the domain name and delete the corresponding cookie.
Plug-ins and tools
Google Web Fonts (local hosting)
This site uses so-called web fonts provided by Google for the uniform display of fonts. The Google Fonts are installed locally. A connection to Google servers does not take place.
Further information on Google Web Fonts can be found at https://developers.google.com/fonts/faq and in Google’s privacy policy: https://policies.google.com/privacy?hl=de.
Wordfence Security
The “Wordfence Security” service operated by Defiant Inc, 800 5th Ave, Suite 4100, Seattle, WA 98104, USA, is used to secure our online presence.
Our website uses the plug-in to protect against viruses and malware and to defend against attacks by cyber criminals. In order to recognise whether the visitor is a human or a robot, the plug-in sets cookies. For the purpose of protection against brute force and DDoS attacks or comment spam, IP addresses are stored on the Wordfence servers. IP addresses classified as harmless are placed on a white list.
Wordfence Security secures our website and thus protects you as a visitor to the website from viruses and malware. This constitutes a legitimate interest within the meaning of Art. 6(1)(f) GDPR.
Further information on the collection, use and storage period of the data by Wordfence Security can be found in Defiant’s data protection information: https://www.wordfence.com/privacy-policy/.
Cookies set by the Wordfence plug-in
wfwaf-authcookie-(hash)
What it does: This cookie is used by the Wordfence firewall to perform a check of the current user’s permissions before WordPress loads.
This cookie is only set for users who can log in to WordPress (i.e. in the backend of our website).
Purpose of this cookie: This cookie enables the Wordfence firewall to recognise logged-in users and give them extended access. It also allows Wordfence to detect users who are not logged in and restrict their access to secure areas. The cookie also lets the firewall know what access rights a visitor has to help the firewall make intelligent decisions about whom to allow and whom to block.
wf_loginalerted_(hash)
What it does: This cookie is used to notify the Wordfence administrator when another administrator logs in from a new device.
Purpose: This cookie is only set for users who log in and only if the website administrator has enabled the option “I will only be notified if this administrator logs in from a new device” or a similar option for non-administrator users. This cookie helps us know if a user has logged in from a new device.
wfCBLBypass
What it does: Wordfence offers a function that allows a website visitor to bypass the country lock by accessing a hidden URL. This cookie can be used to track who is allowed to bypass the country lock.
Who receives this cookie: When a hidden URL defined by the website administrator is accessed, this cookie is set to check whether the user can access the website from a country restricted by country blocking. This cookie is set for anyone who knows and visits the hidden URL. This cookie is not set for anyone who does not know the hidden URL in order to bypass the country blocking.
Purpose: This cookie allows website owners to allow certain users from blocked countries to visit their website, even if the country they are in has been blocked.
Hosting
External hosting
This website is hosted by an external service provider (hoster). The personal data collected on this website is stored on the hoster’s servers. This may include, but is not limited to, IP addresses, contact requests, meta and communication data, contractual data, contact details, names, website accesses and other data generated via a website.
The hoster is used for the purpose of contract fulfilment vis-à-vis our potential and existing customers (Art. 6 para. 1 lit. b DSGVO) and in the interest of a secure, fast and efficient delivery of our online presence by a professional provider (Art. 6 para. 1 lit. f DSGVO).
Our hoster will only process your data to the extent that this is necessary for the fulfilment of its service obligations and will follow our instructions with regard to this data.
We use the following hoster:
domainfactory GmbH
Oskar-Messter-Str. 33
85737 Ismaning
Germany
Data processing
We have concluded a data processing agreement (DPA) with the above-mentioned provider. This is a contract required by data protection law, which ensures that the provider only processes the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR.
Cookies
Your browser sets a session cookie when you visit our website. A session cookie stores information that associates online activity with a single browser session. Session cookies are only used to facilitate the use of a website. The session cookie is usually deleted again when the browser is closed. You do not have to actively allow session cookies. Session cookies can be disabled centrally in your browser settings and this setting then applies to all websites that you visit in succession. Under certain circumstances, certain areas or functions of other websites with deactivated session cookies cannot be used (e.g. online shops).
Identification obligations under money laundering law
1. Why identification?
In connection with certain transactions and certain advisory services, we are legally obliged to identify our contractual partners, the persons acting on their behalf and the beneficial owners. In the case of natural persons, we are obliged in particular to collect the first name and surname, place of birth, date of birth, nationality, identity card number, the authority issuing the identity card and the residential address and to verify this information using a valid official passport or identity card. Driving licences or expired identity documents are not sufficient for the verification.
These obligations are based on Sec. 2, 8, 10, 11, 12 of the German Money Laundering Act.
We can only provide our services if all persons to be identified in accordance with the law agree to the storage of copies of their identification documents.
2. What are the alternatives?
We can carry out this verification through an on-site check of the ID document by us or a lawyer or notary appointed by us.
Alternatively, we offer the option of carrying out digital self-identification quickly and easily. For this service, we use IDENTT Sp. z o. o., Gen. Romualda Traugutta 45, 50-416 Wrocław, Poland as a data processor.
If you decide in favour of self-identification, you consent to the processing of your data by us and the data processor for the purpose of identification. Further information can be found in the privacy policy of IDENTT Sp. z o. o.: https://www.identt.pl/identt-privacy-policy/.
3. How does the identification process work?
During identification, the data from the ID document is collected. In addition, the ID document is checked for validity and compared with the person.
For self-identification, we will send you a link that leads to an automated identification process. There is no video chat. Each link can only be used for one natural person at a time. The link leads to the website of our data processor. The connection is encrypted.
You need a mobile device with a camera (smartphone, tablet) for self-identification. Identification starts by calling up the link directly on the mobile device. A browser is sufficient. A separate app is not required. Identification takes about 5 minutes.
As part of the self-identification process, images (photos and short video sequences) are taken of the ID document (front and back) and of the person to be identified. The video sequences are used to check the security features (e.g. holograms) and to check whether a real person is acting.
These recordings are first automatically checked by our data processor. The images and the verfication result are transmitted to us and stored by us. The results and the security features are checked again by Lebuhn & Puchta.
In the case of an on-site check, the details are checked using the original ID document. In addition, a photocopy of the ID document is made and stored by us.
4. Legal basis for processing
The legal basis for data processing is Art. 6 para. 1 sentence 1 lit. c GDPR. The processing is necessary to fulfil a legal obligation to which we are subject. If you decide in favour of self-identification, the legal basis for data processing is additionally Art. 6 para. 1 sentence 1 lit. a GDPR.
5. Storage period
We are legally obliged under Sec. 8 of the German Money Laundering Act to keep the recordings and/or copies of ID documents for at least 5 years. The storage period begins at the end of the calendar year in which the respective information was obtained. Our data processor generally stores the personal data transmitted to it for only 60 days.
Data subject rights
You have the right to:
- request information about your personal data processed by us, in accordance with Art. 15 GDPR. In particular, you can request information about the processing purposes, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right of complaint, the origin of your data if it has not been collected by us, as well as the existence of automated decision-making, including profiling, and, if applicable, meaningful information about its details;
- demand the correction of incorrect or incomplete personal data stored by us without delay, in accordance with Art. 16 GDPR;
- pursuant to Art. 17 GDPR, request the erasure of your personal data stored by us, unless the processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the assertion, exercise or defence of legal claims;
- request the restriction of the processing of your personal data in accordance with Art. 18 GDPR, insofar as the accuracy of the data is disputed by you, the processing is unlawful, but you object to its erasure and we no longer require the data, but you need it for the assertion, exercise or defence of legal claims or you have objected to the processing in accordance with Art. 21 GDPR;
- pursuant to Art. 20 GDPR, receive your personal data that you have provided to us in a structured, common and machine-readable format or to request the transfer to another controller;
- revoke your consent at any time in accordance with Art. 7(3) GDPR. This has the consequence that we may no longer continue the data processing based on this consent for the future and
- complain to a supervisory authority in accordance with Art. 77 GDPR. As a rule, you can contact the supervisory authority of your usual place of residence or workplace.
Right to object
If your personal data is processed on the basis of legitimate interests pursuant to Art. 6(1)(f) GDPR, you have the right to object to the processing of your personal data pursuant to Art. 21 GDPR, provided that there are grounds for doing so that arise from your particular situation or the objection is directed against direct advertising. In the latter case, you have a general right of objection, which is implemented by us without specifying a particular situation.
If you would like to make use of your right to object, it is sufficient to send us an email.
Validity and amendment of this privacy policy
This privacy policy is currently valid and its version date is November 2022.
Due to the further development of our website or due to changed legal or administrative requirements, it may become necessary to change this data protection statement. You can access the current data protection declaration at any time on the website.
Notes
If you have any questions about data protection, please write us an email setting out your question as precisely as possible. This privacy policy and our terms of use change over time. We reserve the right to send you from time to time notifications about the policies that apply to us. Nevertheless, you should visit our website regularly and take note of any changes. Unless otherwise stated, the use of any information we have about you is subject to this Privacy Policy. We assure you that material changes to our privacy policy resulting in weaker protection of client data already received will only be made by us with the consent of the clients concerned.