Data protection is a special concern for Winter, Brandl – Partnerschaft mbB. Our efforts to meet the requirements in particular the requirements of the European General Data Protection Regulation (GDPR) and the Federal Data Protection Act in its new version are primarily aimed at respecting your privacy and personal rights.
Nowadays for modern companies like Winter, Brandl – Partnerschaft mbB the use of electronic data processing systems (EDP) is indispensable. In doing so, we of course will do our utmost to comply with the legal regulations.
The website of Winter, Brandl – Partnerschaft mbB can basically be used without providing any personal user data. However, if users wish to employ any company’s special services via our website, it may be necessary to process personal data. If the processing of personal data is necessary and there is no legal basis for such processing, we generally obtain the compliance of the concerned user.
Under no circumstances Winter, Brandl – Partnerschaft mbB will sell or rent your personal information to third parties for marketing or other purposes. If you do not agree to the provisions of the data protection regulations, please do not send us any personal data.
1. General Information/Terminology
This privacy statement is based on the terms of the European General Data Protection Regulation (GDPR) and should be easy to read and understand for everyone. Therefore, we would like to explain various terms in advance:
a) Personal data
Personal data is defined as: all information that relates to an identified or identifiable natural person (“data subject”). A natural person is regarded as identifiable in case of direct or indirect assignment to a particular identifier such as a name, an identification number, location data, an online identifier or one or more special features that express the physical, physiological, genetic, psychological, economic, cultural or social identity of this natural person.
b) Concerned person
The concerned person is any identified or identifiable natural person whose personal data is processed by the responsible processing entity.
c) Data processing
Data processing is any process carried out with or without the help of automated procedures or any series of processes in connection with personal data such as the collection, recording, organization, ordering, storage, adaptation or change, reading, querying, use, disclosure through transmission, distribution or any other form of provision, comparison or linking, restriction, deletion or destruction.
d) Restrictions of processing
Restriction of processing is the marking of stored personal data with the aim of restricting their future processing.
Includes any type of automated processing of personal data that consists of using this personal data to evaluate or predict certain personal aspects relating to a natural person, in particular aspects relating to work performance, economic situation, health, personal preferences, concerns, reliability, behaviour, residence or relocation of this natural person.
Pseudonymization is the processing of personal data in a way in which the personal data can no longer be assigned to a specific data subject without the use of additional information, provided that this additional information is stored separately and is subject to technical and organizational procedures that ensure that the personal data cannot be assigned to an identified or identifiable natural person.
g) Responsible party
The responsible party is the natural or legal person, authority, institution or other body that decides alone or jointly with others on the purposes and means of processing personal data. If the purposes and means of this processing are specified by Union law or the law of member states, the responsible party or the specific criteria for its appointment can be provided for in accordance with Union law or the law of the member states.
h) Order processing
Order processing is done by a natural or legal person, authority, institution or other body that processes personal data on behalf of the person responsible.
Recipient is a natural or legal person, authority, institution or other body to which personal data is disclosed, regardless of whether it is a third party or not. However, authorities that may receive personal data as part of a specific investigation under Union law or the law of the member states are not considered recipients.
j) Third party
A third party is a natural or legal person, public authority, agency or body other than the data subject, the person responsible, the processor and the persons who are authorized to process the personal data under the direct responsibility of the responsible party or the processor.
Any declaration of intent voluntarily given by the data subject in an informed manner and unequivocally in the form of a declaration or other unequivocal affirmative action with which the data subject confirms to the processing of their personal data.
2. Information about personal data collection
(1) In the following we inform you about the processing of personal data when using our website. Personal data are all data that can be related to you personally, e.g. name, address, email addresses, user behaviour, etc.
(2) Responsible party according to Art. 4 Abs. 7 EU-Datenschutz-Grundverordnung (DS-GVO):
Winter, Brandl – Partnerschaft mbB
Tel.: +49 (0)8161 / 930-0
Fax: +49 (0)8161 / 930-100
3) Data protection official:
Herr Rechtsanwalt Sascha Weller, IDR – Institut für Datenschutzrecht
Tel.: 0841 – 885 167 15
(4) When you contact us by email or using our contact form, the data you provide (your email-address, possibly your name and telephone number) will be automatically saved by us in order to answer your questions. Personal data transmitted on a voluntary basis by a data subject to the responsible processing unit are stored exclusively for the purpose of processing or contacting the data subject. We delete the saved and stored data after it is no longer required, or we restrict processing if there are statutory retention requirements.
(5) If we use contracted service providers for individual functions of our website or would like to use your data for advertising purposes, we will inform you in detail about the respective processes. We also mention the specified criteria for the storage period.
(6) As we are responsible for processing, we have implemented numerous technical and organizational procedures to ensure consistent protection of the personal data processed on this website. Nevertheless, internet-based data transmissions can generally have security gaps, so absolute protection cannot be guaranteed. For this reason, every user is free to transmit personal data to us in alternative ways, for example by telephone.
(7) As a responsible company, we do not use automatic decision-making or profiling.
3. Your rights
(1) You have the following rights regarding your personal data:
– Right to information:
Every person affected by the processing of personal data has the right granted by the GDPR to receive free information about the stored personal data. Additionally, you have the right to receive a copy of this information from the person responsible for the processing at any time. Furthermore, the European directives and regulations grant the data subject access to the following information:
a) processing purpose
b) processed personal data categories
c) the recipients or categories of recipients to whom the personal data have been disclosed or are still being disclosed, in particular in the case of recipients in third countries or international organizations
d) if possible: the planned duration, the personal data will be stored. If this is not possible: the criteria for determining this duration
e) the existence of the right of correction or deletion of the personal data concerning you or the restriction of processing by the person responsible or the right to withdraw the allowance of processing
f) the existence of a right to lodge a complaint with a supervisory authority
g) if the personal data are not collected from the data subject: All available information on the origin of the data
h) the existence of automated decision-making including profiling in accordance with Article 22 (1) and (4) GDPR and – at least in these cases – meaningful information about the logic involved and the scope and intended effects of such processing for the data subject
Additionally, the data subject has the right to information, whether personal data has been transmitted to a third country or to an international organization. If this is the case, the data subject has the right to receive information about the appropriate guarantees in connection with the transmission.
If the person wishes to make use of this right to information, you are welcome to contact an employee of the responsible party for processing at any time.
– Right to withdraw consent under data protection law:
Any person affected by the processing of personal data has the right to withdraw consent to the processing of personal data at any time. If the person wishes to exercise the right to withdraw consent, you are welcome to contact an employee of the responsible party for processing at any time and by any means of communication.
– Right to amendment:
The concerned person has the right to demand that the responsible party immediately correct any incorrect personal data relating to them. Taking into account the purposes of the processing, the data subject has the right to request the completion of incomplete personal data – including by means of a supplementary declaration.
If the person wishes to make use of this right to information, you are welcome to contact an employee of the responsible party for processing at any time.
– Right to deletion/Right to be forgotten:
The data subject has the right to request the responsible party to delete personal data immediately, and the responsible party is obliged to delete personal data immediately if one of the following reasons applies:
a) the personal data are no longer necessary for the purposes they were collected or otherwise processed for
b) the data subject withdraws the consent on which the processing was based in accordance with Article 6 (1) (a) or Article 9 (2) (a) and there is no other legal basis for the processing..
c) the data subject revokes to the processing in accordance with Article 21 paragraph 1 and there are no prior-ranking legitimate reasons for the processing, or the data subject revokes to the processing in accordance with Article 21 paragraph 2.
d) the personal data was processed unlawfully
e) the deletion of personal data is necessary to fulfill a legal obligation under Union law or the law of the member states, the responsible party is reliable to.
f) the personal data were collected in relation to information society services offered in accordance with Article 8 (1).
If a data subject wishes to exercise this right to deletion/right to be forgotten, you are welcome to contact an employee of the responsible party for processing at any time.
If we have made the personal data public and we are obliged to delete it in accordance with Art. 17 Paragraph 1 GDPR, we initiate appropriate procedures according to possible technical prospects and implementation costs, in order to ensure that those, responsible for the data processing, are informed, that a data subject has requested the deletion of all links to this personal data or of copies or replications of this personal data. Our employees will initiate the necessary action.
– Right to restrict processing:
The data subject has the right to request the responsible party to restrict processing if one of the following requirements is fulfilled:
a) the correctness of the personal data is disputed by the concerned person for a period that enables the responsible party to check the correctness of the personal data,
b) the processing is unlawful and the concerned person refuses to delete the personal data and instead requests that the use of the personal data will be restricted,
c) the responsible party no longer needs the personal data for the purposes of processing, but the data subject needs them to assert, to exert or defend legal claims, or
d) the concerned person has entered an objection to the processing in accordance with Article 21 paragraph 1, as long as it has not yet been determined whether the legitimate reasons of the responsible party outweigh those of the person concerned
If a data subject wishes to exercise its right to restriction of processing, you are welcome to contact an employee of the responsible party for processing at any time.
– Right to object to processing:
Any person, affected by the processing of personal data, has the right granted by the GDPR, for reasons that arise from their particular situation, to object to the processing of personal data relating to them at any time, based on Art. 6 Paragraph 1 Letter e or f DS-GVO takes place to file an objection. This also applies to profiling.
In case of objection, we will no longer process the personal data unless we can demonstrate compelling and legitimate reasons for the processing that outweigh the interests, rights and freedoms of the data subject, or the processing serves to assert, exert or defend legal claims.
If we process personal data in order to operate direct commercial mailing, advertising, etc., the data subject has the right to object to the processing of personal data at any time. This also applies to profiling insofar as it is associated with such direct advertising. If the data subject objects to processing for direct marketing purposes, we will no longer process the personal data for these purposes.
In addition, the data subject has the right to object, for reasons that arise from his or her particular situation to the processing of personal data, which we undertake for scientific or historical research or for statistical purposes, in accordance with Art. 89 (1) GDPR, unless such processing is necessary to fulfil a task of public interest.
To exercise the right to object, the data subject can contact any employee directly. The data subject is also free, in connection with the use of information society services, regardless of Directive 2002/58 / EC, to exercise their right of objection by means of automated procedures in which technical specifications are used.
– Right to data transferability:
The data subject has the right to receive the concerning personal data that were provided to the responsible party, in a structured, common and machine-readable format, and they have the right to transfer this data to another responsible person without hindrance from the responsible party to whom the personal data have been provided, unless
a) the processing is based on consent in accordance with Article 6 (1) (a) or Article 9 (2) (a) or on a contract in accordance with Article 6 (1) (b) and
b) the processing is carried out using automated procedures.
When exercising their right to data portability in accordance with Art. 20 (1) GDPR, the concerned person has the right to have the personal data transmitted directly from one responsible person to another, as this is technically feasible and the rights and freedoms of other people are not impaired.
If a concerned person wishes to exercise this right to data portability, you are welcome to contact an employee of the responsible party for processing at any time.
– Automated decision in individual cases (included: profiling)
Every person affected by the processing of personal data has the right (granted by the GDPR) not to be subject to a decision based solely on automated processing – including profiling – which has legal effects on them or which significantly affects them in a similar manner, unless these decision
(1) is necessary for the conclusion or performance of a contract between the data subject and the person responsible, or
(2) is not permissible on the basis of Union or Member State legislation to which the responsible party is subject and this legislation contains appropriate procedures to safeguard the rights and freedoms as well as the legitimate interests of the data subject or
(3) takes place with the express consent of the data subject.
If the decision is necessary to conclude or fulfill a contract between the data subject and the responsible party, or if it is made with the data subject’s express consent, we will take appropriate procedures to safeguard the rights and freedoms as well as the legitimate interests of the data subject, for which purpose at least the right to obtain the intervention of an employee of the responsible party, to express one’s own point of view and to contest the decision.
If the data subject wishes to assert rights regarded to automated decisions, you are welcome to contact an employee of the responsible party for processing at any time.
(4) You also have the right to complain to a data protection supervisory authority about our processing of your personal data. The supervisory authority responsible for our company is as follows:
Bayerisches Landesamt für Datenschutzaufsicht
Tel.: 0981 / 180093-0
Fax: 0981 / 180093-800
4. Collection of personal data during your website visit/ cookies
(1) When using our website for informational purposes only, i.e. if you do not register or otherwise provide us with information, we only collect the personal data that your browser transmits to our server. If you want to view our website, we collect the following data, which is technically necessary for us to display our website to you and to guarantee stability and securityc(legal basis: Art. 6 Abs. 1 S. 1 lit. f DS-GVO):
– Date and time of the request
– Time zone difference to Greenwich Mean Time (GMT)
– Internet-Service-Provider of the accessing system
– Content of the request (specific webpage)
– Access status /HTTP-status-code
– Amount of data transferred
– Requesting Website (referrer)
– Operating System and user interface
– Language and series of browser software
(2) In addition to the aforementioned data, cookies are stored on your computer when you use our website. Cookies are small text files that are stored on your hard drive and assigned to the browser you are using and through which certain information flows to the place that sets the cookie (in this case by us). Cookies cannot run programs or transmit viruses to your computer. They serve to make the webpage more user-friendly and effective overall.
1. A basic distinction is made between the following cookie types / functions:
a) Transient cookies are automatically deleted when you close your browser. In particular, this includes the session cookies. These save a so-called session ID, able to assign various requests from your browser within the common session. This allows your computer to be recognized when you return to our website. The session cookies are deleted when you log out or close the browser.
b) Persistent cookies are automatically deleted after a specified period, which can differ depending on the cookie. You can delete the cookies at any time in the security settings of your browser.
c) Necessary cookies are those that are absolutely essential for the operation of a website.
e) You can configure your browser settings according to your preferences and e.g., reject the acceptance of third-party cookies or all cookies. We would like to point out that you may not be able to use all functions of this website.
5. Collection of personal data during your website visit/ cookies
(1) In addition to the purely informational use of our website, we offer various services that you can use if interested. To do so, you have to release additional personal data that we use to provide the respective service and for which the aforementioned data processing principles apply.
(2) In some cases, we use external service providers to process your data. These have been carefully selected and commissioned by us, are bound by our instructions and are checked regularly.
(3) The used hosting services provide the following services: Infrastructure and platform services, computing capacity, storage space and database services, security services and technical maintenance services that we use for the purpose of operating this online offer. We or our hosting provider process inventory data, contact data, content data, contract data, usage data, meta and communication data from customers, interested parties and visitors to this online offer on the basis of our legitimate interests in an efficient and secure provision of this online offer in accordance with Art. 6 Abs. 1 lit. f DSGVO i.V.m. Art. 28 DSGVO.
(4) Furthermore, we can pass on your personal data to third parties if we offer participation in campaigns, competitions, contracts or similar services together with partners. You will receive more information on this when you provide your personal data or see information below in the description of the proposition.
(5) If our service providers or partners are based in a country outside the European Economic Area (EEA), we will inform you about the consequences of this fact in the description of the proposition.
6. Data protection for job applications
Our company collects and processes the personal data of applicants for the purpose of managing the application process. The processing can also be done electronically. This is particularly the case if an applicant sends the relevant application documents electronically, e.g., by email or via a contact form on the website, to the person responsible for processing. If the responsible person concludes an employment contract with an applicant, the transmitted data will be stored for the purpose of processing the employment contract in compliance with the statutory provisions. If the responsible person does not conclude an employment contract with the applicant, the application documents will be automatically deleted, given that deletion does not conflict with any other legitimate interests of the responsible party. Another legitimate interest is, e.g., a burden of proof in proceedings under the Allgemeinen Gleichbehandlungsgesetz (AGG).
He processing of the applicant data takes place in order to fulfill our (pre-) contractual obligations in the context of the application procedure within the meaning of Art. 6 Abs. 1 lit. b. DSGVO Art. 6 Abs. 1 lit. f. DSGVO if the data processing is necessary for us, e.g. in the context of legal proceedings (in Germany, § 26 BDSG also applies).
7. Objection or revocation against the processing of your data
(1) If you have given your consent to the processing of your data, you can revoke this at any time and by any means of communication. Such a revocation affects the permissibility of the processing of your personal data after you have given it to us.
(2) If we base the processing of your personal data on the balancing of interests, you can object to the processing. This is the case, in particular, if the processing is not necessary to fulfil a contract with you, which we describe in the following description of the functions. When exercising such an objection, we ask you to explain the reasons why we should not process your personal data as we have done. In the event of your justified objection, we will examine the situation and either stop or adjust the data processing or show you our compelling reasons on the basis of which we will continue processing.
(3) Of course, you can object to the processing of your personal data for advertising and data analysis purposes at any time. In this case, you can contact us at the address given in section 2. (2).
8. Legal or contractual provisions for the provision of personal data/requirement for a contract conclusion/consequences of non-provision/deletion
(1) We would like to inform you that the provision of personal data is in some cases required by law. However, it may also be possible that a data subject has to provide us with personal data so that a contract can be carried out. Failure to provide it would mean that the contract could not be concluded. Our employees will be happy to answer any questions.
(2) The processed data processed will be deleted or restricted in processing in accordance with Art. 17 and 18 GDPR. Unless expressly stated in this data protection declaration, the data stored by us will be deleted as soon as they are no longer required for their intended purpose and the deletion does not conflict with any statutory retention requirements. If the data is not deleted because it is required for other legally purposes, its processing will be restricted. This means that the data is blocked and not processed for other purposes. This applies, for example, to data that must be kept for commercial or tax reasons.
According to legal requirements, the storage takes place in particular for 10 years according to § 147 Abs. 1 AO, 257 Abs. 1 Nr. 1 and 4, Abs. 4 HGB (books, records, management reports, accounting documents, trading books, documents relevant for taxation, etc. .) and 6 years according to § 257 Abs. 1 Nr. 2 and 3, Abs. 4 HGB (commercial letters).
9. Web Analytics
1. Use of Google Analytics
(1) This website uses Google Analytics, a web analysis service provided by Google Inc. („Google“). Google Analytics uses „Cookies“, that means text files that are stored on your computer and that enable analyse your use of the website. Cookie processed and generated information about your usage of this website is usually transmitted to a Google server in the USA and stored there.
If IP anonymization is activated, your IP address will be shortened beforehand by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. The full IP address will only be transmitted to a Google server in the USA and shortened there in exceptional cases. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide the website operator with other services related to website and internet usage.
(2) The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.
(3) You can prevent the storage of cookies by adjusting your browser software settings. We would like to point out that in this case you may not be able to use all functions of this website to their full extent. You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by Google by using the browser plug-in available under the following link: https://tools.google.com/dlpage/gaoptout?hl=de.
(4) This website uses Google Analytics with the extension “_anonymizeIp ()”. As a result, IP addresses are processed in abbreviated form, so that personal references can be ruled out. If the data collected can be linked to a person, this will be excluded and the personal data will be deleted immediately. The data sent by us and linked to cookies, user IDs (e.g. user ID) or advertising IDs are automatically deleted after 14 months. The deletion of data whose retention period has expired takes place automatically once a month.
(5) We use Google Analytics to analyze the use of our website and to improve it on a regular basis. We can use the obtained statistics obtained to improve our offer and make it more interesting for you as a user. The legal basis for the use of Google Analytics is Art. 6 Abs. 1 S. 1 lit. f DS-GVO.
(7) This website also uses Google Analytics for a cross-device analysis of visitor flows, which is carried out via a user ID. You can deactivate the cross-device analysis of your usage in your customer account under “My data”, “Personal data”.
Opt-out cookies prevent the future collection of data when you visit this website. In order to prevent the collection by Universal Analytics across different devices, you have to carry out the opt-out on all systems used. If you click here, you´ll be able to set the opt-out cookie.
10. Google Maps
(1) We use Google Maps on this website. This enables us to show you interactive maps directly on the website and enables you to conveniently use the map function.
(2) When you visit the website, Google receives the information that you have accessed the corresponding subpage of our website. In addition, the data mentioned in section 4 of this declaration will be transmitted. This happens regardless of whether Google provides a user account that you are logged in or whether there is no user account. If you are logged in to Google, your data will be assigned directly to your account. If you do not wish to be assigned to your profile on Google, you must log out before activating the button. Google saves your data as a usage profile and uses it for advertising, market research and/or needs-based design of its website. Such an evaluation takes place in particular (even for users who are not logged in) to provide needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, although you must contact Google to exercise this right. The legal basis is Art. 6 Abs. 1 S. 1 lit. f) DSGVO (legitimate interests) and Art. 6 Abs. 1 S. 1 lit. a) DSGVO (confirmation).
(4) There is the opportunity to Opt-Out: https://adssettings.google.com/authenticated.
11. Plugins and tools
1. Google Web Fonts
(1) This page uses so-called “web fonts”, which are provided by Google, for the uniform display of fonts. When you call up a page, your browser loads the required web fonts into your browser cache in order to display texts and fonts correctly. For this purpose, the browser you are using must connect to the Google servers. This gives Google knowledge that our website has been accessed via your IP address. The use of Google web fonts takes place in the interest of a uniform and appealing presentation of our online offers. This represents a legitimate interest according to Art. 6 Abs. 1 lit. f DSGVO.
(2) If your browser does not support web fonts, a standard font will be used by your computer.
2. Use of ajax.googleapis.com and jQuery
(1) On this page we use Ajax and jQuery technologies, which optimize the loading speeds. In this regard, program libraries are accessed from Google servers. The CDN (content delivery network) from Google is used. If you have previously used jQuery on another page from the Google CDN, your browser will use the copy stored in the cache. If this is not the case, it will require a download, with data from your browser being sent to Google! Inc. (“Google”). Your data will be transferred to the USA. You can find out more on the websites of the providers
(2) The legal basis for processing your data is Art. 6 Abs. 1 S. 1 lit. f DS-GVO.
(1) We are using “Mixpanel” on our webpage, a product of Mixpanel, Inc., 405 Howard St., Floor 2, San Francisco, CA 94105, USA (hereinafter referred to as: “Mixpanel”). Mixpanel stores and processes information about your user behaviour on our website. Mixpanel uses, among other things, cookies for this, i.e. small text files that are stored locally in the cache of your web browser on your end device and that allow an analysis of the use of our website by you.
(2) We use Mixpanel for marketing and optimization purposes, in particular to analyze the use of our website and to continuously improve individual functions and offers as well as the user experience. Through the statistical evaluation of user behavior, we can improve our offer and make it more interesting for you as a user. This also includes our legitimate interest in the processing of the above data by the third party provider. The legal basis is Art. 6 Abs. 1 S. 1 lit. f) DSGVO.
(3) You can prevent the installation of cookies by deleting existing cookies and deactivating the storage of cookies in the settings of your web browser. We would like to point out that in this case you may not be able to use all functions of our website to their full extent. You can also prevent Mixpanel from collecting the aforementioned information by setting an opt-out cookie on the website: https://mixpanel.com/optout/
(4) Further information on data protection from the third-party provider Mixpanel can be found on the following website: https://mixpanel.com/privacy/