Privacy notice

Controller, scope of processing

Mr Raphael Thomas, lawyer (hereinfter „Provider“) is the Controller pursuant to applicable data protection provisions. Please find out further details about the Provider in the imprint section of the Website.
This Privacy Statement only describes the collection and processing of personal data when visiting the websites www.thomasrechtsanwaelte.com and http://startup-lawyers.de/ (hereinafter cumulatively: „Website“) and does expressly not apply to the collection and processing of personal data in the framework of a consultancy or mandate.
The Website operated by the Controller provides for editorial content, information regarding the legal consultancy services offered and contact details. Nothing within the Website can be interpreted as a legal consultancy or an offer to enter into a contract.

Processing of personal data when visiting the Website

We only process personal data referring to users according to applicable statutory provisions and only insofar as it’s necessary to provide a functional Website. When visiting our Website we automatically collect usage data relating to the access, including in particular the URL of the retrieved website, date and time of access, transferred data amount, http-statuscode of the reply to access, browser and HTTP-referrer as well as IP address. Such information is not connected to your personal identity. We store your IP address over a limited period of time in logfiles only if necessary for security purposes. We collect the mentioned data to endure the provision of a functional Website. Furthermore, we process such data in order to analyse, track and evaluate user behavior anonymously and thereby improve and develop our service continuously.
The legal basis for processing is therefore art. 6 par. 1 lit. f) GDPR.

Retention time

Unless otherwise specified, personal data referring to you is stored only as long as the processing purpose exists. Upon your consent, personal data may be retained longer, until you withdraw your consent. Moreover, the storage of personal data may be required under European or national legislation, such as European regulations, laws or further regulations, which we are subject to. Personal data shall be blocked or erased when the retention period provided by any of the afore – mentioned acts expires unless a further retention is necessary for the conclusion or performance of a contract.

Transfer outside of the EU/EEA

Unless otherwise specified, all data processing activities take place within the EU or EEA Member States.
Data processing activities performed by third party providers based outside of the mentioned geographical scope may take place in part or in full in the country of the respective establishment and/or according to the applicable data protection provisions.
A transfer of personal data outside the EU or EEA shall only take place on the basis of an adequacy decision of the European Commission, including the adequacy decision regarding the EU-US Privacy Shield, or according to standard data protection clauses adopted by the European Commission. A list of the current adequacy decisions is available on the European Commission’s website. Further information about the EU-US Privacy Shield can be found on the website of the US Department of Commerce.

Cookies

Description and scope
In order to improve user experience on our Website and enable specific features, we implement so-called cookies on several pages. Cookies are small text files that being placed on your terminal device. Some of the cookies we use are automatically erased as soon as you close your browser (so-called “session cookies”). Other cookies are permanently stored on your terminal device in order to allow us or our partners to identify your browser at your next visit (so-called “persistent cookies”).

By setting your browser preferences accordingly, you can be informed each time cookies are being places and can decide whether to accept them one by one or object to the use of cookies in certain cases or always. Furthermore, you can always remove cookies from your terminal device manually. In case of objection to the use of cookies, some features of our Website may not be available to you.
Unless otherwise specified, art. 6 par. 1 lit. f) GDPR serves as legal basis for the processing of personal data via cookies.

technical cookies
We implement cookies in order to improve user experience on our Website. Some elements of our webpage require that the accessing browser be recognised even after a page change.
other cookies
Moreover, we implement cookies in order to monitor and evaluate user behaviour for marketing purposes. Such cookies are provided by third parties integrated in our services. Please find out further details in the following sections. We integrate such cookies in order to monitor the use of our Website and be able to improve it constantly. Thanks to the statistical evidence gathered we are able to improve our offer to you.

Squarespace Analytics
On our Website we implement Squarespace’s analytics feature, provided by Squarespace Ireland ltd., Le Pole House, Ship Street Great, Dublin 8. This service allows us to gather information about the usage of our Website for statistical purposes and thereby to improve and adapt our offer to the needs of users. Information such as IP-address, user location, time of access and retrieved website is thereby collected. On the basis of such data we are not able to determine your actual identity. We do process such data only in an aggregated and anonymised manner.
Please find out more about the processing of personal data by Squarespace at: https://www.squarespace.com/privacy

Retention time, objection and elimination
Cookies are stored on the User's browser and from there transmitted to our Website. Therefore, you as a User have full control over the use of cookies. You can deactivate or restrict the storage of cookies by changing the settings in your Internet browser. Cookies that have already been saved can be deleted at any time. This can also be done automatically. If cookies are deactivated for our Website, it may no longer be possible to use all functions of the Website in full. 

Rights of the data subject

As a data subject, you have the following rights pursuant to the GDPR: 

Your right of access - You have the right to ask us for copies of your personal information. 
Your right to rectification - You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete. 
Your right to erasure - You have the right to ask us to erase your personal information in certain circumstances. 
Your right to restriction of processing - You have the right to ask us to restrict the processing of your information in certain circumstances. 
Your right to notification - If you have exercised your right to have the Controller rectify, erase or limit the processing, the Controller shall communicate any rectification or erasure of personal data or restriction of processing to each recipient to whom the personal data concerning you have been disclosed, unless this proves impossible or involves disproportionate effort. You have the right to be informed about those recipients. 
Your right to object to processing - You have the right to object to the processing of your personal data in certain circumstances. Please find further details below this section.
Your right to withdraw consent - You have the right to withdraw your consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal. 
Your right to data portability - You have the right to ask that we transfer the information you gave us to another organisation, or to you, in certain circumstances. You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you. Please reach out for us at the contact details indicated on the Website if you wish to make a request.

You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on Article 6(1)(e) or (f) GDPR; this also applies to profiling based on those provisions. The Controller shall no longer process the personal data unless the Controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims. 

How to complain to a data protection authority
You can also complain to a data protection authority if you do not agree on how we have used your data. The competent data protection authority for us is: Berliner Beauftragte für Datenschutz und Informationsfreiheit.

Amendments to this privacy notice

Due to the dynamic development of the Internet, new technologies and possibilities are constantly developing. To enable us to offer you these possibilities and technologies, we reserve the right to change this privacy statement for the future when introducing new, additional or when changing or extending existing services or service elements.

The modified privacy statement shall apply from the date of its update on the Website.