OŚWIADCZENIE O OCHRONIE DANYCH OSOBOWYCH

As at: August 2020

General information on the processing of personal data

We attach great importance to the protection of your personal data. In this privacy policy we would therefore like to inform you in detail as to what personal data is processed when you use our website and services.
The controller under Article 4 No. 7 of the General Data Protection Regulation (“GDPR”) is
• Levantix Rechtsdienstleistungen GmbH
• Behringstraße 14
• 22765 Hamburg
• E-mail: service@toll-damages.com
• (hereinafter referred to as “Levantix”).

You can find further information in our current website legal notice.
You can contact our data protection officer at datenschutz@toll-damages.com or by post at our address (please add the words “der Datenschutzbeauftragte”).

We only process personal data in compliance with the relevant data protection laws. That means that the data is only processed with statutory permission. That is, in particular, if the data processing is necessary for the provision of our contractual services and online services or legally prescribed, if you have granted your consent or on the basis of our legitimate interests (i.e. an interest in the analysis, optimisation and commercial operation and security of our online service in the meaning of Article 6(1) point f) GDPR, particularly for reach measurement, the creation of profiles for advertising and marketing purposes and the collection of access data and the use of services provided by third-party providers).

The legal basis of the consent is Article 6(1) point a) and Article 7 GDPR, the legal basis for the processing for the purpose of performing our services and carrying out contractual measures is Article 6(1) point b) GDPR, the legal basis for the processing for the purpose of fulfilling our legal obligations is Article 6(1) point c) GDPR and the legal basis for the processing for the protection of our legitimate interests is Article 6(1) point f) GDPR.

Data processing when you visit our website

When you use our website for purely informational purposes, i.e. if you do not submit any enquiries, do log in and do not otherwise transmit personal information to us, we process the data that your browser transmits to our server which is technically necessary for the purpose of displaying our website to you and to ensure its stability and security:
• IP address,
• Date and time of the enquiry,
• Duration of the visit to the website,
• Time zone difference relative to Greenwich Mean Time (GMT),
• Content of the request (specific page),
• Access status/HTTP status code,
• Volume of data transferred,
• The website from which the request originates,
• The pages of our site that you visit,
• Internet service provider,
• Browser type,
• Server log files,
• Operating system and its interface,
• Language and version of the browser software.

The legal basis is Article 6(1) sentence 1 point f) GDPR and our legitimate interest is in the correct presentation of the accessed webpages.

Data processing through the use of cookies

In addition to the above-mentioned data, when you use our website cookies are stored on your end device. Cookies are small text files which are stored on your hard drive and assigned to your browser and provide us with information. They serve the purpose of making our online service more user-friendly and effective. The legal basis is Article 6(1) sentence 1 point f) GDPR and our legitimate interest is in the improvement of the user-friendliness of our online service and the evaluation of our online marketing activities.

You can configure your browser settings according to your preferences and thus, for example, refuse the acceptance of cookies. We advise you that if you do so you may not be able to use all the functions of our website.

Our website generates temporary and persistent cookies, whose function and scope is explained in the following sections.
a) Temporary cookies are automatically deleted when you close the browser. They include, in particular, session cookies. These cookies store a so-called session ID, with which various requests of your browser can be ascribed to the joint session. As a result your end device can be recognised when you return to our website.
b) Persistent cookies are automatically erased after a preset period of time, which may differ depending on the cookie. You can delete the cookies at any time in the security settings of your browser.

Google Analytics

We use Google Analytics, a web analysis service provided by Google LLC., Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). Google Analytics also uses cookies. The information generated by the cookies on your use of our website is generally transferred to and stored on a Google server in the USA.
However, if IP anonymisation is activated Google will first abbreviate your IP address in Member States of the European Union or in other contracting states of the Treaty on the European Economic Area. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and abbreviated there. The IP anonymisation in our web service is active. Google uses that information on our behalf to evaluate the use of our website, to prepare reports on activities on the website and to provide us with other services associated with the use of the website and the use of the Internet.

According to information provided by Google, the IP address provided by your browser within the framework of Google Analytics will not be combined with any other Google data. On a supplementary basis we refer you to Google’s privacy policy. You can prevent the recording of the data generated by the cookie that relates to your use (including your IP address) to Google and the processing of that data by Google by downloading and installing a browser plug-in.

Doubleclick

Doubleclick by Google is a service provided by Google LLC, Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). Doubleclick by Google uses cookies to present relevant advertisements to you. For that purpose a pseudonymous identification number (ID) is assigned to your browser in order to track which advertisements have been displayed in your browser and which advertisements have been accessed. The cookies do not contain any personal information. The use of the DoubleClick cookies only enables Google and its partner websites to display advertisements on the basis of previous visits to our or other websites on the Internet.

The information generated by the cookies is transferred by Google to a server in the USA and stored there for evaluation. Google will only transfer that data to third parties on the basis of provisions of law or within the framework of contracted data processing. On no account will Google combine your data with other data recorded by it. By using this website you declare that you agree to the processing of the data concerning you collected by Google, the type and manner of data processing described above and the above-mentioned purpose.

You can also prevent the recording of the data generated by the cookies that relates to your use of the website to Google and the processing of that data by Google by downloading and installing the available DoubleClick deactivation extension browser plug-in.

Facebook marketing services

Within our online service, on the basis of our legitimate interests in the analysis, optimisation and commercial operation of our online service and for those purposes the so-called “Facebook Pixel” of social network Facebook, operated by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA or, if you are resident in the EU, Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”) is used.

With the aid of the Facebook Pixel, Facebook can designate the visitors to our online service as a target group for the presentation of advertisements (so-called “Facebook ads"). We therefore use Facebook Pixel to ensure that the Facebook ads displayed through us are only displayed to Facebook users who have shown on interest in our online service or have particular characteristics (e.g. an interest in particular subjects or products, which is determined based on the visited web pages), which we transmit to Facebook (so-called “custom audiences”). With the aid of the Facebook Pixel we would also like to ensure that our Facebook ads correspond to the potential interests of the users and do not create the impression that we are pestering them. With the aid of the Facebook Pixel we can also track the effectiveness of the Facebook advertisements for statistical and market research purposes, in that we can see whether users have been referred to our website after clicking on a Facebook advertisement (so-called “conversion”).

When you access our website, the Facebook Pixel is directly integrated by Facebook and a “cookie”, i.e. a small file, may be stored on your device. If you then log into Facebook or visit Facebook whilst being logged in, the visit to our online service will be noted in your profile. The data collected concerning you is anonymous for us and thus does not enable us to draw any inferences regarding the users’ identity. However, the data is stored and processed by Facebook, so that a connection with the respective user profile is possible and can be used by Facebook as well as for our own market research and advertising purposes. Insofar as we transmit data to Facebook for the purposes of comparison, it is locally encrypted in the browser and only then sent to Facebook via a secured https connection. This occurs for the sole purpose of drawing a comparison with data likewise encrypted by Facebook.

The processing of the data by Facebook occurs within the framework of Facebook‘s Data Use Policy. You can find specific information and details on the Facebook Pixel and its functioning in Facebook’s help section.:

You may object to the recording by Facebook Pixel and the use of your data for the presentation of Facebook ads. In order to set what types of advertisements are displayed to you within Facebook, you can access the site set up by Facebook and follow the instructions there on settings for use-based advertising.

Google Tag Manager

Our online services use Google Tag Manager by Google. Google Tag Manager is a solution that enables marketers to manage website tags via an interface. The Tag Manager tool itself (which implements the tags) is cookie-free domain and does not record any personal data. The tool triggers other tags, which may record data. Google Tag Manager does not access that data. If a deactivation has been set up at the domain or cookie level, it continues to exist for all tracking tags implemented with Google Tag Manager.

Bing Ads

Our online services use conversion tracking by Microsoft (Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA). For that purpose Microsoft Bing Ads installs a cookie in your computer, if you have reached our website via a Microsoft Bing advertisement. Microsoft Bing and we can thus recognise that someone has clicked on an advertisement, been directed to our website and reached a preset landing page (conversion page). In this process we only learn the total number of users who have clicked on a Bing advertisement and were then directed to the conversion page. No personal information on the identity of the user is communicated. If you do not wish to participate in the tracking process, you can refuse the installation of a cookie required for this, for example through your browser settings, which generally deactivate the automatic installation of cookies. You can find further information on data protection and on the cookies used by Microsoft Bing on Microsoft’s website: https://privacy.microsoft.com/de-de/privacystatement.

Outbrain Amplify

Our online services use the services of Outbrain UK Limited (“Outbrain”) and for that purpose install a temporary cookie of Outbrain in your browser. According to Outbrain’s information, in that cookie no personal data is stored but only technical data (e.g. on your operating system) when the website visitor interacts with the Outbrain network. The IP address of the website visitor is directly anonymised. You can object to the use of this cookie at http://www.outbrain.com/de/legal/privacy.

Taboola

Our online services use technologies provided by Taboola Inc. (1115 Broadway, 7th Floor, New York, NY 10010, USA, “Taboola”). Taboola uses cookies which determine what content you use and which of our pages you visit. The cookie enables us, though the collection of device-related data and log data, to create pseudonymous usage profiles and recommend suitable content to you that matches your personal interests. We can thus individually tailor our service for you. These usage profiles do not enable any inferences to be drawn regarding your person. You can find further information on Taboola and the possibility of deactivating the Taboola cookie at https://www.taboola.com/privacy-policy (you can find opt-out information at “Site Visitor Choices”).

Hotjar

This website uses Hotjar. The provider is Hotjar Ltd., Level 2, St Julians Business Centre, 3, Elia Zammit Street, St Julians STJ 1000, Malta, Europe (website: https://www.hotjar.com).
Hotjar is a tool for analysing your user behaviour on this website. With Hotjar we can, among other things, record your mouse and scroll movements and clicks. Hotjar can also determine how long you keep your mouse pointer in a certain place. From that information Hotjar creates so-called “heatmaps”, which make it possible to determine what areas of a website visitors prefer to view. Our data retention periods amount to no more than 365 days.

We can also determine how long you remain on a page and when you leave it. We can also determine the place where you broke off your entries in a contact form (so-called conversion funnels).

Furthermore, Hotjar allows direct feedback to be obtained from website visitors. This function serves the purpose of improving the website operator’s online services.
Hotjar uses cookies. Cookies are small text files which are installed in your computer and are stored by your browser. They serve the purpose of making our service more user-friendly, effective and secure. These cookies make it possible to determine, in particular, whether the website has been visited with a particular end device or whether the functions of Hotjar have been deactivated for the relevant browser. Hotjar cookies remain on your end device until you delete them.

You can adjust your browser settings so that you are informed of the installation of cookies and decide whether to allow them on a case-by-case basis, block the acceptance of cookies either for particular cases or in general or activate automatic erasure of the cookies when you close the browser. If you do deactivate cookies, the functionality of this website may be restricted.

The use of Hotjar and the storage of Hotjar cookies occur on the basis of Article 6(1) point f) GDPR. The website operator has a legitimate interest in the analysis of user behaviour, for the purpose of optimising both its online service and its advertising. If appropriate consent has been requested (for example consent to the storage of cookies), the processing occurs exclusively on the basis of Article 6(1) point a) GDPR; the consent may be withdrawn at any time.

Deactivating Hotjar
If you we would like to deactivate data collection by Hotjar, click on the following link and follow the instructions provided there: https://www.hotjar.com/opt-out

Please note that Hotjar must be deactivated separately for each browser / each end device.

You can find more detailed information on Hotjar and on the recorded data in Hotjar’s privacy policy via the following link: https://www.hotjar.com/privacy

Airtable

For membership management and as an event, contact and information database we use “Airtable”, a service provided by US company Formagrid Inc., 769 Dolores Street, San Francisco, CA 94110 United States. We have concluded a contract data processing agreement with that company. The agreement contains standard EU contractual clauses. In it Airtable undertakes to protect our users’ data, process it on our behalf in accordance with its privacy policy and, in particular, refrain from passing it on to third parties. AirTable processes data in servers outside the EU. You can find further information here: https://airtable.com/privacy.

Clearing house for data protection

We may pass on your contact details to an impartial clearing house for data protection, namely microm Micromarketing-Systeme und Consult GmbH, Hellersbergstraße 11, 41460 Neuss (“clearing house”). On our behalf the clearing house checks whether a customer has taken advantage of our services at the recommendation of a particular advertising partner, but without passing the data on to that advertising partner. We can thus determine the effectiveness of advertising measures and at the same time avoid unnecessary marketing contacts in the future.

Data processing when you contact us

When you contact us by e-mail or telephone or via a contact form, the data provided by you (e.g. e-mail address, name, telephone number or the content of the enquiry) is processed by us for the purpose of answering your questions and/or handling your issue. The legal basis for this is Article 6(1) point b) GDPR.

Data processing for the performance of a contract

If you commission us to enforce your claim, we process your contact and payment data, as well as communications, contract and case data (e.g. documents and information for the claim enforcement, information on any existing legal expenses insurance policies), for the performance, handling and settlement of the contractual services as detailed in our current general terms and conditions of business. All the above-mentioned data, with the exception of the communications and payment data, is necessary for the conclusion of the contract. It is not possible to conclude a contract if you do not provide it. Your data may, for the above-mentioned purpose, be passed on to our supporting service providers (hosters, service providers, operators of communications applications etc.), which are of course selected carefully by us and are bound by our instructions. They include, in particular, technical service providers which support us in the provision of our services.

As detailed in our GTCs we may commission, within the framework of our contractual services, attorneys-at-law to enforce your rights and/or claims or deliver to attorneys-at-law, as a courier, your declaration aimed at the conclusion of an attorney mandate contract and ensure that the costs are covered though any existing legal expenses insurance policies. In such a situation we provide the attorneys-at-law and legal expenses insurance companies with all the information on your case which is necessary to enable the enforcement to be carried out. Subsequently we exchange information on the further course of the case with the attorneys and if necessary legal expenses insurance companies so that we can always keep you informed and to enable the further handling of the case (for example the payment of the contentious claim).

If you ask us to broker financing for your claim enforcement or other services, we process your contact details and data on your legal case for the performance, handling and settlement of the contractual services. This includes a preliminary review to establish whether we can recommend litigation financing, the transmission of your data to the litigation financer and the further processing by us which is necessary for this. It is not possible to provide the brokerage service if you do not provide us with the data. The subsequent litigation costs financing and the provision of legal advice (or other provision of the brokered service) occur separately from us, subject to the separate responsibility of the litigation financer and the law firm selected by you / the third party whose services we have brokered.

The legal basis is the existing contractual relationship (Article 6(1) sentence 1 point b) GDPR).

Data processing for marketing measures

If you have agreed to receive our advertising (newsletter, e-mail, postal advertising etc.), we inform you via the respective medium about our current offers using your current data. You may withdraw your consent at any time. We may also use your e-mail adress to request that you rate our services, provided that you are a regular client and have not objected to the use of your e-mail address for that purpose. In this case too you can withdraw granted consent at any time.

Your rights

You have the following rights with respect to us with regard to your personal data:
• Right to information (Article 15 GDPR),
• Right to rectification and erasure (Articles 16 and 17 GDPR),
• Right to restriction of the processing (Article 18 GDPR),
• Right to object to the processing (Article 21 GDPR),
• Right to data portability (Article 20 GDPR).

You also have the right to lodge a complaint with a data protection supervisory authority regarding the processing of your data by us.

Please note that you can withdraw any consent granted to us under data protection laws at any time with effect for the future. The same applies for consent to marketing measures. For that purpose you can simply send an informal e-mail to datenschutz@myright.de. Such withdrawal of consent may result in our services no longer being available to you or only being available to a limited extent.

Insofar as we base the processing of your personal data on a weighing of interests (Article 6(1) sentence 1 point f) GDPR), you may submit an objection to the processing. When you submit such an objection please state the reasons you do not wish your personal data to be processed by us in the manner in which we do so. If your objection is justified, we will examine the circumstances and will either discontinue or adjust the data processing or inform you of our compelling reasons meriting protection on the basis which we will continue the processing.

Passing on data to third parties and third-party providers

We only pass your data on to third parties if, for example, this is necessary for the purposes of the contract on the basis of Article 6(1) point b) GDPR or can be justified on the basis of legitimate interests in accordance with Article 6(1) point f) GDPR.

If we make use of subcontractors for the provision of our services, we take appropriate legal precautions and technical and organisational measures to ensure the protection of the personal data in accordance with the relevant provisions of law.

If, within the framework of this privacy policy, third-party providers are specified and their specified registered office is located in a third country, it should be assumed that a data transfer into the countries where the third-party providers have their registered office occurs. We only process your data in a third country if it is necessary for the fulfilment of our (pre)contractual obligations (Article 6(1) point b) GDPR), on the basis of your consent (Article 6(1) point a) GDPR), on the basis of a legal obligation (Article 6(1) point c) GDPR) or on the basis of our legitimate interests (Article 6(1) point f) DSGVO). The same applies for the processing by third parties on our behalf, the disclosure your personal data to third parties and its transmission to third parties.

Erasure of data

The data that we store will be erased as soon as it is not longer needed for its designated purpose and if no statutory retention requirements are opposed to the erasure. If the data is not erased because it is necessary for other legally permissible purposes, its processing will be restricted, i.e. the data will be blocked and not processed for other purposes. This applies, for example, for data which has to be retained for reasons related to commercial or tax law.

Pursuant to legal requirements, the data is retained for six years in accordance with Article 257 par. 1 of the German Commercial Code (Handelsgesetzbuch – HGB) (trading books, inventories, commercial letters, accounting records etc.) and for ten years in accordance with Article 147 par. 1 of the German Tax Code (Abgabenordnung) (books of account, records, management reports, accounting records, commercial and business letters, taxation-relevant documents etc.).

Final provisions

We employ technical and organisational security measures to protect your data, particularly against accidental or intentional manipulation, loss, destruction or access by unauthorised persons. Our security measures are improved on an ongoing basis in line with technological development.

We will update our privacy policy from time to time in line with the technical progress of our services. If the amendment of the privacy policy declaration does not concern the use of the available data, the new privacy policy shall be effective from the date when it is updated on our website. The privacy policy will only be amended with regard to the use of the already collected data insofar as the amendment is reasonable for you. In such a situation we shall notify you in good time by e-mail, on our website, in our application or in a different form. You have the right to object to the applicability of the new privacy policy within four weeks from the receipt of the notification. In the event of an objection we shall have the right to terminate the contractual relationship. If no objection is submitted within the above-mentioned time limit, the amended privacy policy shall be deemed to have been accepted by you. We shall advise you in the notification of your right of objection and the significance of the time limit for objecting.