In the following please find information about the processing of your personal data and about your data protection rights in the context of the use of our web service.
1. Controller
The controller that is responsible for the data processing is:
- Scheja & Partners GmbH & Co. KG (hereinafter referred to as "we“)
- Adenauerallee 136
- D-53113 Bonn
- Germany
- tel.: +49 (0) 228-227 226-0
- e-mail:
Encrypted contact form: /contact/contact.html
2. Data protection officer
You can reach our data protection officer here:
- Scheja & Partners GmbH & Co. KG
- Datenschutzbeauftragte
- Adenauerallee 136
- D-53113 Bonn
- Germany
Encrypted contact form: /contact/data-protection-officer.html
3. Your data subject rights
As a data subject, you have the following rights under the GDPR, provided that the respective statutory requirements are met:
Access: You have the right to receive information about the personal data pertaining to you that we process.
Rectification: You may demand that inaccurate personal data will be rectified. Furthermore, you may demand that incomplete data will be completed.
Erasure: In certain cases, you are entitled to demand the erasure of your personal data.
Restriction of processing: In certain cases, you are entitled to demand that we restrict the processing of your data.
Data portability: If you have made the data available to us based on a contract or consent, you are entitled to demand to receive the data which you provided to us in a structured, commonly used and machine-readable format or to have them transmitted by us to another controller.
Right to object
You have the right to object at any time to the processing of your personal data on the basis of Article 6(1)(f) of the GDPR for reasons arising from your particular situation. We will then no longer process such personal data for those purposes, unless we can provide compelling protected reasons for such processing that outweigh your interests, rights and freedoms, or the processing is necessary for the assertion of, exercise of, or defence against any legal claims.
Withdrawal of consent: If you have given us your consent as to the processing of your data, you may withdraw the consent at any time with effect for the future. This does not affect the legitimacy of the processing of your personal data before the withdrawal of the consent.
Asserting your rights: To assert any of your abovementioned rights, please contact us by means of the contact details indicated in Section 1 above. When doing so, please make sure that we can clearly identify you.
Right to lodge a complaint with the supervisory authority: If you believe that the processing of the personal data concerning you is illegal, you may lodge a complaint with a supervisory authority, in particular in the member state of your habitual residence, your workplace, or at the location of the alleged breach.
4. Automated individual decision-making, including profiling
Automated individual decision-making, including profiling, within the meaning of Article 22 of the GDPR will not take place in connection with the use of our web service.
5. Transfer to third countries
In the context of IT-Services and IT-Infrastructure we engage service providers, which are not located within the European Union or the European Economic Area. In doing so, we ensure prior to the transfer that, outside of exceptional cases permitted by statutory law, the recipient either possesses an appropriate level of data protection or appropriate safeguards exist. You can obtain an overview on the recipients in third countries and a copy of the appropriate or suitable safeguards. Please use the data provided in Section 1.
6. Details on services
| Functionality | Data categories | Purpose(s) | Legal basis | Pursued legitimate interests | Recipients or categories of recipients | Storage periods or criteria for their determination | Duty to provide personal data and possible consequences of failure to provide |
|---|---|---|---|---|---|---|---|
| Display of service | Date and time of access, duration of visit, type of device, used operation system, used functions, amount of sent data, type of event, IP-address, domain name | Providing service | Article 6 section 1 b) and f) GDPR | Technical functionality | Hosting provider, internal departments, external service provider for technical support | Directly after delivery by the web server | No duty to provide, automatic collection by accessing the service |
| Log files | Accessed URL, IP address, Date and time of access, amount of transferred data, http-status, information about the browser type and the used version | Statistical evaluations, optimizing the website, system security (fraud prevention), error diagnosis | Article 6 section 1 b) and f) GDPR | See purposes | Hosting provider, internal departments, external service provider for technical support, government agencies on demand | 9 weeks after creation | No duty to provide, automatic collection by accessing the service |
| Contact form | Name of the contacting person, postal address, phone number, e-Mail address, content of the message, requested contact person, attachments | Receipt and handling of requests, complaints and other feedback | Article 6 section 1 b) and f) GDPR | See purposes | Hosting provider, internal departments, government agencies on demand | After handling the request and expiration of retention periods of commercial law and tax law, if applicable | No duty to provide |
Last update: February 2020