1. About us
We, PLUTA Rechtsanwalts GmbH, are responsible for the collection, processing and storage of your data. You can find details about our company at: https://www.pluta.net/information/impressum.html.
The careful handling of your personal data has the highest priority for us. In processing, we comply with the statutory provisions, e.g. the General Data Protection Regulation (GDPR) and the associated national provisions.
This data protection declaration applies to all of our company websites that can be accessed under our domains (www.pluta.net). If you switch to websites of other operators within the scope of our offer, their own data protection policies apply and for the content of which the respective operators of these websites are responsible.
Since we would like to give you a comprehensive overview of the processing of personal data in our group of companies, below you will find an overview of all our services in the context of which we collect and process personal data.
If separate or additional conditions apply to individual services or we ask you for your consent, we will point this out to you separately before using the respective service.
We also take various security measures to protect your personal data. For example, transmission between your web browser and our servers is always transport encrypted; in addition, we maintain a variety of technical and organisational measures to always protect your data.
2. Why we process your data
In principle you can use our website without disclosing your identity. If you wish to register for one of our personalised services, we will ask you for your name and other personal information. It is your free decision whether you enter this (extended) data. Data that we absolutely need from you to provide our services are marked as such.
Your personal data is collected and processed for the following purposes on the basis of the following legal bases:
- Contract initiation pursuant to Art. 6 para. 1(a) and (b) of the GDPR
- Execution of the contract in accordance with Art. 6 para. 1 (b) of the GDPR
- Customer management according to Art. 6 para. 1 (b) and (c) of the GDPR.
- Communication and data exchange in accordance with Art. 6 para. 1 (a), (b), (c) and (f) of the GDPR
- External presentation and advertising pursuant to Art. 6 para. 1 (a) and (f) of the GDPR.
- Implementation of declarations of consent in accordance with Art. 6 para. 1 (a) of the GDPR
- Ensuring the proper operation of a data processing system in accordance with
Art. 6 para. 1 (c) and (f) of the GDPR
- Applicant selection procedures within the framework of personnel and resource management pursuant to Art. 6 para. 1 (b) of the GDPR in conjunction with Article 26 BDSG (German Federal Data Protection Act) (new)
3. Which of your data we collect and process
We collect different categories of personal data from you.
The term 'personal data' captures all information relating to an identified or identifiable natural person, i.e. something about a reference person (Art. 4 No. 1 GDPR). Information says something about a reference person if it can be directly or indirectly attributed to a specific or identifiable natural person: name information (e.g. first and last name), identification number (e.g. car registration number, account number, telephone number), location data (e.g. address, GPS data), online identification (e.g. e-mail address with name component, static and dynamic IP address), characteristics that are expressions of physical (e.g. pictorial material), physiological, genetic, psychological, economic (e.g. income, job title), cultural or social identity (e.g. date of birth).
Statistical information that cannot be directly or indirectly associated with a natural person - such as the popularity of individual websites from our offer or the number of website visitors to a site - is not personal data.
In both cases, data will only be collected to the extent necessary; the data will only be processed for the purposes stated under point 2. It is your decision whether you want to transmit data to us that optimises the use of our services for you, but is not necessary for this. Corresponding data fields are marked as 'voluntary' or 'optional'.
We immediately collect data from you
- when contacting us, e.g. via the (web) forms
- when participating in our marketing program
- in the selection procedure
We indirectly collect data from you
- in securing our web servers
- by the software used for website tracking as well as cookies
4. Protection of minors
Our services and thus our website are not directed at minors, and we do not knowingly collect personal data from minors.
If we determine that a minor under the age of 16 has sent us personal data without parental consent or agreement to the consent of the minor, we will delete the data immediately.
5. Who has access to your data and to whom we transmit your data
Access to your personal data stored by us is limited to our employees and the service providers commissioned by us, who have to deal with this personal data due to their tasks.
If third parties gain access to your data, we have obtained your permission or there is a legal basis for this.
We also use service providers to provide services and to process your data. Insofar as these special provisions apply, we have carried them out for you in the following for the respective service. The service providers process the data exclusively on our instructions and are obliged to comply with the applicable data protection regulations. All contractors have been carefully selected and will only have access to your data to the extent and for the time required to provide the services or to the extent to which you have consented to the processing and use of your data.
5.2. Data exchange within the group of companies
Data exchange within the group of companies to which we belong takes place exclusively within the EU/EEA and serves only internal administrative purposes. By group of companies we mean affiliated companies within the meaning of Art. 4 No. 19 GDPR.
5.3. Transfer to third countries and legal basis
The servers of some of the service providers we use are located in the USA and other countries outside the European Union. Companies in these countries are subject to a data protection law that does not generally protect personal data to the same extent as is the case in the Member States of the European Union. If your data is processed in a country that does not have a recognised high level of data protection such as the European Union, we use contractual regulations or other recognised instruments to ensure that your personal data is adequately protected. We expressly point this out to you again within the scope of the individual services.
Insofar as a transfer of personal data takes place in third countries, this takes place on the basis of the EU Commission's decision of appropriateness to the EU-U.S. Privacy Shield pursuant to Art. 45 GDPR or the EU Standard Treaty 2010 pursuant to Art. 46 para. 2 (c) of the GDPR in conjunction with the decision of the EU Commission of 05.02.2010 (2010/87/EU) or on the basis of your consent pursuant to Art. 49 para. 1 (a) of the GDPR.
5.4. Transmission to law enforcement and criminal investigation authorities
In exceptional cases we transmit personal data to law enforcement and criminal investigation authorities. This is done on the basis of corresponding legal obligations, e.g. from the Code of Criminal Procedure, the Fiscal Code, the Money Laundering Act or state police laws.
6. Storage periods
We store personal data within the framework of legal regulations or your consent.
We use the following criteria to determine the specific storage period:
We store personal data until the purposes for which it was collected cease to apply (e.g. upon termination of a contractual relationship or through the last activity, if there is no continuing obligation, or in the event of a revocation of your consent for the specific data processing).
Further data will only be stored if
- legal storage obligations (e.g. according to AO (Fiscal Code) and HGB (Commercial Code)) exist;
- the data is still needed to assert and exercise legal claims or to defend against legal claims, e.g. due to technological and forensic requirements to defend against attacks on our web servers and their prosecution;
- the deletion would be contrary to the legitimate interest of the data subjects;
- any other exception pursuant to Art. 17 para. 3 GDPR applies.
7. Data Subject Rights
7.1. Right to information and data transfer
You have a right of access to personal data concerning you and processed by us at any time in accordance with Art. 15 GDPR.
If the data processing is based on your consent or according to Art 6 para. 1 (b) GDPR is based on a contract, you may, pursuant to Art. 20 para. 1 GDPR receive the personal data stored about you in a structured, current and machine-readable format, or to have it transferred to a system of a third party. You are therefore entitled to direct forwarding of your data.
7.2. Right to rectification, limitation and deletion
Furthermore, in accordance with Articles 16 to 18 GDPR, you may request us to correct, restrict (block) or delete your personal data if we have processed the data incorrectly, if there is a reason to restrict further data processing, or if data processing has become illegal for various reasons, or if its storage is inadmissible for other legal reasons. We would like to point out that your right to deletion may be restricted by legal retention periods.
7.3. Right of objection
If our data processing is based exclusively on our legitimate interest in accordance with
Art. 6 para. 1 (f) GDPR, you may object to this processing pursuant to Art. 21 para. 1 GDPR. We will then stop processing your data unless we can provide evidence of legitimate reasons for processing that outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend a legal claim. Furthermore, you always have the right to object to the use of your data for the purpose of direct advertising with effect for the future pursuant to Art. 21 para. 2 GDPR.
7.4. Right of revocation
If you have allowed us to process your personal data by giving your consent, you are entitled to revoke your consent pursuant to Art. 7 para. 3 GDPR effect for the future.
7.5. Right of appeal to the supervisory authority
You are free to lodge a complaint with a supervisory authority if you believe that our processing of your personal data violates the European General Data Protection Regulation or other national and international data protection laws, Art 77 GDPR.
The contact details of the supervisory authority responsible for us are as follows:
|Name||Der Landesbeauftragte für den Datenschutz Baden-Württemberg (The State Commissioner for Data Protection of the State of Baden-Wuerttemberg)|
|Adress||PO box 10 29 32 70025 Stuttgart ; Königstrasse 10a 70173 Stuttgart|
|Phone Number||07 11 / 61 55 41 - 0|
7.6. Contact data
To exercise your rights, you can send us an informal message to the following contact details. Please also address the revocation of your consent to the following contact details, indicating which declaration of consent you would like to revoke:
|Company name & legal form:||PLUTA Rechtsanwalts GmbH|
|Adress:||PLUTA Rechtsanwalts GmbH Datenschutz Karlstrasse 33 89073 Ulm|
8. Securing the web server
When you visit our website, for the purpose of securing our web server and guaranteeing the functionality of our online services, the web servers save the connection data of the requesting computer, the web pages you visit on our site, the date and duration of your visit, the identification data of the browser and operating system type used and the website from which you are visiting us. The legal basis is Art. 6 para. 1 (c) in connection with Art. 32 GDPR, Art. 6 para. 1 (f) GDPR.
This data set consists of:
- the page which is requested from the file,
- the name of the file
- the date and time of query,
- the amount of data transferred,
- the access status (file transferred, file not found, etc.)
- the description of the type of browser used
- the IP address of the requesting computer, shortened by the last eight digits.
This data is stored anonymously. The creation of personal user profiles is thus excluded.
9. Data transmission via web form
Using the web form at https://www.pluta.net/information/kontakt we request the following data:
- Name (required)
- Your email (required)
- Company / official affiliation (voluntary declaration)
- Phone number (optional)
- Message text (required)
- Selection of PLUTA location (required)
Data that you send us via the web form is used for the purposes of communication and data exchange as well as for contract initiation and processing in accordance with Art. 6 para. 1 (a), (b) and (f) of the GDPR. This data is stored as long as its processing is necessary for these purposes or until the expiry of any subsequent retention periods.
10. The selection procedure
Under https://www.pluta.net/karriere.html you can view our job advertisements.
In the application process we request the following application data:
- Private address
- Contact details (email address, telephone number if applicable)
- Curriculum Vitae
- Work References
- Certificates of professional qualifications and further training, if applicable
- School, university and vocational education and training certificates, if applicable
- Salary expectation / request
- Possible starting date
The data is used for the purpose of contract initiation, for the execution of pre-contractual measures as well as for personnel and resource management in accordance with Art. 6 para. 1 (b) GDPR in conjunction with Article 26 BDSG.
You can send us your application by email or by post. Please note that applications that you send us by email will be sent to us un-encrypted.
Your application data and the corresponding documents will be received by the personnel department and only forwarded to the department responsible for the respective position or to the persons entrusted with the processing. All participants treat your application data as well as the corresponding documents with the necessary care and absolute confidentiality.
After completion of the applicant selection process, we will keep your application data and the corresponding documents for another 3 months and then delete or destroy any copies if we have not concluded an employment contract with you.
Should we include your data in our applicant pool, we will notify you accordingly. In the notification you can actively consent to the further storage of your documents. To do this, you provide the following declaration of consent:
Sehr geehrter Bewerber,
….. (allgemeines Absageschreiben)
Gerne würden wir Ihre Bewerbungsunterlagen aber für weitere 12 Monate in unserem Talent-Pool speichern, um Sie bei einer für Sie interessanten Stelle kontaktieren zu können. Nach Ablauf der 12 Monate werden Ihre Unterlagen dann endgültig gelöscht.
Wenn Sie damit einverstanden sind, antworten Sie bitte unter Mitteilung ihrer Einwilligung auf dieses Schreiben.
Im Anschluss werden Ihre Bewerbungsunterlagen in unserem Talent-Pool gespeichert. Ihre Einwilligung können Sie jederzeit an die in diesem Schreiben genannten Kontaktdaten widerrufen, mit der Folge, dass Ihre Unterlagen umgehend gelöscht werden.
Wenn Sie nicht im Talent-Pool aufgenommen werden wollen, können Sie dieses Schreiben ignorieren. Ihre Bewerbungsunterlagen werden dann innerhalb der nächsten 3 Monate gelöscht. …
Sofern Sie einwilligen, werden Ihre personenbezogenen Daten zur Umsetzung Ihrer Einwilligungserklärung gemäß Art. 6 Abs. 1 lit. a) DSGVO für weitere 12 Monate gespeichert und nach Ablauf der 12 Monate endgültig gelöscht.
11. Data processing and use for external presentation and advertising purposes
We also use your data as described in more detail below for the purposes of external presentation and advertising pursuant to Art. 6 para. 1 (a) and (f) GDPR.
11.1. Registration for upcoming events
You can register for events that we organise at https://www.pluta.net/plutaevents.html . For this we need the following information from you:
- Code (so-called invitation code, mandatory field)
For the purpose of event management (e.g. sending invitations, admission control), we require the following additional information depending on the form and type of event: salutation, title, first/last name, company affiliation, possibly also postal address.
The legal basis is Art. 6 para. 1 (a) and (f) GDPR. This data is stored as long as its processing is necessary for these purposes or until the expiry of any subsequent retention periods.
11.2. Review of past events
You can find out about past events in which you have participated at https://www.pluta.net/plutaevents.html . For this we need the following information from you:
- Code (required)
No further data processing takes place.
11.3. Press Materials
At https://www.pluta.net/presse/pressematerial.html information is made available for press purposes.
If you contact us for further press material, we collect and process personal data (name, function / job title, company affiliation, company address, company contact data) from you in this context. The personal data provided to us by you will be used exclusively for the purpose of communication and data exchange in accordance with Art. 6 para. 1 (a) and (f) of the GDPR. This data is stored as long as its processing is necessary for these purposes or until the expiry of any subsequent retention periods.
11.4. Postal advertising
To the extent permitted by law, we may also use your name and the postal address known to us to send you advertising for our own offers. The legal basis is Art. 6 para. 1 (f) in conjunction with Recital 47 of the GDPR. Our legitimate interest is to promote sales or demand from our existing customers. Of course, you can object to the processing of your data for advertising purposes at any time in the future. A message in text form to the above-mentioned contact data is sufficient. We will then delete your data from our mailing list. The data proving your objection will subsequently be kept for another 6 years in accordance with Art. 17 para. 3 (b), (e) of the GDPR. During this period, however, your personal data will be blocked for further processing.
To the extent permitted by law, we may also use your name, company affiliation and telephone number provided for business customers to inform you about our own offers, assuming your presumed interest. The legal basis is Art. 6 para. 1 (f) in conjunction with Recital 47 of the GDPR, Art 7 para. 2 No. 2 UWG (Unfair Competition Act). Our legitimate interest is to promote sales or demand from our existing customers. Of course, you can object to the processing of your data for advertising purposes at any time in the future. A message in text form to the above-mentioned contact data is sufficient. We will then delete your data from our mailing list. The data proving your objection will subsequently be kept for another 6 years in accordance with Art. 17 para. 3 (b), (e) of the GDPR. During this period, however, your personal data will be blocked for further processing.
11.6. Marketing Program
At your express request, we will send you information on industry topics, news from PLUTA projects and processes or invitations to lectures and network events, provided you register at https://pluta.events/pluta-marketing-programm/ . For this purpose, we request the following data:
- Your email (required)
- Salutation (optional)
- Title (optional)
- Names (optional)
PLUTA Rechtsanwalts GmbH and PLUTA Management GmbH, Barthstrasse16, 80339 Munich, are jointly responsible for data processing (Tel. +49 89 858963-3, email: email@example.com). The legal basis for the processing of this personal data is Art. 6 para. 1 (a) of the GDPR. Please note that delivery can only take place after you have expressly confirmed your subscription request again within the scope of our double opt-in procedure: to confirm your email address and your consent, you will receive a separate email after sending the registration form (confirmation email). We will not register your consent until you have confirmed the activation link contained in this email. Otherwise your data provided via the registration form will be deleted after 2 weeks. By confirming your registration under this activation link, you agree that we may send you, as the owner of this email address, information on industry topics, news from PLUTA projects and procedures or invitations to lectures and network events.
Your email address collected during registration and any other personal data you voluntarily provide will be used exclusively for the purpose of sending and personalising our letters as part of the PLUTA Marketing Program with the contents listed above. You can revoke your consent to the use of your data for sending the above information at any time with effect for the future, by clicking the unsubscribe link at the end of each advertising email or by notification in text form to the above contact data. Furthermore, you always have the right to object to the use of your data for the purpose of direct advertising with effect for the future pursuant to Art. 21 para. 2 GDPR. If you withdraw your consent or revoke the use of your data for the purpose of direct advertising, we will delete your data from our mailing list so that no more marketing information will be sent to you. The data records that prove your consent, as well as the revocation of your consent, will then be kept in accordance with Art.17 para. 3 (b) and (e) of the GDPR, for another 6 years. During this period, however, your personal data will be blocked for further processing.
11.7. Profiling (cookies and web tracking procedures)
11.7.1. Basic information on cookies and opt-out options
We use so-called cookies in some areas of our website, e.g. to recognise the preferences of visitors and to be able to design the website accordingly. They make navigation easier and offer a high degree of user-friendliness on a website. Cookies also help us to identify particularly popular areas of our website. Cookies are small files that are stored on a visitor's hard drive. They allow information to be stored for a certain period of time and to identify the visitor's computer. For better user guidance and individual service presentation, we use permanent cookies.
We also use session cookies, which are automatically deleted when you close your browser. You can set your browser to notify you before a cookie is saved. This will make their use apparent to you. This is done to verify the authorisation of actions and the authentication of the requesting user of our services. The legal basis is Art. 6 para. 1 (c) in connection with Art. 32 GDPR and Art. 6 para. 1 (f) GDPR. Our legitimate interest is to secure our web server, for example to defend ourselves against attacks, and to ensure the functionality of our services.
We only set non-technically necessary cookies after your express consent, Art. 6 Para. 1 (a) GDPR, which you can of course revoke at any time.
As part of our cookie information on our website, you have agreed to the following statement in this regard:
Please also note that deleting all cookies will also delete opt-out cookies. You may therefore have to reset them. Cookies are also browser-bundled, i.e. they must be set separately for each browser you use on each device you use. You will find the necessary links in the description of the respective service below.
The following cookies are used by us - if you allow this and have not set one or more opt-out cookies - for a more detailed purpose:
The name of the cookie
Possibility of revocation of consent
This cookie is used by Google Analytics to control the frequency of requests.
This cookie is used by Google Analytics to distinguish between users.
This cookie is used by Google Analytics to distinguish between users.
This session cookie is used internally to protect forms.
11.7.2. Google Analytics
This website uses Google Analytics, a web analytics service provided by Google Inc. ("Google"). Google Analytics uses so-called "cookies", text files stored on your computer which enable your website use to be analysed. Cookie-generated information about your use of this website is usually transmitted to and stored on a Google server in the USA. However, if IP anonymisation is activated on this website, your IP address will be truncated by Google within the member states of the European Union or in other countries that are contracting parties to the Agreement in the European Economic Area. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and truncated there. On our behalf, Google will use this information for the purpose of evaluating your use of the website, for compiling reports on website activity, and for providing us other services relating to website activity and internet usage. The IP address that your browser transmits within the scope of Google Analytics will not be associated with any other data held by Google. One way to object to web analysis by Google Analytics is to set an opt-out cookie that instructs Google not to store or use your data for web analysis purposes. Please note that with this solution the web analysis will only not take place as long as the opt out cookie is stored by the browser. If you want to set the opt-out cookie now, please click https://developers.google.com/analytics/devguides/collection/gajs/?hl=en#disable.
Receiver of the data: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
11.7.3. Google Tag Manager
The Google Tag Manager is a product of Google LLC ("Google"), 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, which enables us to manage website tags of applications such as Google Analytics via one interface. The Tag Manager is a cookie-less domain and does not collect any personal data.
Sie haben die Möglichkeit, die oben genannten Analysedienste zu deaktivieren:
12. Data security
We maintain various security measures within the meaning of Art. 32 GDPR (technical and organisational measures) to protect your personal data.
For the secure transmission of the data you send us, we offer you SSL/TLS encryption with the current TLS v1.2 encryption protocol on our website. We would like to point out that the comprehensive encryption of the transmission path also depends on your Internet browser. We therefore recommend that you keep your Internet browser up to date, so that encryption according to TLS v1.2 is automatically established when you visit our website.
Should you want to contact us by email, we would like to advise you that the confidentiality of the information cannot be guaranteed. The content of emails may be viewed by third parties. We therefore recommend that you send us confidential information by post or via https-encrypted contact form.
Ulm, 6 June 2018
PLUTA Rechtsanwalts GmbH