Privacy Policy | PLUTA Rechtsanwalts GmbH
We Help Companies.

Data Privacy

1. About us

PLUTA with all companies:PLUTA Rechtsanwalts GmbH, PLUTA Abogados y Administradores Concursales, SLP, PLUTA Management GmbH, PLUTA Management Restructuring, S.L., hereafter referred to as PLUTA, ist responsible for the collection, processing and storage of your data. You can find details about our company at: https://www.pluta.net/information/impressum.html.

The careful handling of your personal data has the highest priority for us. In processing, we comply with the statutory provisions, e.g. the General Data Protection Regulation (GDPR) and the associated national provisions.

This data protection declaration applies to all of our company websites that can be accessed under our domains (www.pluta.net). If you switch to websites of other operators within the scope of our offer, their own data protection policies apply and for the content of which the respective operators of these websites are responsible.

Since we would like to give you a comprehensive overview of the processing of personal data in our group of companies, below you will find an overview of all our services in the context of which we collect and process personal data.

If separate or additional conditions apply to individual services or we ask you for your consent, we will point this out to you separately before using the respective service.

We also take various security measures to protect your personal data. For example, transmission between your web browser and our servers is always transport encrypted; in addition, we maintain a variety of technical and organisational measures to always protect your data.

2. Why we process your data

In principle you can use our website without disclosing your identity. If you wish to register for one of our personalised services, we will ask you for your name and other personal information. It is your free decision whether you enter this (extended) data. Data that we absolutely need from you to provide our services are marked as such.

Your personal data is collected and processed for the following purposes on the basis of the following legal bases:

  • Contract initiation pursuant to Art. 6 para. 1(a) and (b) of the GDPR
  • Execution of the contract in accordance with Art. 6 para. 1 (b) of the GDPR
  • Customer management according to Art. 6 para. 1 (b) and (c) of the GDPR.
  • Communication and data exchange in accordance with Art. 6 para. 1 (a), (b), (c) and (f) of the GDPR
  • External presentation and advertising pursuant to Art. 6 para. 1 (a) and (f) of the GDPR.
  • Implementation of declarations of consent in accordance with Art. 6 para. 1 (a) of the GDPR
  • Ensuring the proper operation of a data processing system in accordance with
    Art. 6 para. 1 (c) and (f) of the GDPR
  • Applicant selection procedures within the framework of personnel and resource management pursuant to Art. 6 para. 1 (b) of the GDPR in conjunction with Article 26 BDSG (German Federal Data Protection Act) (new)

3. Which of your data we collect and process

We collect different categories of personal data from you.

The term 'personal data' captures all information relating to an identified or identifiable natural person, i.e. something about a reference person (Art. 4 No. 1 GDPR). Information says something about a reference person if it can be directly or indirectly attributed to a specific or identifiable natural person: name information (e.g. first and last name), identification number (e.g. car registration number, account number, telephone number), location data (e.g. address, GPS data), online identification (e.g. e-mail address with name component, static and dynamic IP address), characteristics that are expressions of physical (e.g. pictorial material), physiological, genetic, psychological, economic (e.g. income, job title), cultural or social identity (e.g. date of birth).

Statistical information that cannot be directly or indirectly associated with a natural person - such as the popularity of individual websites from our offer or the number of website visitors to a site - is not personal data.

In both cases, data will only be collected to the extent necessary; the data will only be processed for the purposes stated under point 2. It is your decision whether you want to transmit data to us that optimises the use of our services for you, but is not necessary for this. Corresponding data fields are marked as 'voluntary' or 'optional'.

We immediately collect data from you

  • when contacting us, e.g. via the (web) forms
  • when participating in our marketing program
  • in the selection procedure

We indirectly collect data from you

  • in securing our web servers
  • by the software used for website tracking as well as cookies

4. Protection of minors

Our services and thus our website are not directed at minors, and we do not knowingly collect personal data from minors.
If persons under the age of 16 transmit personal data to us, this is only permitted if the parent/guardian has consented or has approved the consent of the young person. For this purpose, in accordance with Art. 8 para. 2 GDPR, in order to convince us of the consent or approval of the legal guardian. This data as well as the data of the minor will then be processed in accordance with this privacy policy.

If we determine that a minor under the age of 16 has sent us personal data without parental consent or agreement to the consent of the minor, we will delete the data immediately.

5. Who has access to your data and to whom we transmit your data

5.1. Access

Access to your personal data stored by us is limited to our employees and the service providers commissioned by us, who have to deal with this personal data due to their tasks.
If third parties gain access to your data, we have obtained your permission or there is a legal basis for this.
We also use service providers to provide services and to process your data. Insofar as these special provisions apply, we have carried them out for you in the following for the respective service. The service providers process the data exclusively on our instructions and are obliged to comply with the applicable data protection regulations. All contractors have been carefully selected and will only have access to your data to the extent and for the time required to provide the services or to the extent to which you have consented to the processing and use of your data.

5.2. Data exchange within the group of companies

Data exchange within the group of companies to which we belong takes place exclusively within the EU/EEA and serves only internal administrative purposes. By group of companies we mean affiliated companies within the meaning of Art. 4 No. 19 GDPR.

5.3. Transfer to third countries and legal basis

The servers of some of the service providers we use are located in the USA and other countries outside the European Union. Companies in these countries are subject to a data protection law that does not generally protect personal data to the same extent as is the case in the Member States of the European Union. If your data is processed in a country that does not have a recognised high level of data protection such as the European Union, we use contractual regulations or other recognised instruments to ensure that your personal data is adequately protected. We expressly point this out to you again within the scope of the individual services.

Insofar as a transfer of personal data takes place in third countries, this takes place on the basis of the EU Commission's decision of appropriateness to the EU-U.S. Privacy Shield pursuant to Art. 45 GDPR or the EU Standard Treaty 2010 pursuant to Art. 46 para. 2 (c) of the GDPR in conjunction with the decision of the EU Commission of 05.02.2010 (2010/87/EU) or on the basis of your consent pursuant to Art. 49 para. 1 (a) of the GDPR.

5.4. Transmission to law enforcement and criminal investigation authorities

In exceptional cases we transmit personal data to law enforcement and criminal investigation authorities. This is done on the basis of corresponding legal obligations, e.g. from the Code of Criminal Procedure, the Fiscal Code, the Money Laundering Act or state police laws.

6. Storage periods

We store personal data within the framework of legal regulations or your consent.

We use the following criteria to determine the specific storage period:

We store personal data until the purposes for which it was collected cease to apply (e.g. upon termination of a contractual relationship or through the last activity, if there is no continuing obligation, or in the event of a revocation of your consent for the specific data processing).

Further data will only be stored if

  • legal storage obligations (e.g. according to AO (Fiscal Code) and HGB (Commercial Code)) exist;
  • the data is still needed to assert and exercise legal claims or to defend against legal claims, e.g. due to technological and forensic requirements to defend against attacks on our web servers and their prosecution;
  • the deletion would be contrary to the legitimate interest of the data subjects;
    or
  • any other exception pursuant to Art. 17 para. 3 GDPR applies.

7. Data Subject Rights

7.1. Right to information and data transfer

You have a right of access to personal data concerning you and processed by us at any time in accordance with Art. 15 GDPR.
If the data processing is based on your consent or according to Art 6 para. 1 (b) GDPR is based on a contract, you may, pursuant to Art. 20 para. 1 GDPR receive the personal data stored about you in a structured, current and machine-readable format, or to have it transferred to a system of a third party. You are therefore entitled to direct forwarding of your data.

7.2. Right to rectification, limitation and deletion

Furthermore, in accordance with Articles 16 to 18 GDPR, you may request us to correct, restrict (block) or delete your personal data if we have processed the data incorrectly, if there is a reason to restrict further data processing, or if data processing has become illegal for various reasons, or if its storage is inadmissible for other legal reasons. We would like to point out that your right to deletion may be restricted by legal retention periods.

7.3. Right of objection

If our data processing is based exclusively on our legitimate interest in accordance with
Art. 6 para. 1 (f) GDPR, you may object to this processing pursuant to Art. 21 para. 1 GDPR. We will then stop processing your data unless we can provide evidence of legitimate reasons for processing that outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend a legal claim. Furthermore, you always have the right to object to the use of your data for the purpose of direct advertising with effect for the future pursuant to Art. 21 para. 2 GDPR.

7.4. Right of revocation

If you have allowed us to process your personal data by giving your consent, you are entitled to revoke your consent pursuant to Art. 7 para. 3 GDPR effect for the future.

7.5. Right of appeal to the supervisory authority

You are free to lodge a complaint with a supervisory authority if you believe that our processing of your personal data violates the European General Data Protection Regulation or other national and international data protection laws, Art 77 GDPR.

The contact details of the supervisory authority responsible for us are as follows:

supervisory authority
NameDer Landesbeauftragte für den Datenschutz Baden-Württemberg (The State Commissioner for Data Protection of the State of Baden-Wuerttemberg)
AdressPO box 10 29 32, 70025 Stuttgart; Königstrasse 10a, 70173 Stuttgart
Phone Number07 11 / 61 55 41 - 0
Email adresspoststelle@lfd.bwl.de
Web adresshttps://www.baden-wuerttemberg.datenschutz.de/

7.6. Contact data

To exercise your rights, you can send us an informal message to the following contact details. Please also address the revocation of your consent to the following contact details, indicating which declaration of consent you would like to revoke:

Contact data
Company name & legal form:PLUTA Rechtsanwalts GmbH
Adress:PLUTA Rechtsanwalts GmbH, Datenschutz, Karlstrasse 33, 89073 Ulm
Email:privacy@pluta.net

8. Securing the web server

When you visit our website, for the purpose of securing our web server and guaranteeing the functionality of our online services, the web servers save the connection data of the requesting computer, the web pages you visit on our site, the date and duration of your visit, the identification data of the browser and operating system type used and the website from which you are visiting us. The legal basis is Art. 6 para. 1 (c) in connection with Art. 32 GDPR, Art. 6 para. 1 (f) GDPR.

This data set consists of:

  • the page which is requested from the file,
  • the name of the file
  • the date and time of query,
  • the amount of data transferred,
  • the access status (file transferred, file not found, etc.)
  • the description of the type of browser used
  • the IP address of the requesting computer, shortened by the last eight digits.

This data is stored anonymously. The creation of personal user profiles is thus excluded.

9. Data transmission via web form

Using the web form at https://www.pluta.net/information/kontakt we request the following data:

  • Name (required)
  • Your email (required)
  • Company / official affiliation (voluntary declaration)
  • Phone number (optional)
  • Message text (required)
  • Selection of PLUTA location (required)

Data that you send us via the web form is used for the purposes of communication and data exchange as well as for contract initiation and processing in accordance with Art. 6 para. 1 (a), (b) and (f) of the GDPR. This data is stored as long as its processing is necessary for these purposes or until the expiry of any subsequent retention periods.

10. The selection procedure

Under https://www.pluta.net/karriere.html you can view our job advertisements.

In the application process we request the following application data:

  • Name
  • Private address
  • Contact details (email address, telephone number if applicable)
  • Curriculum Vitae
  • Work References
  • Certificates of professional qualifications and further training, if applicable
  • School, university and vocational education and training certificates, if applicable
  • Salary expectation / request
  • Possible starting date

The data is used for the purpose of contract initiation, for the execution of pre-contractual measures as well as for personnel and resource management in accordance with Art. 6 para. 1 (b) GDPR in conjunction with Article 26 BDSG.

You can send us your application by email or by post. Please note that applications that you send us by email will be sent to us un-encrypted.

Your application data and the corresponding documents will be received by the personnel department and only forwarded to the department responsible for the respective position or to the persons entrusted with the processing. All participants treat your application data as well as the corresponding documents with the necessary care and absolute confidentiality.

After completion of the applicant selection process, we will keep your application data and the corresponding documents for another 3 months and then delete or destroy any copies if we have not concluded an employment contract with you.

Should we include your data in our applicant pool, we will notify you accordingly. In the notification you can actively consent to the further storage of your documents. To do this, you provide the following declaration of consent:

Dear applicant,

….. (general rejection letter)

However, we would like to store your application documents in our talent pool for a further 12 months so that we can contact you for a position of interest to you. After the end of the
the 12 months your documents will then be permanently deleted.

If you agree, please reply to this letter with your consent.
Your application documents will then be stored in our talent pool. You can revoke your consent at any time to the contact data mentioned in this letter , with the consequence that your documents will be deleted immediately.

If you do not want to be included in the talent pool, you can ignore this letter. Your application documents will then be deleted within the next 3 months. …

If you consent, your personal data will be used for the implementation of your declaration of consent in accordance with Art. 6 para. 1 (a) of the GDPR for a further 12 months and finally deleted after expiry of the 12 months.

11. Insolvency Proceedings

11.1. Disclosure of Data in Insolvency Proceedings

We disclose data on insolvency proceedings at https://insoweb.pluta.net/cgi-bin/start.cgi. This data is publicly accessible (cf. www.insolvenzbekanntmachungen.de).

  • Information on the creditor
    • Name (first name, surname)
    • Address
    • Industry
    • Financial circumstances
    • Time details (date)
  • Information on the administrators and the members of their teams
    • Name (first name, surname)
    • Function, job title
    • Business contact details (e.g. telephone number, email address)
    • Business address
  • Information on the staff of public entities mentioned in the orders issued by the insolvency court

The data will be disclosed based on the legitimate interests of the person / entity responsible and a third party (creditor) pursuant to Article 6, para. 1, item f of the European Union’s General Data Protection Regulation (GDPR), for the following purposes:

  • Workflow management, internal administration: structured implementation of the entire enforcement proceedings so as to meet legal requirements (e.g. serving the insolvency court’s orders on the creditors pursuant to section 8, subs. 3 of the German Insolvency Code (InsO))
  • Communication and data exchange
  • Creditor / debtor management

A special search function for several search terms has been established to attenuate any threats to the data subject’s interests meriting protection:

  • The data cannot be found using conventional search engines (such as Google) as the website has not been registered for this
  • The website users must enter the name (for private individuals: the first name and surname) or the file reference so that the search results will be presented to them

The data on insolvency proceedings will only be disclosed during the time in which this data is publicly accessible and will then be erased from the website within the periods granted for erasing by section 3 of the German Regulation on Public Internet Announcements in Insolvency Proceedings (InsoBekV).

11.2. Access to Proceedings for Creditors – Filing Claims

If you are a creditor, you may file your claims in the insolvency proceedings concerned at https://insoweb.pluta.net/. You can access the online form by clicking on “Filing Claims” in the top right-hand area of this web page. In this context, we need the following information:

  • Information on the creditor
    • Name / company name (mandatory information)
    • Name of the managing director / general partner (optional information)
    • File reference for creditors (optional information)
    • Name of the filing person (mandatory information)
    • Name of the person to contact (mandatory information)
    • Address (mandatory information)
    • Email address (optional information)
    • Telephone number (mandatory information)
    • Fax number (optional information)
    • Bank (optional information)
    • Account holder (optional information)
    • IBAN (optional information)
    • BIC (optional information)
    • Main claim in EUR (mandatory information)
    • Subject matter of the claim (mandatory information)
    • Amount of interest
    • Rate of interest
    • Basis for interest calculation
    • Costs
    • Reason for incurring the costs
    • Sum total (mandatory information)
    • Acc. to inv. / judgment (mandatory information)
    • Remark (optional information)
    • Indicate whether separate satisfaction is claimed with claim filed simultaneously in event of nonsatisfaction (optional information)
    • Claim justification (optional information)
    • Detailed statement of grounds – Yes / No (mandatory information)

Yes / No statement relating to claims based on intentional tort, on arrears of mandatory maintenance which the debtor intentionally failed to pay despite being obliged to do so, or on a debtor-creditor relationship if the debtor was convicted in this context by final judgment for a tax crime pursuant to sections 370, 373 or 374 of the German Fiscal Code (Abgabenordnung) (section 302 no. 1 InsO).

  • Information on the creditor’s representative
    • Name / company name (optional information)
    • Addition (optional information)
    • File reference for creditor’s representatives
    • Address (optional information)
    • Telephone number (optional information)
    • Fax number (optional information)
    • Power of attorney sent by mail (mandatory information)
    • Bank (optional information)
    • Account holder (optional information)
    • IBAN (optional information)
    • BIC (optional information)

You may also fill in and print out the Word form at https://www.pluta.net/forderungsanmeldung.html#downloads and send it to us by fax or mail.

We will use the data you disclose to us via the web form or the Word form for the following purposes in accordance with Article 6, para. 1, items c and f of the GDPR:

  • Meeting legal requirements: serving the insolvency court’s orders on the creditors pursuant to section 8, subs. 3 of the InsO, satisfaction of the creditors from the insolvency estate pursuant to section 38 of the InsO
  • Workflow management, internal administration: structured processing of the claims filed and of the entire enforcement proceedings
  • Communication and data exchange
  • Creditor / debtor management

The data will be stored for the time required to process it for the purposes mentioned above or until the end of any subsequent periods of statutory retention.

11.3. Creditors’ Access to Proceedings – Additional Information for Creditors

If you are a creditor, you may obtain additional information concerning the individual insolvency proceedings by clicking on “Additional Information for Creditors” in the top right-hand area of the page https://insoweb.pluta.net/cgi-bin/start.cgi. In this way, you my check whether the claims you filed have been recognised or denied in the verification meeting. In this context, we need the following information:

  • Creditor’s name (as stated when filing the claims)
  • Amount originally claimed (mandatory information)

Once you have entered this data you may retrieve the following information:

  • Information on the debtor
    • Name (first name, surname)
    • Address
    • Industry
    • Financial circumstances
    • Time details (date)
  • Information on the creditor
    • Name / company name (mandatory information)
    • Name of the managing director / general partner (optional information)
    • Address (mandatory information)
    • Data disclosed when filing the claims
    • Status of claim verification and determination
  • Information on the administrator and case handlers
    • Name (first name, surname)
    • Function, job title
    • Business contact details (e.g. telephone number, email address)
    • Business address
  • Information on the staff of public entities mentioned in the orders issued by the insolvency court
  • Documents relating to the proceedings (court orders)

The data will be disclosed based on the legitimate interests of the person / entity responsible pursuant to Article 6, para. 1, item f of the GDPR, for the following purposes:

  • Workflow management, internal administration: structured implementation of the entire enforcement proceedings so as to meet legal requirements (e.g. serving the insolvency court’s orders on the creditors pursuant to section 8, subs. 3 of the German Insolvency Code (InsO), satisfaction of the creditors from the insolvency estate pursuant to section 38 of the InsO)
  • Communication and data exchange
  • Creditor / debtor management

A special search function for several search terms has been established to attenuate any threats to the data subject’s interests meriting protection:

  • The data cannot be found using conventional search engines (such as Google) as the website has not been registered for this
  • The website users must enter the name / company name stated when filing their claims as well as the amount originally claimed so that the search results will be presented to them

After entering incorrect details two times in succession, the search function will be blocked for 1 hour.

The data will be stored for the time required to process it for the purposes mentioned above or until the end of any subsequent periods of statutory retention.

11.4. Insolvency Courts’ Access to Proceedings

If you are a member of staff of an insolvency court, you may obtain detailed information concerning the individual insolvency proceedings at https://insoweb.pluta.net/cgi-bin/gericht.cgi:

In this context, we need the following information:

  • User name (mandatory information)
  • Password (mandatory information)

Once you have entered this data you may retrieve the following information:

  • Statistical data on the court’s proceedings involving PLUTA
  • Information on creditors
    • Name (first name, surname)
    • Address
    • Industry
    • Time details (date)
  • Information on the insolvency schedule:
    • Creditor’s name
    • Verification meetings
    • Claims subject to verification (amounts claimed, recognised, in the event of nonsatisfaction, denied, result of verification, adjustments)
  • Information on the administrator and case handlers
    • Name (first name, surname)
    • Function, job title
    • Business contact details (e.g. telephone number, email address)
    • Business address
  • Information on the staff of public entities mentioned in the orders issued by the insolvency court
  • Time details relating to the proceedings (dates)
  • Additional information on the proceedings
  • Status of proceedings based on the tasks accomplished by the administrator
  • Documents relating to the proceedings (orders and reports)
  • Current balance of escrow accounts

The data will be processed to meet legal requirements and based on the legitimate interests of the person / entity responsible and a third party (insolvency court) pursuant to Article 6, para. 1, items c and f of the GDPR, for the following purposes:

  • Workflow management: structured implementation of the entire enforcement proceedings so as to meet legal requirements (e.g. serving the insolvency court’s orders on the creditors pursuant to section 8, subs. 3 of the German Insolvency Code (InsO), satisfaction of the creditors from the insolvency estate pursuant to section 38 of the InsO)
  • Communication and data exchange
  • Creditor / debtor management

The data will be stored for the time required to process it for the purposes mentioned above or until the end of any subsequent periods of statutory retention.

12. Data processing and use for external presentation and advertising purposes

We also use your data as described in more detail below for the purposes of external presentation and advertising pursuant to Art. 6 para. 1 (a) and (f) GDPR.

12.1. Registration for upcoming events

You can register for events that we organise at https://www.pluta.net/plutaevents.html . For this we need the following information from you:

  • Code (so-called invitation code, mandatory field)

For the purpose of event management (e.g. sending invitations, admission control), we require the following additional information depending on the form and type of event: salutation, title, first/last name, company affiliation, possibly also postal address.
The legal basis is Art. 6 para. 1 (a) and (f) GDPR. This data is stored as long as its processing is necessary for these purposes or until the expiry of any subsequent retention periods.

12.2. Review of past events

You can find out about past events in which you have participated at https://www.pluta.net/plutaevents.html . For this we need the following information from you:

  • Code (required)

No further data processing takes place.

12.3. Press Materials

At https://www.pluta.net/presse/pressematerial.html information is made available for press purposes.

If you contact us for further press material, we collect and process personal data (name, function / job title, company affiliation, company address, company contact data) from you in this context. The personal data provided to us by you will be used exclusively for the purpose of communication and data exchange in accordance with Art. 6 para. 1 (a) and (f) of the GDPR. This data is stored as long as its processing is necessary for these purposes or until the expiry of any subsequent retention periods.

12.4. Postal advertising

To the extent permitted by law, we may also use your name and the postal address known to us to send you advertising for our own offers. The legal basis is Art. 6 para. 1 (f) in conjunction with Recital 47 of the GDPR. Our legitimate interest is to promote sales or demand from our existing customers. Of course, you can object to the processing of your data for advertising purposes at any time in the future. A message in text form to the above-mentioned contact data is sufficient. We will then delete your data from our mailing list. The data proving your objection will subsequently be kept for another 6 years in accordance with Art. 17 para. 3 (b), (e) of the GDPR. During this period, however, your personal data will be blocked for further processing.

12.5. Telemarketing

To the extent permitted by law, we may also use your name, company affiliation and telephone number provided for business customers to inform you about our own offers, assuming your presumed interest. The legal basis is Art. 6 para. 1 (f) in conjunction with Recital 47 of the GDPR, Art 7 para. 2 No. 2 UWG (Unfair Competition Act). Our legitimate interest is to promote sales or demand from our existing customers. Of course, you can object to the processing of your data for advertising purposes at any time in the future. A message in text form to the above-mentioned contact data is sufficient. We will then delete your data from our mailing list. The data proving your objection will subsequently be kept for another 6 years in accordance with Art. 17 para. 3 (b), (e) of the GDPR. During this period, however, your personal data will be blocked for further processing.

12.6. Marketing Program

At your express request, we will send you information on industry topics, news from PLUTA projects and processes or invitations to lectures and network events, provided you register at https://pluta.events/pluta-marketing-programm/ . For this purpose, we request the following data:

  • Your email (required)
  • Salutation (optional)
  • Title (optional)
  • Names (optional)

PLUTA Rechtsanwalts GmbH and PLUTA Management GmbH, Barthstrasse 16, 80339 Munich, are jointly responsible for data processing (Tel. +49 89 858963-3, email: management@pluta.net). The legal basis for the processing of this personal data is Art. 6 para. 1 (a) of the GDPR. Please note that delivery can only take place after you have expressly confirmed your subscription request again within the scope of our double opt-in procedure: to confirm your email address and your consent, you will receive a separate email after sending the registration form (confirmation email). We will not register your consent until you have confirmed the activation link contained in this email. Otherwise your data provided via the registration form will be deleted after 2 weeks. By confirming your registration under this activation link, you agree that we may send you, as the owner of this email address, information on industry topics, news from PLUTA projects and procedures or invitations to lectures and network events.

Your email address collected during registration and any other personal data you voluntarily provide will be used exclusively for the purpose of sending and personalising our letters as part of the PLUTA Marketing Program with the contents listed above. You can revoke your consent to the use of your data for sending the above information at any time with effect for the future, by clicking the unsubscribe link at the end of each advertising email or by notification in text form to the above contact data. Furthermore, you always have the right to object to the use of your data for the purpose of direct advertising with effect for the future pursuant to Art. 21 para. 2 GDPR. If you withdraw your consent or revoke the use of your data for the purpose of direct advertising, we will delete your data from our mailing list so that no more marketing information will be sent to you. The data records that prove your consent, as well as the revocation of your consent, will then be kept in accordance with Art.17 para. 3 (b) and (e) of the GDPR, for another 6 years. During this period, however, your personal data will be blocked for further processing.

12.7. Profiling (cookies and web tracking procedures)

12.7.1. Basic information on cookies and opt-out options

We use so-called cookies in some areas of our website, e.g. to recognise the preferences of visitors and to be able to design the website accordingly. They make navigation easier and offer a high degree of user-friendliness on a website. Cookies also help us to identify particularly popular areas of our website. Cookies are small files that are stored on a visitor's hard drive. They allow information to be stored for a certain period of time and to identify the visitor's computer. For better user guidance and individual service presentation, we use permanent cookies.

We also use session cookies, which are automatically deleted when you close your browser. You can set your browser to notify you before a cookie is saved. This will make their use apparent to you. This is done to verify the authorisation of actions and the authentication of the requesting user of our services. The legal basis is Art. 6 para. 1 (c) in connection with Art. 32 GDPR and Art. 6 para. 1 (f) GDPR. Our legitimate interest is to secure our web server, for example to defend ourselves against attacks, and to ensure the functionality of our services.

We only set non-technically necessary cookies after your express consent, Art. 6 Para. 1 (a) GDPR, which you can of course revoke at any time.

As part of our cookie information on our website, you have agreed to the following statement in this regard:

this website uses cookies and analysis software to provide you with the full functionality of our website and thus a better online experience. For more information about the cookies and web tracking methods we use, please see our Privacy Policy. However, the cookies of the analysis software are only activated after you have given us your consent. We therefore ask you to give us your consent for this data processing by clicking on the "I agree" button.

If you completely exclude the use of cookies, you cannot use certain functions of our website - including the possibility of cookie-based opt-out from tracking. Please allow the opt-out cookies of those services for which you wish to prevent tracking.

Please also note that deleting all cookies will also delete opt-out cookies. You may therefore have to reset them. Cookies are also browser-bundled, i.e. they must be set separately for each browser you use on each device you use. You will find the necessary links in the description of the respective service below.

The following cookies are used by us - if you allow this and have not set one or more opt-out cookies - for a more detailed purpose:

The name of the cookie

Intended Use

Storage Duration

Technically Necessary

Possibility of revocation of consent

_gat_UA-*

This cookie is used by Google Analytics to control the frequency of requests.

1 day

no

See below

_gid

This cookie is used by Google Analytics to distinguish between users.

1 day

no

See below

_ga

This cookie is used by Google Analytics to distinguish between users.

2 years

no

See below

PHPSESSID

This session cookie is used internally to protect forms.

Session expiry

yes

-

12.7.2. Google Analytics

This website uses Google Analytics, a web analytics service provided by Google Inc. ("Google"). Google Analytics uses so-called "cookies", text files stored on your computer which enable your website use to be analysed. Cookie-generated information about your use of this website is usually transmitted to and stored on a Google server in the USA. However, if IP anonymisation is activated on this website, your IP address will be truncated by Google within the member states of the European Union or in other countries that are contracting parties to the Agreement in the European Economic Area. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and truncated there. On our behalf, Google will use this information for the purpose of evaluating your use of the website, for compiling reports on website activity, and for providing us other services relating to website activity and internet usage. The IP address that your browser transmits within the scope of Google Analytics will not be associated with any other data held by Google.

You may refuse the use of cookies by selecting the appropriate settings on your browser. However, please be advised that if you opt out of using cookies, you may not be able to use all the features of this website. You can additionally prevent the collection of data produced by the cookie and associated with your use of the website (including your IP address), its transmission to, and its processing by Google, by downloading and installing the browser plugin available at the following link: The current link is: https://tools.google.com/dlpage/gaoptout?hl=de.

Receiver of the data: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA

Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active

12.2.3. Google Tag Manager

The Google Tag Manager is a product of Google LLC ("Google"), 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, which enables us to manage website tags of applications such as Google Analytics via one interface. The Tag Manager is a cookie-less domain and does not collect any personal data.

13. Data security

We maintain various security measures within the meaning of Art. 32 GDPR (technical and organisational measures) to protect your personal data.

For the secure transmission of the data you send us, we offer you SSL/TLS encryption with the current TLS v1.2 encryption protocol on our website. We would like to point out that the comprehensive encryption of the transmission path also depends on your Internet browser. We therefore recommend that you keep your Internet browser up to date, so that encryption according to TLS v1.2 is automatically established when you visit our website.

Should you want to contact us by email, we would like to advise you that the confidentiality of the information cannot be guaranteed. The content of emails may be viewed by third parties. We therefore recommend that you send us confidential information by post or via https-encrypted contact form.

14. Information pursuant to Articles 13 and 14 GDPR

We hereby inform you in accordance with Article 13, 14 GDPR about the processing of personal data which we collect directly from you or which we receive in connection with the insolvency proceedings.

14.1. Identity of the controller

The (provisional) insolvency administrator (hereinafter referred to as “The Insolvency Administrator”) appointed by the competent local court (Amtsgericht) – insolvency court – in the insolvency (opening) proceedings concerned (hereinafter referred to as “The Insolvency Proceedings”) is responsible for the processing of your personal data. The personal details and contact details of the Insolvency Administrator can be found in the court order opening the insolvency proceedings.

14.2. Contact details / data protection

Should you have any question concerning data protection, please contact us by sending an e-mail to datenschutz@pluta.net.

14.3. Purpose of processing and legal basis, type and source of data

14.3.1. Parties (e.g. creditors, third-party debtors, other parties) to and representatives in Insolvency Proceedings:

Pursuant to points c) and e) of Article 6(1) GDPR, data processing is necessary for compliance with a legal obligation to which the Insolvency Administrator is subject and for the purpose of safeguarding the Insolvency Administrator’s legitimate interests. These interests arise from the legal tasks to be fulfilled by the Insolvency Administrator.

In particular, the data will be processed for the purpose of

  • identifying your personal details as a party (e.g. creditor, third-party debtor, other party) to or as a representative in Insolvency Proceedings,
  • fulfilling judicial and legal tasks,
  • communicating with you,
  • pursuing claims,
  • registering and verifying the claims filed by you,
  • preparing and updating the insolvency schedule (section 175 of the German Insolvency Code (InsO)),
  • disbursing the funds that may be available for satisfying the creditors (section 187 InsO).

In particular, the following personal data or categories of data, will be collected from you and processed: name, gender, address and contact details, including fax number and e-mail address, data concerning the reason and amount of your claims or liabilities (contract data, invoice data), bank details, finance and tax data, insurance data, information on financial circumstances or assets, information on pending lawsuits, data of special categories (if necessary for conducting the proceedings).

Source of data: If you receive a letter from the Insolvency Administrator in which you are informed of decisions ordering preservation measures or of the opening of insolvency proceedings, then the Insolvency Administrator will have collected the personal data involved from the debtor on the basis of the debtor’s statutory duties to provide information or will have determined this data in personal investigations (e.g. public registers, Internet, etc.). In addition, we also collect and process the personal data included in the information provided by you, e.g. when filing your claims. You are not subject to any statutory or contractual obligation to provide data. However, if you don’t provide us with your data, it is not possible for us to add your claims to the insolvency schedule, which means that you will not be allowed to participate in the insolvency proceedings. If your data is incomplete, this could lead to your claims not being recognised, although they were included into the insolvency schedule.

14.3.2. Interested parties

Pursuant to points b) of Article 6(1) GDPR, data processing is necessary for the performance of a contract, for the implementation of pre-contractual measures or for the fulfilment of the Insolvency Administrator’s tasks. Moreover, your data will be processed if this is requested by you or is necessary with regard to the legitimate interests for the purposes mentioned above, pursuant to point f) of Article 6(1) GDPR. These interests arise from the legal tasks to be fulfilled by the Insolvency Administrator.

In particular, the data will be processed for the purpose of

  • identifying your personal details as an interested party or other party to (or as a representative in) Insolvency Proceedings,
  • communicating with you,
  • processing the expression of interest and the transactions associated with this (sale of assets or parts of the company),
  • preparing and examining purchase agreements,
  • performing agreements based on the interest expressed,
  • financial accounting,
  • pursuing claims.

In particular, the following personal data, or categories of personal data, will be collected from you and processed: name, gender, address and contact details, including fax number and e-mail address, data concerning the reason and amount of your claims or liabilities (contract data, invoice data), bank details, finance and tax data, insurance data, information on financial circumstances or assets (e.g. credit reports).

Source of data: We collect and process your personal data included in the information provided by you when contacting and communicating with us. If you are contacted by the Insolvency Administrator, then the latter will have collected your personal data from the debtor on the basis of the debtor’s statutory duties to provide information or will have determined this data in personal investigations (e.g. public registers, Internet, etc.). You are not subject to any statutory or contractual obligation to provide data. However, if you don’t provide us with your data, it will not be possible for us to negotiate a contract.

14.3.3. Debtors

Pursuant to points c) and e) of Article 6(1) GDPR, data processing is necessary for compliance with a legal obligation to which the Insolvency Administrator is subject and for the purpose of safeguarding the Insolvency Administrator’s legitimate interests. These interests arise from the legal tasks to be fulfilled by the Insolvency Administrator.

In particular, the data will be processed for the purpose of

  • identifying your personal details as a debtor (or as a representative/ officer of a debtor) in Insolvency Proceedings,
  • fulfilling judicial and legal tasks,
  • conducting the insolvency proceedings/ monitoring compliance with obligations by you,
  • communicating with you,
  • pursuing claims,
  • preparing and updating the insolvency schedule (section 175 of the German Insolvency Code (InsO)),
  • examining and asserting legal claims and defending them in the event of legal disputes,
  • determining addresses (e.g. in the event of relocation).

In particular, the following personal data will be collected from you and processed: name, gender, address and contact details, including fax number and e-mail address, data concerning the reason and amount of your claims or liabilities (contract data, invoice data), bank details, finance and tax data, insurance data, information on financial circumstances or assets, information on pending lawsuits, data of special categories (if necessary for conducting the proceedings, e.g. health data).

Source of data: The data will be collected based on the information provided by you (e.g. in the insolvency application/ consultation form) or on other investigations (Internet, public sources, etc.), including from third parties, such as banks, landlords, employers, service providers, etc., that have a business relation with you.

14.4. Passing on data to a third party

Your data will be transmitted to the insolvency court having jurisdiction and will be available for inspection by the parties (cf. section 154 InsO). In addition, your data may be transmitted to recipients of the following categories if this is necessary for the purpose of completing the Insolvency Proceedings: tax offices, tax consultants, attorneys or service providers, with whom a processing agreement was entered into pursuant to Article 28 GDPR. Moreover, your data will be processed by members of the Insolvency Administrator’s staff, who are responsible for this and are under a duty to maintain confidentiality.

14.5. Period of storage

14.5.1. Parties and debtors

Your personal data will be stored and processed for the time required to fulfil the Insolvency Administrator’s legal obligations. Your data will be deleted once the Insolvency Proceedings have been completed or the period subject to specific conditions to be met by the debtor has expired, unless the data has to be further processed for a limited period of time to meet statutory safekeeping obligations or for the purpose of documentation and verification under applicable limitation requirements. This means that, generally, we will delete the data 10 years after the Insolvency Proceedings have been completed and the period set for the discharge of residual debt has expired.

14.5.2. Interested parties

Your personal data that was collected by the Insolvency Administrator on the basis of an expression of interest by you will be stored until the purpose (revocation of the intention to buy, sale of the assets concerned, performance of a contract) has been met, and will then be deleted, unless the Insolvency Administrator is required to store the data for a longer period of time pursuant to point c) of Article 6(1) GDPR, in particular due to safekeeping and documentation obligations under tax law, commercial law and/or insolvency law, or if you have consented to your data being stored for an additional period of time pursuant to point a) of Article 6(1) GDPR.

14.6. Your rights

If your personal data is processed on the basis of legitimate interests pursuant to point f) of Article 6(1) GDPR, you are entitled to object to the data being processed, according to Article 21 GDPR, provided that there are grounds for objection that relate to your particular situation
You are entitled to request information about your personal data stored by us at any time (Article 15 GDPR). Moreover, you can request that incorrect data concerning you be rectified (Article 16 GDPR). If the legal prerequisites are met, you are also entitled to request that your data be deleted or that the processing of your data be restricted, pursuant to Articles 17 to 21 GDPR.

14.7. Objection

If your personal data is processed on the basis of legitimate interests pursuant to point f) of Article 6(1) GDPR, you are entitled to object to the data being processed, according to Article 21 GDPR, provided that there are grounds for objection that relate to your particular situation.

14.8. Right to lodge a complaint with a supervisory authority

You are entitled to lodge a complaint with a supervisory authority if you think that your personal data is not processed in line with requirements. You can find further information about this in our data privacy statement (7.5.) available on our website. You can, however, also send an informal e-mail to datenschutz@pluta.net.

14.9. Supplementary information for employees

If you are or were a member of staff of a debtor in Insolvency Proceedings, the above information is supplemented as follows with regard to your still existing or already terminated employer-employee relationship:

In particular, the following personal data, or categories of data, will be collected from you and processed: contract data, master data and accounting data (contact details including telephone number and e-mail address, date of birth, task area, personnel number, date of joining/leaving the company, salary payments, marital status, (income) tax and social security data, bank details, assets entrusted to you, religion, nationality, health data, information on your performance and conduct), working hours, periods of leave and absence, employee assessments, data on (physical) access, application data such as your professional history, training and qualification.

Purpose of processing and legal basis: The data will be processed pursuant to Article 88 GDPR in conjunction with section 26 of the Federal Data Protection Act (BDSG) for the purpose of performing or terminating the employer-employee relationship with you (e.g. for (subsequent) payroll accounting, wage and salary payments, absence management, preparation of certificates of employment, work references or, if necessary, a social plan). Moreover, pursuant to point b) of Article 6(1) GDPR, your data will be processed if this is necessary for the Insolvency Administrator to comply with legal requirements with regard to your employer-employee relationship. For example, these include requirements under social security and tax law such as the preparation of certificates concerning insolvency substitute benefits or the transmission of data to the public offices concerned. Should you have permitted the debtor to process your data for specific purposes, this permission will continue to apply to your relationship with the employer after the Insolvency Proceedings were opened, if the employer-employee relationship still exists. In this case, your data will be processed pursuant to point a) of Article 6(1) GDPR. If personal data of special categories is processed, this processing will be carried out pursuant to point b) of Article 9(1) GDPR to meet the requirements under labour law and social security law (e.g. processing of information concerning your religion for the purpose of church tax payment).

Source of data: Your personal data was collected from the debtor or directly from you. From the time the Insolvency Proceedings were opened, the Insolvency Administrator will be authorised to manage the personal files.

Recipients: Beyond the recipients mentioned above, your data will be transmitted to recipients of the following categories: social security provider, job centre.

15. Information on data protection for participants of Pluta events (as of 10 February 2019)

15.1. Identity of the data controller:

PLUTA Rechtsanwalts GmbH
Karlstr. 33, 89073 Ulm, Germany
Telephone: +49 731 96880-0

In joint responsibility with:

PLUTA Management GmbH
Barthstr. 16, 80339 München, Germany
Telephone: +49 89 244133370

15.2. For questions or complaints concerning data protection, please send an email to:

datenschutz@pluta.net

15.3. Purpose of processing and legal basis:

We need your data to be able to provide you with information about our events and organisational details.

Processing the data serves the purpose of establishing, performing and terminating a contractual relationship pursuant to point b) of Article 6(1) of the General Data Protection Regulation (GDPR).

The information will be provided on the basis of legitimate interests pursuant to point f) of Article 6(1) GDPR. We consider that legitimate interests exist in that you would like to receive information about us and we would like to remain in contact with you.

Email transmission will take place after consent has been given pursuant to point a) of Article 6(1) GDPR.

15.4. Passing on personal data:

Your data will not be passed on to other recipients outside of the PLUTA Group.

In the case of advanced training courses, lists of participants will be compiled and made available to the course leader. However, this only serves the purpose of documenting course attendance.

Nor will your data be passed on to a third-party country or an international organisation.

15.5. Period of storage:

Generally, your data will be stored for a period of 6 years.

You can withdraw your consent to email transmission or object to being provided with other information at any time. In this case, the data will be deleted immediately.

15.6. Your rights / lodging a complaint with a supervisory authority:

The information on your rights and on the possibility to lodge a complaint with a supervisory authority are given in our (general) data privacy statement, in item 7.

16. Corporate presence (‘fan pages’) in social networks

16.1 Social network: https://de.linkedin.com/

Please note that LinkedIn is just one of a number of different ways of getting in touch with us or receiving information from us. The information provided via our LinkedIn account may also be accessed, for example, on our website at https://pluta.net.

Controller with whom our LinkedIn account (‘fan page’) is jointly operated (‘platform operator’):

LinkedIn Corporation, 1000 W. Maude Avenue Sunnyvale, CA 94085, USA

Controller for processing the data of persons living in the European Union (EU), the European Economic Area (EEA) and in Switzerland:
LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland

An agreement between the joint controllers as per Art. 26(1) GDPR determines who is responsible for compliance with which obligations under the GDPR

The platform operator will make the main contents of this agreement available to the data subjects: not currently available

16.1.1 Data privacy contact information:

Data privacy contact information can be found in our privacy statement to which there is a link here.
The platform operator’s data protection officer can be contacted via the online form https://www.linkedin.com/help/linkedin/ask/TSO-DPO or at the following address:
Jonathan Adams
Senior Privacy Counsel
LinkedIn Corporation
Legal Department - Privacy
1000 W. Maude Ave.
Sunnyvale, California 94085

16.1.2 Categories of data subjects:

Visitors to our fan page who are registered with the social network and those that are not registered.
Data subjects are hereby notified that they are responsible for their own use of LinkedIn and its functions. This applies, in particular, to the use of interactive functions (e.g. sharing, rating).

16.1.3 Categories of personal data:

Data which we process from registered visitors to our fan page:

User ID or user name with which the data subjects registered, released profile data (name, email address, telephone number), ProFinder profile data, education, professional experience, salary expectations, photos, location data, skills and certification, professional achievements (e.g. granting of a patent, professional recognition, projects), if applicable particular categories of personal data such as religious affiliation, health data etc., data arising from content sharing, exchanging messages and communication, data necessary as part of initiating and processing a contract requested by the registered user, any other freely available data or content published, made available, circulated, posted or uploaded by the data subjects on LinkedIn or via their LinkedIn account.
We otherwise process only pseudonymised data such as statistics and insights about how interaction occurs with posts, pages, videos and other content made available on our fan page (page activity, page views, “likes” data, reach, general demographics, location-related and interest-related data by age, gender, state, city, language). We are unable ourselves to match the pseudonymised data with the corresponding identifying features (e.g. name). This means we are unable to identify individual visitors who therefore remain anonymous to us.

Data which we process from non-registered visitors to our fan page:

Pseudonymised data such as statistics and insights about how interaction occurs with posts, pages, videos and other content made available on our fan page (page activity, page views, “likes” data, reach, general demographics, location-related and interest-related data by age, gender, state, city, language).
We are unable ourselves to match the pseudonymised data with the corresponding identifying features (e.g. name). This means we are unable to identify individual visitors who therefore remain anonymous to us. We do not have a LinkedIn button integrated either as a link or a plugin, on our website https://www.pluta.net. Our web site visitors’ data is therefore not transferred to the platform operator.
The following link gives details of the data which the platform operator processes concerning registered and non-registered visitors to our fan page:
https://www.linkedin.com/legal/privacy-policy
The platform operator may use various tools for analysis purposes.
We have no influence over the use of such tools by the platform operator and have not been informed about any such potential use. If tools of this type are used by the platform operator for our fan page, we have neither commissioned, condoned them, or otherwise in any way supported their use. Moreover, the data acquired from the analysis will not be made available to us. In addition, we are unable to prevent the use of such tools on our fan page, to turn them off or otherwise effectively control their use.

Source of the data

We receive data either directly from the data subjects or from the platform operator.
The link below provides details regarding where the platform operator obtains data subjects’ information: https://www.linkedin.com/legal/privacy-policy
We have no influence and are unable to effectively monitor whether the collection of data by the platform operator is lawful.

Legal basis of data processing

We process data on the following legal basis:

  • Art. 6(1) item a) GDPR: consent of the data subjects
  • where applicable Art. 6(1) item b) GDPR: performance of a contract with the data subjects or implementation of pre-contractual measures at the request of the data subjects
  • Art. 6(1) item f) GDPR: legitimate interest
  • Simplification of the communication and the exchange of data, by using the fan page to usefully supplement the existing communication channels, such as web presence, press releases, print media and events
  • Promoting sales of our products and services or driving demand and recruitment in a transparent manner and regular contributions to optimise our fan page

We process special categories of personal data, if at all, only on the following legal basis:

  • Art. 9(2) item a) GDPR: consent of the data subject
  • Art. 9(2) item e) GDPR: the data subject has manifestly made the personal data public

The legal basis for the processing of the data by the platform operator can be found using the following link:
https://www.linkedin.com/legal/privacy-policy
We have no influence and are unable to effectively monitor whether the processing of data by the platform operator is lawful.

Purposes of data processing

We process data for the following purposes:

  • Public image and advertising
  • Communication and data exchange
  • Event management
  • Where applicable, contract initiation and processing
  • Talent management

Information regarding the purposes for the processing of the data by the platform operator can be found using the following link: https://www.linkedin.com/legal/privacy-policy
We have no influence over the purposes for which the platform operator actually uses the data. We also, in this respect, have no effective methods for controlling this.

16.1.4 Storage period

The storage and deletion of data is the responsibility of the platform operator. Information regarding this can be found using the following link: https://www.linkedin.com/legal/privacy-policy
We have no influence over how the platform operator determines legal deletion deadlines or over how this data is deleted. We also, in this respect, have no effective methods for controlling this.

16.1.5 Categories of recipients

Only our employees and service providers that maintain our fan page and require data for the purposes referred to above have access to data we process. If data subjects post their data publicly on our fan page it can be accessed by other registered and, if applicable, non-registered users.
The categories of recipients to whom the platform operator discloses data or enables registered users to disclose their data to, and information about internal corporate data exchange can be found using the following link: https://www.linkedin.com/legal/privacy-policy
We have no influence over the disclosure of data to individual recipients (or recipient categories) by the platform operator. We also, in this respect, have no effective methods for controlling this.

16.1.6 Data transfer to third-party countries

If data subjects post their data publicly on our fan page it can be accessed worldwide by other registered and, if applicable, non-registered users.
In the course of the operation of our fan page, the data will be processed by the LinkedIn Corporation. The related transfer of data to the USA as a third-party country without a sufficient level of data privacy protection is safeguarded by the LinkedIn Corporation’s EU-US Privacy Shield certification:
https://www.privacyshield.gov/participant?id=a2zt0000000L0UZAA0&status=Active

Regardless of where the data subject resides, the platform operator will transfer data to the United States, Ireland and any other country where the platform operator does business, store it there and process it in other ways.
Data transfers to third-party countries related to this are safeguarded by a European Commission adequacy decision as per Art. 45 GDPR or through appropriate safeguards as per Art. 46 GDPR:
https://www.linkedin.com/legal/privacy-policy
https://www.linkedin.com/help/linkedin/answer/62533?trk=microsites-frontend_legal_privacy-policy&lang=de
https://privacy.linkedin.com/de-de/dsgvo
We have no influence over data transfers to third-party countries undertaken by the platform operator. We also, in this respect, have no effective methods for controlling this.

16.1.7 Logic involved and scope of profiling and/or automated individual decisions based on the collected data

If the data subjects are tracked through the collection of their data, whether through the use of cookies or comparable techniques, or by storing of IP addresses, the platform operator must inform them of this. Information regarding this can be found using the following links:
https://www.linkedin.com/legal/privacy-policy
https://www.linkedin.com/legal/cookie-policy
https://www.linkedin.com/help/linkedin/answer/3566?trk=microsites-frontend_legal_privacy-policy&lang=de
https://www.linkedin.com/help/linkedin/answer/68763?trk=microsites-frontend_legal_privacy-policy&lang=de
The platform operator may use various tools for analysis purposes.
We have no influence over the use of such tools by the platform operator and have not been informed about any such potential use. If tools of this type are used by the platform operator for our fan page, we have neither commissioned, condoned them, or otherwise in any way supported their use. Moreover, the data acquired from the analysis will not be made available to us. In addition, we are unable to prevent the use of such tools on our fan page, to turn them off or otherwise effectively control their use.

16.1.8 Rights of the data subjects

The joint controllers must grant the data subjects concerned different rights with regard to the processing of their data, which the data subjects may assert directly against the platform operator:

In certain circumstances, as per Art. 15 to Art. 18 GDPR, the data subjects have the right to access, rectification or erasure of their personal data or the right to restrict data processing by the controller. Data subjects also have the right to withdraw any consent they have given to the processing of their personal data at any time with effect for the future (Art. 7(3) GDPR). They can also object (Art. 21(1) GDPR) to the further processing of their data based solely on the legitimate interests of the controller as per Art. 6(1) item f) GDPR, if there are compelling legitimate interests in the exclusion of the data processing in view of their particular personal situation and if the controller has no compelling legitimate grounds for continuing the processing of the data. If personal data is processed for direct marketing purposes, the data subjects have the right to object to this processing at any time with effect for the future (Art. 21(2) GDPR). If data is processed with the consent of the data subjects in accordance with Art. 6(1) item a), Art. 9(1) item a) GDPR or in accordance with Art. 6(1) item b) GDPR based on a contract with the data subjects, and is processed with the aid of automated systems, the data subjects can, in accordance with Art. 20(1) GDPR, request to receive the personal data stored concerning them in a structured, commonly used and machine-readable format and to have this data transmitted to a third party designated by the data subjects.
In principle, data subjects have the right not to be subjected to a decision based solely on automated individual decision making in accordance with Art. 22(1) GDPR. If such an automated individual decision is permitted in accordance with Art. 22(2) items a) to c) GDPR, the data subjects are granted the following rights in accordance with Art. 22(3) GDPR: the right to express their own point of view, the right to obtain human intervention on the part of the controller, the right to contest the automated individual decision (right of appeal).

  • Data subjects can find information about existing personalisation and data protection setting options here (with additional references):
    https://privacy.linkedin.com/de-de/faq
    https://privacy.linkedin.com/de-de/einstellungen
  • Due to the EU-US Privacy Shield agreement, the LinkedIn Corporation must grant data subjects various rights, which data subjects are then able to assert directly against the LinkedIn Corporation: privacyshield@linkedin.com
  • Further information about this social network and other social networks and how data subjects are able to protect their data, can also be found here: https://www.youngdata.de/.

Data subjects also have the right to lodge a complaint with a supervisory authority if they are of the view that the processing of their personal data violates the General Data Protection Regulation, Art. 77 GDPR. The supervisory authority responsible for the platform operator is:

Data Protection Commission
21 Fitzwilliam Square, Dublin 2
D02 RD28, Ireland
Internet address: https://www.dataprotection.ie/docs/Contact-us/b/11.htm
Internet address: http://gdprandyou.ie/contact-us/

16.2 Social network: https://www.xing.com

Please note that XING is just one of a number of different ways of getting in touch with us or receiving information from us. The information provided via our XING account may also be accessed, for example, on our website at https://pluta.net.

Controller with whom our XING account (‘fan page’) is jointly operated (‘platform operator’):

XING SE, Dammtorstraße 30, 20354 Hamburg, Germany

An agreement between the joint controllers as per Art. 26(1) GDPR determines who is responsible for compliance with which obligations under the GDPR

The platform operator will make the main contents of this agreement available to the data subjects: not currently available

16.2.1 Data privacy contact information:

Data privacy contact information can be found in our privacy statement to which there is a link here.
The platform operator’s data protection officer can be contacted via the online form https://www.xing.com/settings/privacy/data/disclosure or at the following address:
Xing SE
Dammtorstraße 30
20354 Hamburg
Germany
Tel.: +49 40 419 131-0
Fax: +49 40 419 131-11
E-Mail: info@xing.com

16.2.2 Categories of data subjects:

Visitors to our fan page who are registered with the social network and those that are not registered.
Data subjects are hereby notified that they are responsible for their own use of LinkedIn and its functions. This applies, in particular, to the use of interactive functions (e.g. sharing, rating).

16.2.3 Categories of personal data:

Data which we process from registered visitors to our fan page:

User ID or user name with which the data subjects registered, released profile data (name, email address, telephone number), ProFinder profile data, education, professional experience, salary expectations, photos, location data, skills and certification, professional achievements (e.g. granting of a patent, professional recognition, projects), if applicable particular categories of personal data such as religious affiliation, health data etc., data arising from content sharing, exchanging messages and communication, data necessary as part of initiating and processing a contract requested by the registered user, any other freely available data or content published, made available, circulated, posted or uploaded by the data subjects on LinkedIn or via their LinkedIn account.
We otherwise process only pseudonymised data such as statistics and insights about how interaction occurs with posts, pages, videos and other content made available on our fan page (page activity, page views, “likes” data, reach, general demographics, location-related and interest-related data by age, gender, state, city, language). We are unable ourselves to match the pseudonymised data with the corresponding identifying features (e.g. name). This means we are unable to identify individual visitors who therefore remain anonymous to us.

Data which we process from non-registered visitors to our fan page:

Pseudonymised data such as statistics and insights about how interaction occurs with posts, pages, videos and other content made available on our fan page (page activity, page views, “likes” data, reach, general demographics, location-related and interest-related data by age, gender, state, city, language).
We are unable ourselves to match the pseudonymised data with the corresponding identifying features (e.g. name). This means we are unable to identify individual visitors who therefore remain anonymous to us. We do not have a LinkedIn button integrated either as a link or a plugin, on our website https://www.pluta.net. Our web site visitors’ data is therefore not transferred to the platform operator.
The following link gives details of the data which the platform operator processes concerning registered and non-registered visitors to our fan page:
https://privacy.xing.com/de/datenschutzerklaerung
The platform operator may use various tools for analysis purposes.
We have no influence over the use of such tools by the platform operator and have not been informed about any such potential use. If tools of this type are used by the platform operator for our fan page, we have neither commissioned, condoned them, or otherwise in any way supported their use. Moreover, the data acquired from the analysis will not be made available to us. In addition, we are unable to prevent the use of such tools on our fan page, to turn them off or otherwise effectively control their use.

Source of the data

We receive data either directly from the data subjects or from the platform operator.
The link below provides details regarding where the platform operator obtains data subjects’ information: https://privacy.xing.com/de/datenschutzerklaerung
We have no influence and are unable to effectively monitor whether the collection of data by the platform operator is lawful.

Legal basis of data processing

We process data on the following legal basis:

  • Art. 6(1) item a) GDPR: consent of the data subjects
  • where applicable Art. 6(1) item b) GDPR: performance of a contract with the data subjects or implementation of pre-contractual measures at the request of the data subjects
  • Art. 6(1) item f) GDPR: legitimate interest
  • Simplification of the communication and the exchange of data, by using the fan page to usefully supplement the existing communication channels, such as web presence, press releases, print media and events
  • Promoting sales of our products and services or driving demand and recruitment in a transparent manner and regular contributions to optimise our fan page

We process special categories of personal data, if at all, only on the following legal basis:

  • Art. 9(2) item a) GDPR: consent of the data subject
  • Art. 9(2) item e) GDPR: the data subject has manifestly made the personal data public

The legal basis for the processing of the data by the platform operator can be found using the following link:
https://privacy.xing.com/de/datenschutzerklaerung
We have no influence and are unable to effectively monitor whether the processing of data by the platform operator is lawful.

Purposes of data processing

We process data for the following purposes:

  • Public image and advertising
  • Communication and data exchange
  • Event management
  • Where applicable, contract initiation and processing
  • Talent management

Information regarding the purposes for the processing of the data by the platform operator can be found using the following link: https://privacy.xing.com/de/datenschutzerklaerung
We have no influence over the purposes for which the platform operator actually uses the data. We also, in this respect, have no effective methods for controlling this.

16.2.4 Storage period

The storage and deletion of data is the responsibility of the platform operator. Information regarding this can be found using the following link: https://privacy.xing.com/de/datenschutzerklaerung
We have no influence over how the platform operator determines legal deletion deadlines or over how this data is deleted. We also, in this respect, have no effective methods for controlling this.

16.2.5 Categories of recipients

Only our employees and service providers that maintain our fan page and require data for the purposes referred to above have access to data we process. If data subjects post their data publicly on our fan page it can be accessed by other registered and, if applicable, non-registered users.
The categories of recipients to whom the platform operator discloses data or enables registered users to disclose their data to, and information about internal corporate data exchange can be found using the following link: https://privacy.xing.com/de/datenschutzerklaerung
We have no influence over the disclosure of data to individual recipients (or recipient categories) by the platform operator. We also, in this respect, have no effective methods for controlling this.

16.2.6 Data transfer to third-party countries

If data subjects post their data publicly on our fan page it can be accessed worldwide by other registered and, if applicable, non-registered users.

16.2.7 Logic involved and scope of profiling and/or automated individual decisions based on the collected data

If the data subjects are tracked through the collection of their data, whether through the use of cookies or comparable techniques, or by storing of IP addresses, the platform operator must inform them of this. Information regarding this can be found using the following links:
https://privacy.xing.com/de/datenschutzerklaerung

The platform operator may use various tools for analysis purposes.
We have no influence over the use of such tools by the platform operator and have not been informed about any such potential use. If tools of this type are used by the platform operator for our fan page, we have neither commissioned, condoned them, or otherwise in any way supported their use. Moreover, the data acquired from the analysis will not be made available to us. In addition, we are unable to prevent the use of such tools on our fan page, to turn them off or otherwise effectively control their use.

16.2.8 Rights of the data subjects

The joint controllers must grant the data subjects concerned different rights with regard to the processing of their data, which the data subjects may assert directly against the platform operator:

In certain circumstances, as per Art. 15 to Art. 18 GDPR, the data subjects have the right to access, rectification or erasure of their personal data or the right to restrict data processing by the controller. Data subjects also have the right to withdraw any consent they have given to the processing of their personal data at any time with effect for the future (Art. 7(3) GDPR). They can also object (Art. 21(1) GDPR) to the further processing of their data based solely on the legitimate interests of the controller as per Art. 6(1) item f) GDPR, if there are compelling legitimate interests in the exclusion of the data processing in view of their particular personal situation and if the controller has no compelling legitimate grounds for continuing the processing of the data. If personal data is processed for direct marketing purposes, the data subjects have the right to object to this processing at any time with effect for the future (Art. 21(2) GDPR). If data is processed with the consent of the data subjects in accordance with Art. 6(1) item a), Art. 9(1) item a) GDPR or in accordance with Art. 6(1) item b) GDPR based on a contract with the data subjects, and is processed with the aid of automated systems, the data subjects can, in accordance with Art. 20(1) GDPR, request to receive the personal data stored concerning them in a structured, commonly used and machine-readable format and to have this data transmitted to a third party designated by the data subjects.
In principle, data subjects have the right not to be subjected to a decision based solely on automated individual decision making in accordance with Art. 22(1) GDPR. If such an automated individual decision is permitted in accordance with Art. 22(2) items a) to c) GDPR, the data subjects are granted the following rights in accordance with Art. 22(3) GDPR: the right to express their own point of view, the right to obtain human intervention on the part of the controller, the right to contest the automated individual decision (right of appeal).

Data subjects also have the right to lodge a complaint with a supervisory authority if they are of the view that the processing of their personal data violates the General Data Protection Regulation, Art. 77 GDPR. The supervisory authority responsible for the platform operator is:

Der Hamburgische Beauftragte für Datenschutz und Informationsfreiheit
Ludwig-Erhard-Str 22, 7. OG
20459 Hamburg
Tel.: 040 / 428 54 - 4040
Fax: 040 / 428 54 - 4000
E-Mail: mailbox@datenschutz.hamburg.de

Ulm, June 24, 2019

PLUTA Rechtsanwalts GmbH