Data privacy statement

 

For German click here – Für die deutsche Fassung bitte hier klicken.

Welcome to lawpilots. Your partner for modern online trainings. With our e-learnings your employees develop sustainable awareness of data protection, compliance, information security and occupational safety for everyday work situations. We guarantee up to date expertise in the legal realm.

This requirement also applies to our privacy policy. Data protection is a matter of trust and your trust is important to us. We respect all aspects of your privacy. The protection and legally compliant collection, processing and usage of personal data is therefore important to us.

Contact

This privacy policy applies to the use of our website and participation in our online training courses. The point of contact and so-called controller for the processing of your personal data when visiting our websites within the meaning of the EU General Data Protection Regulation (GDPR) is

lawpilots GmbH
Am Hamburger Bahnhof 3
10557 Berlin
T: +49 (0)30 555 707 860
F: +49 (0)30 213 002 899
[email protected]
www.lawpilots.com

Further information about us can be found in our Legal notice. If you participate in our online training courses, our General Terms and Conditionsshall also apply.

Our privacy policy tells you what personal data is collected when you use our website or participate in our online courses and the extent to which it is used by us or by third parties.

Personal data means any information relating to an identified or identifiable person. In particular, this includes information that enables us to draw conclusions about your identity, such as your name, your telephone number, your address or email address. Some of this information enables us to provide you with certain services and functions of our online training courses.

Data processing on our websites

Visiting our websites, access data

Every time you use our website, we collect the access data automatically transmitted by your browser in order to make visiting the websites possible. This access data includes in particular:

  • IP address of the requesting device;
  • date and time of the request;
  • Name of the requested file
  • Access status (e.g. file transferred, file not found etc.)
  • Website from which the file was requested
  • addresses of the website visited and the requesting website;
  • information about the browser used and the operating system;
  • online identifiers (e.g. device IDs, session IDs).

It is necessary to process this access data to make it possible to visit the website and to guarantee the long-term functionality and security of our systems. The legal basis for this is Art. 6(1) Sentence 1(b) GDPR. For data protection reasons, we do not permanently store or analyze log files.

Making contact

There are a number of ways for you to contact us, e.g. via the contact forms on this website. In this context we process data exclusively for the purpose of communicating with you. The legal basis for this is Art. 6(1)(b) GDPR. The data we collect when you use the contact form will be automatically erased once we have finished processing your enquiry, unless we still require your enquiry to fulfil contractual or legal obligations (see ‘Storage period’).

Applications

You can apply to us for advertised vacancies by email. The purpose of data collection here is the selection of applicants for potential employment. In order to process your application, we collect the data provided by you (usually your first and last name, email address, application such as curriculum vitae and cover letter, earliest possible date you could start work and salary expectations). We would like to point out that we cannot guarantee confidentiality if applications are sent unencrypted by email. As a rule, you can also apply for our positions by post or in person. The legal basis for the processing of your application documents is Art. 6(1) Sentence 1(b) and Art. 88(1) GDPR in conjunction with Section 26(1) Sentence 1 of the German Federal Data Protection Act (BDSG).

Newsletter

For newsletter subscriptions we use the so-called double opt-in procedure, which means that we will only send you newsletters by email if you click on a link in our notification email to confirm that you are the owner of the email address provided. If you confirm your email address, we will store your email address, the time of registration and the IP address you used when registering until you unsubscribe from the newsletter. The sole purpose of storing this data is to be able to send you the newsletter and prove that you registered. You can unsubscribe from the newsletter at any time. A corresponding unsubscribe link can be found in every newsletter. It is of course also sufficient if you notify us using the contact details provided above or in the newsletter (e.g. by email or letter). The legal basis of this processing is your consent pursuant to Art. 6(1)(a) GDPR.

Our newsletters employ customary technologies used to measure interactions with newsletters (e.g. opening email, clicked links). We use this data in pseudonymised form for general statistical analysis, as well as to optimise and evolve our content and customer communications. This is done with the help of small graphical elements embedded in our newsletters (pixels). The data is collected on a pseudonymised basis only and is not associated with any of your other personal data. The legal basis for this is our above-mentioned legitimate interest as per Article 6(1)(1)(f) of the GDPR. We want to use our newsletter to share content of maximum relevance to our customers and to better understand what readers are actually interested in. If you do not want us to analyse your usage patterns, you can unsubscribe from the newsletter or generally deactivate graphics in your email client. Data relating to interaction with our newsletters is stored in pseudonymised form for 30 days and then fully anonymised.

Required tools

We use tools required to operate our website and others, where explicitly set out, on the basis of our legitimate interest pursuant to Article 6(1)(1)(f) of the GDPR to enable your convenient and personalised use of the website and ensure that use is as time-saving as possible. In some cases, these tools may also be required for the performance of a contract or for steps required prior to entering into a contract, in which case processing is carried out pursuant to Article 6(1)(1)(b) of the GDPR.

Unnecessary tools

All other tools, in particular those for marketing purposes, are used on the basis of your consent pursuant to Articles 6(1)(1)(a) and 49(1)(a) of the GDPR as well as section 15(3)(1) of the German Telemedia Act (TMG), provided that user profiles have been created for the purpose of marketing or market research. We will only process your data using these tools if you have provided your consent for us to do so.

Marketing tools

We also use tools for marketing purposes (“marketing tools”). Some of the access data resulting from the use of our website is used for interest-based advertising. The analysis and evaluation of this access data enables us to display personalised advertising, i.e. advertising matched to your actual interests and needs, on our website and on the websites of other providers.

Further information about the providers, the duration for which cookies are stored and the transfer of data to third parties can be found under Consent.

Analytical tools

In order to improve our website, we use tools for statistical collection and analysis of general usage behaviour based on access data (“analytical tools”).

External media tools

We use external media cookies, so that we can exchange content via social media in order to increase our presence (“External media tools”).

2.12 Facbook Fanpage

We jointly operate a fan page on the social network of Facebook Inc., 1601 Willow Road, Menlo Park, California, 94025, USA (“Facebook”), where we communicate with interested parties and followers and inform them about our products and services.

We may receive statistics from Facebook about how Facebook/Fanpage users use our Fanpage, such as information about interactions, likes, dislikes, comments, or aggregated information and statistics (such as the age or origin of our followers) that help us learn about interactions with our site. For more information about the nature and extent of these statistics, please see the Facebook info on using pages insights. Further information on the respective legal responsibilities can be found in the Facebook Page Insights Controller Addendum. The legal basis for this data processing is Art. 6 (1b) of the GDPR and 6 (1f) of the GDPR based on our aforementioned legitimate interest.

We have no control over the data that Facebook processes on its own responsibility in accordance with Facebook’s terms of use. However, we would like to point out that when you visit the fan page, data on your usage behavior is transferred from Facebook and the fanpage to Facebook. Facebook itself processes the aforementioned information in order to compile more detailed statistics and for its own market research and advertising purposes over which we have no control. You can find more detailed information on this in Facebook’s privacy policy. Facebook has submitted to the EU-US Privacy Shield.

If we receive your personal data while operating the fanpage, you are entitled to the rights stated in this data protection declaration. If you also wish to assert your rights against Facebook, the easiest way to do this is to contact Facebook directly. Facebook knows the details of the technical operation of the platform and the associated data processing as well as the concrete purposes of data processing and can implement appropriate measures on request if you make use of your rights. We are happy to support you in asserting your rights to the extent possible and forward your requests to Facebook.

3. Disclosure of data

In principle, we will only pass on the data we collect if:

  • you have given your explicit consent pursuant to Art. 6(1) Sentence 1(a) GDPR;
  • disclosure is necessary pursuant to Art. 6(1) Sentence 1(f) GDPR in order to establish, exercise or defend legal claims and there is no reason to assume that you have an overriding legitimate interest in your data not being disclosed;
  • we are legally obliged to do so under Art. 6(1) Sentence 1(c) GDPR; or
  • this is permitted by law and is required under Art. 6(1) Sentence 1(b) GDPR for the processing of contractual relationships with you or for taking steps at your request prior to entering into a contract.

Part of the data processing may be carried out by our service providers. In addition to the service providers mentioned in this privacy policy, this may in particular include data centers that store our websites and databases, IT service providers that maintain our systems, IT services and consulting firms. If we pass data on to our service providers, they may use the data exclusively for the fulfilment of their tasks. We have carefully selected and commissioned the service providers. They are contractually bound by our instructions, have appropriate technical and organizational measures in place to protect the rights of data subjects and are carefully monitored by us.
In addition, data may be disclosed in connection with official requests, court orders and legal proceedings if this is necessary to pursue or enforce rights.

4. Storage period

In principle, we only store personal data for as long as necessary to fulfil contractual or legal obligations for which we have collected the data. We then delete the data without delay, unless we still require the data until the end of the statutory limitation period for evidence purposes for claims under civil law or due to statutory retention obligations.
For evidence purposes, we must keep contract data for another three years after the end of the year in which the business relationship with you ends. After the standard statutory period of limitation, any claims become statute-barred at this point in time at the earliest.
Even after that, we are still required to store some of your data for accounting reasons. We are obliged to do so due to statutory documentation obligations, which may arise on the basis of the German Commercial Code, the Fiscal Code, the Banking Act and the Money Laundering Act. The periods specified there for retaining documents range from two to ten years.

5. Your rights

You have the right to information about how we process your personal data at any time. When providing this information, we will explain the data processing to you and provide you with an overview of the data stored about you. If data stored by us is incorrect or no longer up to date, you have the right to have this data corrected. You may also demand that your data be erased. Should the erasure not be possible in exceptional cases due to other legal regulations, the data will be blocked so that it is only available for that legal purpose. You are also entitled to have the processing of your data restricted, e.g. if you believe that the data we have stored is incorrect. You also have the right to data portability, which means that on request we will send you a digital copy of the personal data you have provided.
In order to assert your rights described here, you can contact us at any time using the contact details provided. This also applies if you wish to receive copies of safeguards in order to prove an adequate level of data protection.
Finally, you have the right to lodge a complaint with our competent data protection supervisory authority. You can assert this right by contacting a supervisory authority in the Member State of your habitual residence, your place of work or the place of the alleged infringement. In Berlin, where LawPilots GmbH is headquartered, the competent supervisory authority is: Berlin Commissioner for Data Protection and Freedom of Information, Friedrichstr. 219, 10969 Berlin.

6. Right of withdrawal and objection.

You have the right to withdraw the consent you gave us at any time. As a result of this, we will cease the data processing based on this consent with future effect. This withdrawal of your consent will not affect the lawfulness of the processing carried out on the basis of the consent prior to the withdrawal.
Insofar as we process your data on the basis of legitimate interests, you have the right to object to the processing of your data at any time for reasons arising from your particular situation. If your objection is to data processing for direct marketing purposes, you have a general right of objection, which we will implement without requiring you to give reasons.
If you would like to make use of your right of withdrawal or objection, it is sufficient to simply notify us using the contact details provided above.

7. Changes to this privacy policy

We will update this privacy policy from time to time, for example if we adapt our websites or there is a change in the legal or regulatory requirements.

Last amended: August 2020

Contact us

Call or write us:

+49 (0)30 22 18 22 80
[email protected]

Andreas Grau
Customer service manager
Monday – Friday 8:30 AM – 6:00 PM

Your data will of course be treated confidentially. Data transmission is encrypted. Further information can be found in our data privacy declaration.