Data privacy statement
1. Collection of personal data
(1) This data privacy statement explains how and what personal data we collect from you through our website. Personal data means all data that can relate to you personally, such as your name, address, e-mail account(s), user behaviour.
(2) Controller in accordance with Article 4 Clause 7 of the EU General Data Protection Regulation (GDPR) is
Staxlaw Firm International Network
20145 – Milano
Tel.: +39 02.80897709
You can contact our Data Protection Officer under email@example.com or at our postal address.
(3) Whenever you contact us by e-mail or through a contact form, we save the data provided by you (your e-mail account, possibly your name and phone number) to be able to deliver answers to your questions. We delete the data collected in this context after its storage is no longer necessary, or we limit its processing where it is subject to legal obligations to retain data.
(4) If we involve contracted third party providers to support individual functions of our offer or should we want to use your data for advertisement, the relevant applicable procedures are described in detail below. Below, we also describe the established criteria for the duration of data storage period.
(5) The data processed by us are deleted or their processing is limited in accordance with Articles 17 and 18 of the GDPR. Unless explicitly stated otherwise in this data privacy statement, the data stored by us is deleted as soon as it is no longer required for its intended purpose and no legal obligations to retain data prevent its deletion. Limitations are imposed on processing of the data which has not been not deleted because it is required for other legally allowed purposes. In other words, such data is blocked and not accessible for processing for any other purpose. This rule applies for example to the data which has to be retained for reasons associated with commercial or tax law.
2. Your rights
(1) You have the following rights in respect to us regarding the personal data relating to you: You have the right to obtain information about your personal data processed by us. We hope for your understanding because in case of an inquiry submitted to us other than in writing we will most probably request proof from you in such a situation in order to confirm that you are actually the person you claim to be.
You also have the right to adjust or to delete or to limit processing of your data to an extent legally allowed. Moreover, you have the right to object against processing of your data to an extent permitted by law. The same can be said about the right to “data transmissibility”.
(2) Furthermore, you have the right to apply to a data protection authority with complaints concerning how your personal data is processed by us.
3. Collection of personal data from our website visitors
(1) Where our website is accessed purely to gain information, i.e. where you do not register or provide us information in any other way, we only collect the personal data provided by your browser to our server. Where you want to view our website, we collect the following data necessary for technical purposes to be able to demonstrate our website to you and to ensure adequate access stability and security (the legal basis is Article 6 Paragraph 1 Section (1) Letter (f) of the GDPR):
- IP address;
- Enquiry date and time;
- Time zone difference to Greenwich Mean Time (GMT);
- Enquiry content (the exact web page accessed);
- Access status/HTTP status code;
- Data volume transmitted in each case;
- Website generating the enquiry;
- OS and its interface;
- Browser language and version.
This data is retained for security reasons (e.g. for investigation of misuses or prevention of fraud) for maximum seven days and deleted upon expiry thereof. The data which has to be retained for a longer period as evidence will only be deleted after the relevant incident is finally clarified.
(2) Additionally to the data listed in the foregoing, your computer will save our cookies when you access our website. Cookies are small text files which are stored on your hard drive as files assigned to your browser and through which certain information is provided to the cookie sender (in this case to us). Cookies are not able to execute any programmes or to infect your computer with any virus. Their purpose is to make your work in the internet generally more user-friendly and effective.
a) This website uses the following cookie types whose scope and functions are explained in more detail below:
– Transient cookies (please refer to b);
– Persistent cookies (please refer to c).
b) Transient cookies are deleted automatically when you close your browser. They include in particular session cookies. They store information about the so-called session ID with which diverse enquiries of your browser are assigned within the entire session. They enable us to recognise your computer as that of our former visitor when you return to our website. The session cookies are deleted when you close your browser.
c) Persistent cookies are deleted automatically after a pre-set period of time which can differ from cookie to cookie. You can delete the cookies at any time using the security settings of your browser.
d) You can configure your browser settings at your discretion and in particular decline acceptance of third party cookies or of all cookies. We point out, however, that in such case you will not be able most probably to make use of some of the functions at this website.
4. Other functions and offers of our website
(1) Next to the possibility to use our website purely for information purposes, we offer diverse services which you can use if they are of interest for you. As a rule, to be able to use them you would be requested to provide your more detailed personal data which we use for the provision of the concerned service and which are covered by the data processing principles described in the foregoing.
(2) We use the services of external service providers to process some of your data. We select and engage our service providers with thoroughness and care; they are bound by our instructions and monitored on regular basis.
(3) Furthermore, we may pass on your personal data to third parties if events, contracts or similar services are offered by us together with partners. You will receive more detailed information on this when you provide your personal data.
(4) Where our service providers or partners are located in a state outside the European Economic Area (EEA), we inform you about the consequences of this situation in the description of our offer.
5. Objections against data processing or recalling of your data from processing
(1) You can withdraw your agreement earlier granted us for processing of your personal data at any time. Such withdrawal of your agreement will affect the accessibility of your personal data for processing as soon as you make it known to us.
(2) To the extent we process your personal data to support our legitimate interests, you can file an objection against such processing. That is the case in particular where processing of the concerned data is not necessary for the purpose of executing our agreement with you, which fact we point out in the description of the concerned function below. If you file an objection with us, please kindly provide reasons why we should not process your personal data the way we are processing them currently. If your objection is found to be substantiated, we will investigate the matter and either suspend processing of your data and make appropriate adjustments or disclose to you our overriding reasons to continue processing of the concerned data where protection is necessary.
(3) You can object to the processing of your personal data for purposes of marketing and data analysis at any time. You can inform us about your marketing objection under the contact data mentioned in paragraph 1 (2).
6. Online event registration
(1) If you wish to register for events – both free and paid – it is necessary for the conclusion of the contract that you provide us with the personal data we require to process your registration. Required fields are marked separately, further fields are optional. We process the data provided by you to process your registration. The legal basis for this is Article 6 Paragraph 1 Section (1) Letter (b) and Letter (f) of the GDPR.
We may also process the information you provide to inform you of legal, tax and economic developments, to provide you with other interesting and important information or to send you e-mails containing technical information.
(2) We are obliged by commercial and tax law to store your address, payment and order data for a period of ten years. However, after three years we will limit the processing, i.e. your data will only be used to comply with legal obligations.
(1) Based on your consent you can subscribe to our newsletter to keep you informed about current developments in the fields of law, taxes and business and to provide you with other interesting and important information regarding these areas and from and about Staxlaw.
(2) We may use a double opt-in procedure to subscribe to our newsletter. In these cases, after your registration we will send you an e-mail to the specified e-mail address in which we ask you to confirm that you would like the newsletter to be sent. If you do not confirm your registration, your information will be automatically deleted at the latest after 72 hours. In addition, we store your IP addresses and the time of registration and confirmation. The purpose of the procedure is to be able to prove your registration and, if necessary, to clarify a possible misuse of your personal data.
(3) The only mandatory information for sending the newsletter is your e-mail address. The indication of further, separately marked data is voluntary and is used to be able to address you personally. After your confirmation we will save your e-mail address for the purpose of sending you the newsletter. The legal basis for this is Article 6 Paragraph 1 Section (1) Letter (a) of the GDPR.
(4) You can revoke your consent to the sending of the newsletter at any time and cancel the subscription. You can revoke by clicking on the link provided in the newsletter e-mail, by sending an e-mail to firstname.lastname@example.org or by sending a message to the contact details given in the imprint.
8. Use of Google Analytics
(1) This website uses Google Analytics, a web analytics tool by Google LLC (“Google”). Google Analytics uses so-called “cookies”, i.e. text files stored in your computer which enable us to analyse how you use our website. The information automatically collected by cookies concerning your use of this website is typically transmitted to and stored on a Google server in the United States. Google will mask some parts of your IP address and shorten it within the EU member states or within other states – parties to the Agreement on the European Economic Area. The full IP address will be transmitted to a Google server in the United States and shortened there solely in exceptional circumstances. Upon instruction from the controller (operator of this website), Google will use this information to analyse use of the website by you, to compile reports about your website activity and to provide the website operator other services concerning use of the website and of the Internet.
(2) Google will not associate the IP address transmitted from your browser through Google Analytics with any other data held by Google.
(3) You can also disable acceptance of cookies by your computer by configuring your browser settings accordingly; please note, however, that in such case you most probably will not be able to make use of some of the functions at this website. Additionally you can prevent registration and transmission to Google as well as processing by Google of the data generated by cookies in respect of your use of this website (including your IP address) by downloading and installing the browser plugin available through this link: http://tools.google.com/dlpage/gaoptout?hl=de.
Finally, you can prevent Google from collecting and processing data relating to your use of the website by clicking this link; in this case, an opt-out cookie is stored in your browser, which means that Google does not collect any session data. Please note: If you delete your cookies, the opt-out cookie will also be deleted and you may have to activate it again.
(4) This website uses Google Analytics with the extension “_anonymizeIp()”. That ensures further processing of shortened IP addresses, thus disabling their direct referencing to persons. To the extent the data collected about you can be directly referenced to you, such referencing is immediately ruled out and the personal data is deleted at once.
(5) We use Google Analytics to analyse use of our website and to be able to improve our website on regular basis. The collected statistics helps us improve our offer and position ourselves in a more interesting way for you as our user. For exceptional situations where personal data is transmitted to the USA, Google has submitted itself to the EU-US Privacy Shield https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active. The legal basis allowing us the use of Google Analytics is Article 6 Paragraph 1 Section (1) Letter (f) of the GDPR.
(6) Information on the third party provider: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, Tel: +1 650 253 0000, E-Mail: email@example.com. Utilisation terms and conditions: http://www.google.com/analytics/terms/de.html, Data Privacy Synopsis: http://www.google.com/intl/de/analytics/learn/privacy.html and the data privacy statement: http://www.google.de/intl/de/policies/privacy.
9. Use of social plug-ins with “2-click solution”.
(1) We currently use the following social media plug-ins: Facebook, Twitter, LinkedIn, Xing. We use the so-called two-click solution. This means that when you visit our site, no personal data is initially passed on to the providers of the plug-ins. You can recognize the provider of the plug-in by the marking on the box above its initial letter or the logo. We offer you the possibility to communicate directly with the provider of the plug-in via the button. Only if you click on the marked field and thereby activate it, the plug-in provider receives the information that you have accessed the corresponding website of our online offer. In addition, the data mentioned in section 3 of this declaration will be transmitted. In the case of Facebook and Xing, the IP address is anonymized immediately after collection, according to the respective provider in Germany. By activating the plug-in, personal data is transferred from you to the respective plug-in provider and stored there (for US providers in the USA). Since the plug-in provider collects data mainly via cookies, we recommend that you delete all cookies before clicking on the grayed-out box using your browser’s security settings.
(2) We have no influence on the data collected and data processes, nor are we aware of the full extent of data collection, the purposes of processing, the storage periods. We also have no information on the deletion of the data collected by the plug-in provider.
(3) The plug-in provider stores the data collected about you as user profiles and uses these for the purposes of advertising, market research and/or demand-oriented design of its website. Such an evaluation takes place in particular (also for not logged in users) for the display of demand-oriented advertisement and in order to inform other users of the social network about your activities on our website. You have a right of objection to the creation of these user profiles, whereby you must contact the respective plug-in provider to exercise this right. Through the plug-ins we offer you the possibility to interact with social networks and other users, so that we can improve our presentation and make it more interesting for you as a user. The legal basis for the use of the plug-ins is Article 6 Paragraph 1 Section (1) Letter (f) of the GDPR.
(4) The data is passed on regardless of whether you have an account with the plug-in provider and are logged in there. If you are logged in with the plug-in provider, your data collected with us will be directly assigned to your existing account with the plug-in provider. If you click the activated button and, for example, link the page, the plug-in provider also stores this information in your user account and shares it publicly with your contacts. We recommend that you log out regularly after using a social network, especially before activating the button, this way you can avoid being assigned to your profile with the plug-in provider.
(5) Further information on the purpose and scope of data collection and its processing by the plug-in provider can be found in the privacy statements of these providers listed below. They will also provide you with further information about your rights in this regard and setting options to protect your privacy.
6) Addresses of the relevant plug-in provider and URL with privacy information:
a) Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA; http://www.facebook.com/policy.php; further information regarding data processing: http://www.facebook.com/help/186325668085084, http://www.facebook.com/about/privacy/your-info-on-other#applications and http://www.facebook.com/about/privacy/your-info#everyoneinfo. Facebook has submitted to the EU-US Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active.
b) Twitter, Inc., 1355 Market St, Suite 900, San Francisco, California 94103, USA; https://twitter.com/privacy. Twitter has submitted to the EU-US Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt0000000TORzAAO&status=Active.
c) LinkedIn Corporation, 2029 Stierlin Court, Mountain View, California 94043, USA; http://www.linkedin.com/legal/privacy-policy. LinkedIn has submitted to the EU-US Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt0000000L0UZAA0&status=Active.
d) Xing AG, Gänsemarkt 43, 20354 Hamburg, DE; http://www.xing.com/privacy.
10. Integration of YouTube videos
(1) We have integrated YouTube videos into our online presentation, which are stored on http://www.YouTube.com and can be played directly from our website. These are all integrated in the “extended data protection mode”, i.e. no data about you as a user will be transmitted to YouTube if you do not play the videos. Only when you play the videos will the data referred to in paragraph 2 be transmitted. We have no influence on this data transmission.
(2) By visiting the website, YouTube receives the information that you have accessed the corresponding subpage of our website. In addition, the data mentioned in section 3 of this statement will be transmitted. This is independent of whether YouTube provides a user account through which you are logged in or whether no user account exists. If you are logged in to Google, your information will be directly associated with your account. If you do not wish to be associated with your profile on YouTube, you must log out before playing the video. YouTube stores your data as user profiles and uses them for purposes of advertising, market research and/or demand-oriented design of its website. Such evaluation takes place in particular (even for unlogged-in users) to provide demand-oriented advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, whereby you must contact YouTube to exercise this right.
(3) By integrating YouTube we improve our website and make it more interesting for you as a user. The legal basis is Article 6 Paragraph 1 Section (1) Letter (f) of the GDPR.
(4) YouTube is operated by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, Tel: +1 650 253 0000, E-Mail: firstname.lastname@example.org. Further information on the purpose and scope of data collection and processing by YouTube can be found in the privacy statement. There you will also find further information about your rights and setting options to protect your privacy: https://www.google.de/intl/de/policies/privacy. Google processes your personal data in the USA as well and has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active.