1. Name and contact details of the controller and the company’s data protection officer
Martens Rechtsanwälte (“Martens”), Agnesstraße 14, D-80798 Munich, Germany Email: firstname.lastname@example.org Phone: +49 (0) 89 /452 44 22 0 Fax: +49 (0) 89 /452 44 22 99 is the controller and responsible for the Martens website.
You can reach our company’s data protection officer at email@example.com.
2. Processing of personal data as well as nature and purpose of their use
a) When visiting the website
When accessing our website, the browser used on your terminal device automatically sends information to the server of our website. This information is temporarily stored in a so-called log file. The following information is collected without your intervention and stored until automatic deletion:
- IP address of the querying computer,
- Date and time of the query,
- Name and URL of the retrieved file,
- Website from which the access is made (referrer URL),
- Browser used and
- if applicable, operating system of your computer and name of your access provider.
This information is anonymised and is used to ensure a smooth connection and a comfortable use of the website, to evaluate the system security and stability and for other administrative purposes. The IP address is also temporarily stored for security reasons in order to protect the website against cyberattacks.
The legal basis for this data processing is our overriding legitimate interest according to Article. 6 para. 1 lit. f GDPR.Our legitimate interest is based on the data collection purposes listed above. We do not use data collected this way for the purpose of drawing conclusions about your person in any case.
The Martens website may contain links to third-party websites. When clicking on these links, you will leave the Martens website. Martens has no influence on what data is processed by these third party websites.
3. Applications for jobs
Applicants have the option of applying to us in various ways. These also include an electronic application via email. In this, as well as in all other cases, we store the following data as far as such accrue:
- First and last name
- Sender address
- Date and time of access
- IP address
- If applicable, their routes
- Message content (cover letter, references, CV, targeted starting date, salary expectations, special features, e.g. work samples)
- Additional attachments, if applicable
You can also apply to us by post or using other means of communication. Applying via email without encryption does not guarantee completely secure data transmission.
The legal basis for the processing of data collected in this respect is Article 6 lit. b, Article 88 para.1 GDPR in conjunction with Sec. 26 para.1 sentence 1 BDSG [German Federal Data Protection Act]. Your data is required for the preparation, conclusion or implementation of the intended employment and is used exclusively for these purposes.
Your data will only be stored for as long as it is necessary to carry out the stated purposes. We delete data of rejected applicants no later than one year after the rejection, unless the applicant expressly requests longer storage or earlier deletion. For this purpose, please contact us via firstname.lastname@example.org.
Your data will not be passed on to third parties in connection with your application. The data will be used exclusively for processing within the application process.
Please note that under the General Data Protection Regulation, certain data might be considered as particularly sensitive and in need of special protection. This includes e.g. data concerning health, origin or religion. We kindly ask you to not provide us with such data as a matter of principle. Should you nevertheless decide to provide such data in your application, please note that you are at the same time giving your explicit consent to the processing of your data according to Article 9 para 2 lit. a GDPR.
We are pleased to be able to offer you the opportunity of subscribing to our newsletter. With our newsletter, we want to inform you about current topics in sports law, in particular about recent court decisions at regular intervals. Recommendations regarding challenges in sports law practice may also be included in our newsletter. Should you wish to subscribe to our newsletter, please provide us with your email address. This is required so that we can send you the newsletter.
To send our newsletter, we use MailChimp, a list provider of The Rocket Science Group, LLC, 512 Means Street, Suite 404, Atlanta, GA 30318 / USA (“Rocket”). We have concluded a data processors agreement with Rocket and fully implement the strict requirements of the German and European data protection authorities when implementing it (see https://mailchimp.com/legal/data-processing-addendum/#6._International_Transfers).
Registration for our newsletter is subject to the so-called double opt-in procedure. The registration process therefore takes place in two steps. The first step consists of your order for the newsletter with simultaneous provision of your email address. The second step is that MailChimp sends you an email with a confirmation link. Only when you have clicked on this link and thus verified your email address and ownership, will you receive our newsletter.
Furthermore, MailChimp offers various analysis options on how the sent newsletters and on how they are opened and used, e.g. with regard to the number of recipients, the rejection of emails or unsubscribing from the newsletter. However, these analyses are only carried out for statistical purposes by MailChimp (such as measuring the number of users to maintain the functionality of the newsletter dispatch) and are not used by us for individual evaluation.
MailChimp also uses the Google Analytics analysis tool from Google, Inc. However, this tool is only integrated into the newsletter dispatch, if the person responsible (in this case: Martens Rechtsanwälte) opts to do so. We do neither use the Google Analytics web analytics service ourselves, nor through MailChimp.
According to Article 6lit. a GDPR the processing of your data within the scope of the newsletter dispatch is based on your consent. You can revoke this consent at any time and unsubscribe from the newsletter as described.
5. Social Media Presence
a) General information
We run publicly accessible profiles on various social networks. When you visit these profiles, a variety of data processing procedures are initiated. Below, we provide you with an overview of these data processing procedures, including your personal data collected, used and stored by us when you visit our profiles. We would like to point out that you use our social media platform profiles and their functions on your own responsibility. This applies, in particular, to the use of interactive functions (e.g. commenting, sharing, rating).
b) Our Social Media Profiles
In the following, we inform you about the data processing in the context of the use of our individual social media profiles.
We run a profile on the social platform LinkedIn (https://www.linkedin.com/company/martens-rechtsanwaltsgesellschaft-mbh/?viewAsMember=true), a service of LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland. As the operator of a LinkedIn profile, we can view the information stored in your public LinkedIn profile, insofar as you have such a profile and are logged into it while accessing our LinkedIn profile. In addition to that, LinkedIn provides us with anonymous statistics on the usage of our profile that we use to improve the user experience when visiting our LinkedIn profile. We do not have access to the data that LinkedIn collects to create these statistics. This data processing serves our legitimate interest in improving the user experience when visiting our LinkedIn profile in line with the target group. The legal basis for the data processing is thus Article 6 para. 1 lit. f GDPR.
We run a closed group for our former employees (“Martens Alumni” https://www.facebook.com/groups/MartensAlumniGroup) on the social platform Facebook, a service of Facebook Ireland Ltd, 4 Grand Canal Square Grand Canal Harbour, Dublin 2, Ireland. Facebook provides us with anonymous statistics on the usage of the group that we use to improve the user experience when visiting our group. We do not have access to the data that Facebook collects to create these statistics. This data processing serves our legitimate interest in improving the user experience when visiting our Facebook group. The legal basis for the data processing is thus Article 6 para. 1 lit. f GDPR.
6. Your rights
The GDPR grants you certain rights vis-à-vis the controller (here: Martens Rechtsanwälte) for the protection of your personal data. We would like to inform you about these rights in the following.
You have the right:
- according to Article 15 GDPR to request information about your personal data processed by us. In particular, you can request information about the processing purposes, the category of personal data processed, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right of complaint, the origin of your data if it was not collected by us, as well as the existence of automated decision-making, including profiling, and, if applicable, meaningful information about its details;
- according to Article 16 GDPR to demand the immediate correction of incorrect or completion of your personal data stored by us;
- according to Article 17 GDPR to request for the the deletion of your personal data stored by us, unless the processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the assertion, exercise or defence of legal claims. If deletion is not possible for these reasons, your data will be blocked to the extent that it can only be used for the purpose that precludes deletion;
- to demand the restriction of the processing of your personal data according to Article 18 GDPR, insofar as the correctness of the data is disputed by you, the processing is unlawful, but you object to its deletion and we no longer require the data, but you need it for the assertion, exercise or defence of legal claims or you have objected to the processing according to Article 21 GDPR;
- According to Article 20 GDPR to receive your personal data that you have provided to us in a structured, common and machine-readable format or to request the transfer to another controller;
- to revoke your consent at any time according to Article 7 para 3 GDPR. Such a revocation has the consequence that we will no longer continue the data processing, which was based on this consent, for the future, insofar as no other legal basis exists.
- complain to a supervisory authority according to Article 77 GDPR . As a rule, you can contact the supervisory authority of your place of residence or workplace or our registered office.
- if your personal data is processed on the basis of our overriding legitimate interests according to Article 6 para 1 lit. f to object to the processing of your personal data according to Article 21 GDPR, provided that there are grounds for doing so which arise from your particular situation or the objection is directed against direct marketing. In the latter case, you have a general right of objection, which is implemented by us in any case.
In addition to contacting us via email (email@example.com), you may also contact us by any other means using the contact details provided under the heading “Controller” (e.g. by telephone, fax or letter) in order to exercise all of your listed rights.
7. Data security
Martens also uses appropriate technical and organisational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorised access by third parties. The security measures are continuously reviewed and improved in line with technological developments.
8. Use of external fonts
On our website we use a font from MyFonts by Monotype, a service of the provider Monotype Imaging Holdings Inc., 600 Unicorn Park Drive, Woburn, MA 01801 / USA. Due to the licensing terms of MyFonts by Monotype Imaging Holdings Inc. the so-called MyFonts Counter is used thereby. The MyFonts Counter is used for page-view tracking, i.e. the counter counts the number of visits of our website for statistical purposes and transmits this data to MyFonts in an anonymous form. We do not use this data for individual evaluation. Further information on the protection of your data when using the MyFonts Counter can be found at: https://www.monotype.com/legal/privacy-policy/web-font-tracking-privacy-policy/ and at https://www.myfonts.com/legal/website-use-privacy-policy.
The data transmitted in this way is stored on the servers of MyFonts by Monotype for 30 days (in order to be able to record the number of monthly website visits) in encrypted log files and then deleted.
Visitors to our website can prevent the transfer of data to MyFonts by Monotype altogether by installing a Java Script blocker (e.g. www.noscript.net or comparable options).
The legal basis for this data processing is our overriding legitimate interest in a functioning website according to Article 6 para 1 lit. f GDPR.
10. Use of Zoom
We use the online tool “Zoom”, a service of Zoom Video Communications Inc, 55 Almaden Boulevard, 6th Floor San Jose CA 95113 / USA for video calls, webinars and other digital face-to-face communication. The following privacy notice applies in the event that we send you a Zoom link to participate in an online meeting or make it available on our website. In this case, Zoom is a processor within the meaning of Article 28 GDPR, and we have concluded a processor agreement with Zoom for this purpose.
After clicking on a Zoom link sent or provided by us, Zoom needs and requires your first and last name and, if applicable, the entry of the password sent by us for your admission to a meeting. We need your email address to send you the Zoom link. This will also be sent to Zoom. In addition to that, your IP address (which may also be used to determine your location) and device information will be transmitted to us and Zoom when the meeting begins. The same applies to the topic of the meeting and the description stored, if applicable. Further data, such as your job title or calendar integration is only transmitted if you enter it.
When you dial in via your phone / smartphone, Zoom receives your phone number, information about your location and the start and end time of the call. We also receive this information when you dial in from your phone.
As a matter of principle, we do not record meetings. If we do make a recording, we will inform you separately about the data collected in the process and obtain your consent.
Depending on which Zoom features you use during the meeting, data from your camera, microphone, location and text messages you leave (e.g. as part of the chat features), information about Zoom’s product and website usage (e.g. number of times you attend meetings) may be collected and transmitted to us and/or Zoom.
Some of your data, especially your name and possibly your phone number, may be visible to other meeting participants, depending on the zoom setting.
If you have a Zoom account, the data collection may be more extensive than described above.
You can find more detailed information on data protection at Zoom at: https://explore.zoom.us/docs/de-de/privacy.html.
The legal basis for data processing through Zoom is our overriding legitimate interest in the functioning of online meetings according to Article 6 para 1 lit. f GDPR. If the meetings are held in connection with a contractual relation, such as a client agreement, the legal basis for the data processing is the necessity for the execution of the contract according to Article 6 para. 1 lit. b GDPR
We are not responsible for further data processing by Zoom, on which we have no influence. .
11. Data transfer to third countries
The use of external services may result in the transfer of data to third countries outside the European Union. Insofar as a lower level of data protection exists in these countries than in the European Union and insofar as no adequacy decision issued by the Commission of the European Union exists for these countries according to Article 45 GDPR, we act with internal agreements and regulations to ensure an adequate level of protection for your data. To achieve this goal, we also make use of Standard Contractual Clauses of the European Union. To the extent that these measures are not possible or sufficient, we would like to point out that the transfer of your data to third countries is based on your consent according to Article 49 of the GDPR and may also be necessary for the performance of a contract according to Article 49 GDPR. However, we would like to point out at the same time that in these cases (transfer of data to third countries) there is a possibility that the protection of your data is not guaranteed to the same extent as within the European Union. In the USA in particular, security authorities have easier access to personal data. In such cases, you will not be able to assert your above-mentioned data subject rights with the same effectiveness as within the European Union.
12. Storage period
In principle, we only store your data for as long as it is required to fulfil the underlying purpose in each case. In addition, we store data within the legally permitted and required periods, which generally end three years after the end of the year in which you entered into contractual contact with us. In certain cases, however, statutory storage periods of 10 or 30 years may also apply.