Privacy Policy

 

We are pleased about your interest in our company. Privacy has a high priority for us and we take this matter serious. This Privacy Policy informs about the nature, the scope and purpose of the processing of personal data (hereafter also referred to as ” the data”) within our website and the Web pages associated with it, functions and content (hereinafter also referred to as the “online offer”).

 

1.    Name and address of the person responsible for the processing

Responsible in terms of the data protection regulation, other data protection laws applicable in the Member States of the European Union and other provisions with data protection character is:

Law in Practice GmbH
Rather Strasse 25
40476 Düsseldorf
T: +49 211 16350325
Email: Info [at]lawinpractice.eu
https://lawinpractice.eu

hereinafter referred to as ‘LIP‘.

If you have any questions about data protection in connection with our products and services or the use of our online offer, you can contact us at the above postal address, by emailing us or by using our online contact form (please mark all correspondence with: “data privacy”).

2.    Definitions

This Privacy Policy uses the following terms in accordance with the General Data Protection Regulation (GDPR):

a) Personal data

“Personal data” means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

b) Concerned person

Person concerned is any identified or identifiable natural person, for which personal data, are processed by the person responsible for the processing.

c) Processing

‘Processing’ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

d) Restriction of the processing

„Restriction of processing“ means the marking of stored personal data with the aim of limiting their processing in the future

e) Profiling

„Profiling’ means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.

f) Use of pseudonyms

„Pseudonymisation’ means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person that the personal data is assigned to one identified or identifiable natural person.

g) Person in charge or controller

„Person in charge“ or „controller“ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;

h) Processor

Processor is a natural or legal person, public authority, agency or other body that processes personal data on behalf of the controller.

i) Recipients

‘Recipient’ means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing.

j) Third parties

‘Third party’ means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.

k) Consent

‘Consent’ of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

3.    Data protection officer

LIP not obliged to appoint a privacy officer according to Article 37 GDPR, § 38 German Data Protection ACT (Bundesdatenschutzgesetz, BDSG).

4.    Relevant legal bases

In accordance with Article 13 GDPR, LIP informs you about the legal basis of its data processing operations. If the legal basis in this Privacy Policy is not further mentioned, the following applies: The legal basis

  • for the processing of personal data, because this serves the vital interests of the data subject or another natural person, is Article 6 para 1 lit. d GDPR.
  • for the obtaining of your consent Article 6 para 1 lit a and Article 7 GDPR
  • for processing of personal data to the fulfilment of our services and contractual measures, as well as responding to requests is Article 6 para 1 lit b GDPR
  • for processing to meet our legal obligations is Article 6 para 1 lit c GDPR and
  • for the purposes of the legitimate interests is Article 6 para 1 lit f GDPR.

5.    Kind of processed data

LIP collects personal data from visitors of our online offer, customers and users of our E-Learnings. The collected personal data can be

  • Inventory data (E.g. name, address)
  • Contact data (such as E-Mail, phone numbers)
  • Content data (such as text input, photographs, videos)
  • Contract data (E.g. contract, term, customer category)
  • Payment information (for example, used credit cards, bank account, payment history)
  • Use data (E.g., interest in content, access times visited Web pages)
  • Meta – / communication data (for example, device information, IP addresses)

For further details on which data will be collected upon which event and for which exact purpose, please see Section 15.

6.    Processing of special categories of personal data (Article 9 GDPR)

LIP does not process special categories of personal data.

7.    Purpose of data processing

Depending on the kind of use of our online offer, personal data are collected for the following purposes:

  • provision of the website, its content and shop features
  • provision of contractual services and customer care
  • compliance with legal and fiscal requirements
  • security
  • respond to contact requests and communication with users
  • marketing, advertising and market research.

For further details on which data will be collected upon which event and for which exact purpose, please see Section 15.

8.    Changes and updates to the privacy statement

LIP kindly ask you to inform you about any updates of this Privacy Policy. LIP will accordingly update and adjust this Privacy Policy if required by law and/or due to changes in the data processing performed by LIP. Lip will inform you if these changes require your participation.

9.    Security measures

In accordance with Article 32 GDPR and under consideration of the scope, the circumstances and the purposes of the processing as well as the different probability of occurrence and severity of risk for the rights and freedoms of natural persons, LIP implements appropriate technical and organizational measures to ensure a level of protection reflecting the potential risks. Security measures include in particular the encrypted transmission of data between your browser and our server by means of a SSL procedure (Secure Socket Layer).

In addition, LIP has established procedures ensuring a perception of affected rights, deletion of data and response to risk the data. In addition, LIP, the protection of personal data, already considered during the development and selection of hardware, software and procedures, in accordance with the principle of data protection through technology design and privacy-friendly default settings taken into account (Art. 25 GDPR).

10.    Disclosure and submittance of data

If LIP in the context of processing revealed information to other persons and companies (subcontractors or third parties), delivers or grant access to data this is done only on the basis of a legal permit, because you have declared your consent, this is required because of a legal obligation or upon our vested interests (e.g. for the use of agents, hosting providers, tax, economic and legal advisors, customer relationship management, accounting, billing and similar services that allow us an efficient and effective fulfilment of our contractual obligations, administrative tasks and duties). If LIP entrust third parties with the processing of data on the basis of a so-called “contract processing agreement”, this is done on the basis of Article 28 GDPR.

In no way, LIP sells the collected data or discloses these data to third parties other than for reasons as outlined here.

11.     Transfers to third countries

If LIP processes data in a third country (i.e. outside the European Union (EU) or the European economic area (EEA)) or if such a data processing happens due to the engagement of third-parties, this is done only in the context of the use of LIP’s services and to comply with the (pre) contractual obligations of LIP, upon your consent, due to a legal obligation or on the basis of our legitimate interests. If LIP processes data in a third country, this is subject to legal or contractual licenses or to process data in a third country, if the special requirements of Articles 44 et seq. GDPR exist.

12.      Right to withdraw the consent and to object; other rights

In accordance with Article 7 para 3 GDPR, you have the right to withdraw your consent for the future at any time and to object the data processing in accordance with Article 21 GDPR. Furthermore, you have the right

  • to ask whether the data will be processed and the right to an information on these data as well as copy of the data (Article 15 GDPR)
  • that your data will be completed or incorrect data will be corrected (Article 16 GDPR)
  • that data be deleted immediately (Article 17 GDPR) or alternatively in accordance with Article 18 GDPR, that a restriction of the processing of data is carried out,
  • to require that you receive the data you provided to LIP in accordance with Article 20 GDPR and to request their transfer to other responsible
  • pursuant Article 77 GDPR to file a complaint with the competent supervisory authority.

13.       Cookies and right of objection in direct marketing

LIP uses temporary and permanent cookies and informs about this in the context of this Privacy Policy.

“Cookies” are small files which are stored on computers of users. Different readings can be stored within the cookies. A cookie is used primarily to save the information to a user (or the device on which the cookie is stored) during or after his visit of a website.

“Temporary cookies” or “Session cookies” are deleted after a user leaves an online offer and closes his browser. In such a cookie, for example, the content of a shopping cart of our online store or a login status can be saved. “Permanent” or “persistent” cookies are those will be retained after the browser is closed. So, for example, the login status can be saved when the users search them for several days. Furthermore, LIP uses these kind of cookies in its E-Learning-Management, for example to save the current learning progress of a student. If a student interrupts the learning sessions, leaves the system and returns, he then can continue from the point he stopped and does not need to complete all lectures of the E-Learning again. Additionally, cookies can store the interests of users whereas those data are used for audience measurement or marketing purposes.

Cookies are referred to as “Third party cookies” by others than the person responsible, who runs the online offer (otherwise, if they are only the cookies it is called “First-Party Cookies”).

If you do not want that cookies are store on your computer, you are kindly asked to accordingly choose the appropriate option in the system settings of your browser to disable cookies. Stored cookies can be deleted in the system settings of the browser.

A general objection to the use of cookies for purposes of online marketing in a variety of services, especially in the case of tracking can be made through the US  page http://www.aboutads.info/choices/ or the EU page http://www.youronlinechoices.com/ be explained. Also, the storage of cookies can be achieved using whose cut-off in the settings of your browser.

Note: The exclusion of cookies can lead to functional limitations of this online offer. LIP does not assume any liabilities in case of functional limitations of the online offer and the E-Learning-Management System because of the deactivation of cookies.

You can change the cookie-settings here  Cookies

14.    Deletion of data; legal retention periods

Personal data processed by LIP will be deleted or restricted in their processing in accordance with Articles 17 and 18 GDPR. If not otherwise specified in the context of this Privacy Policy, data stored by LIP will be deleted as soon as they are no longer required for its intended purpose and no statutory retention obligations applies. If the data are not deleted because they are required for other legally permissible purposes, the processing is restricted. In this case, the data is locked and not processed for any other purpose. This applies e.g. for data that must be kept for commercial or fiscal reasons.

According to Section 257 German Commercial Act, the applicable storage period for books, inventories, opening balances, financial statements, commercial letters, accounting documents, etc. is six (6) years. According to Section 147 General Tax Act, the storage period for tax relevant data is ten (10) years.

15.    Data processing on the Webpage, the establishment of customer’s account, processing orders in our online shop as well as the use of the E-learning management system (“LMS”)

  • Visit of LIP’s website

When you call up our website, information of the server of our Website are automatically sent to the browser used on your device. This information is temporarily stored in a so-called log file. Following information is collected without effort on your part and stored until the automated deletion:

    • IP address of the requesting computer
    • Date and time of access
    • Name and URL of the visited website
    • Website from which the access takes place (referrer URL)
    • used browser and if necessary the operating system of your computer, as well as the name of your access provider.

The data are processed by LIP for the following purposes:

    • Provision of the correct language settings
    • Provision of the correct VAT rates for our Products
    • Ensuring the security of our online shop (e.g. to the elucidation of abuse or fraud)
    • Ensuring a comfortable using of our Web site,
    • Evaluation of system security and stability as well as
    • for other administrative purposes.

The data will be stored for the duration of maximum one (1) day and deleted afterwards. Data, which are required for legal and/or evidentiary purposes are excluded from deletion until final clarification of the incident. The legal basis for the data processing is Article 6 para 1 lit f GDPR. The interest of LIP follows from above listed purposes of data collection. In no way will LIP use the collected data for the purpose, to draw conclusions on your person. In addition, LIP inserts cookies and analysis services when visiting the website (see Section 13 and Section 18).

  • Use of our contact form; contacting LIP via E-Mail

If you wish to use our contact form or to E-Mail us, you need to use and submit your E-Mail-Address and the reason of your contact request. In this context, LIP processes data exclusively for the purpose of communicating with you and to process your enquiry. The legal basis for this is Art. 6 Para. 1 lit b, c and f GDPR. The collected data will be automatically deleted once your request has been finally processed unless the data are required to fulfil contractual or legal obligations (see Section 14 above).

  • Establishment of customer account, ordering in our online shop and use of the E- Learnings

LIP processes the data from customers as part of the orders in the online shop operated by LIP to customers to allow the selection and ordering of selected products and services as well as their payment and delivery or execution.

The processed data include inventory data, communication data and contract data. The persons concerned are LIP customers and business partners. The processing takes place for the purpose of the provision of contractual services in the operation of an online shop, billing, service delivery and customer service. LIP uses therefore session cookies for storing the contents of the shopping cart and permanent cookies to store the login status.

The processing takes place in accordance with Article 6 par. 1 lit. b (ordering operations) and c (legally required archiving) GDPR. The collected information are required for the fulfilment of the LIP’s customer contract duties. LIP reveals the data to third parties only in the context of performance, payment, or within the framework of the statutory licenses and obligations with regard to legal advisors and authorities. The data are processed only in third countries, if this is necessary for the performance of the contract.

    • Users create an account where they particularly can see their orders. As part of the registration, the required information to create an account are communicated to the users. The user accounts are not public and cannot be indexed by search engines. If users cancel their account, their data with regard to the user account will be deleted unless a data storage is required due to commercial or fiscal purposes and if this is made in accordance with Article 6 par. 1 lit. (c) GDPR. It is in the responsibility of the users to back up their data after termination before the end of the contract.

During the registration, use of our online services, and renewed registrations, LIP stores the IP address and time of each user action. The storage is based on LIP’s legitimate interests and the interests of the users of a protection from abuse and any other unauthorized use. In general, the data are not transferred to third parties unless it is needed to secure LIP’s claims towards the users or if there is a legal obligation pursuant Article 6 par. 1 lit. (c) GDPR.

The deletion will be made in accordance with legal archiving obligations (commercial law: 6 years archiving obligation;) Tax law: 10 years archiving obligation).

    • For the use of the E-Learning management system (“LMS”), the users log in with their E-Mail address and password in the system. The LMS is self-hosted by LIP. Only employees of LIP with administrator rights have access to these data.

16.      Business analysis and market research

To analyses our business, undertake market research, identify market trends, customer and user requirements, LIP analyzes the available data of website visits, transactions, contracts, requests, etc. Thereby, LIP processes communication data, contract data, payment data, inventory data, usage data in accordance with Article 6 lit. f GDPR. Persons concerned are customers, business partners, visitors and users of the website. The analyses are carried out for the purpose of economic evaluations, marketing and market research. LIP may take into account the profiles of registered users with information as to their purchase transactions. The analyses LIP is used to increase the user friendliness, the optimization of our offer and the operating economy.

The analysis are only tracked for the purposes of LIP’s interest as described above and will not externally disclosed, provided the collected data are not anonymous. If and to the extend these data contain personal data, they will be deleted or anonymized upon deletion of the user account.

17.      Communication Contact and customer Service

For business transactions and for marketing purposes LIP uses telecommunication means, such as mail, telephone or e-mail. Thereby, LIP processes inventory data, address and contact data as well as contract data of customers, participants, interested parties and communication partners. Processing shall be carried out based on Article 6 (1) lit. a and f, Article 7 GDPR in connection with legal requirements for advertising communications. The contact is only made with the consent of the contact partners or within the framework of the legal permits and the processed data are deleted as soon as they are not required, otherwise upon contradiction/withdrawal or omission of the authorization or statutory archiving obligations.

18.      Social Media

a) Online presence on social media

LIP is present on the social networks LinkedIN and Xing to communicate with customers, users and interested person active on these platforms as well and to inform them about our services.

We inform you that thereby personal data may be processed in non-EU states. This may bear certain risk for a user, particularly as regards the enforcement of data protection rights. However, as far as this concerns a data processing by US companies, these companies have subjected itself to the EU-US Privacy Shield (https://www.privacyshield.gov/welcome).

Furthermore, personal data may also be used for marketing purposes. For example, the data may be evaluated to define a certain user profile and to use this user profile to target advertising campaigns on this social platform or outside this platform. For this purpose, social platforms may store cookies on the user’s device.

The data processing is based on legitimate interests in the meaning of Article 6 (1) lit. f . GDPR. If the user has been asked by the social platform to agree with the data processing, the legal basis for this data processing is Article 6 (1) lit. a., Art. 7 GDPR.

For further information on the data processing we refer to the privacy policies and related documents of the respective social networks as listed below. We also inform you that LIP has no access to the personal data. In case of  questions we therefore recommend directly contacting the social network as this is the fastest and most efficient way. Please contact us if you need support here.

b) “Follow“ – Button

Our Website provides a Follow-Button for the social network LinkedIN. If you click this button, a connection to our online presence on the respective network will be established. You may then register yourself on this network or – if you already have an account – login and follow our online presence. In this regard we inform you that this a data save static button. This means that the connection to the server of the social network will only be established if and once you click on the button. No data will be transferred to the respective platform just because you visit our website.

19. Newsletter

Our free newsletter informs you regularly by e-mail about new products and promotions.

To order our newsletter we use the so-called double opt-in procedure. To receive a newsletter you must first order the receipt by using a contact form. You will receive a notification email via this registration.  In this notification email, you must confirm by clicking on a link that you are the owner of the e-mail address provided and would like to receive our newsletter. If you confirm your e-mail address, we will save your e-mail address, the time of registration and the IP address used to register until you unsubscribe from the newsletter. The purpose of the storage is to be able to send you the newsletter and prove your registration. By submitting the data you have entered, you consent to the data processing and confirm our data protection declaration.

You can unsubscribe from the newsletter at any time. A corresponding unsubscribe link can be found in each newsletter email. Alternatively, you can send us a respective notification of the unsubscribe request to the contact details provided above or in the newsletter (e.g. by e-mail or letter). The legal basis for processing is your consent in accordance with Article 6 (1) lit. a GDPR. Your data will be deleted within one week after the end of the newsletter reception, provided that no statutory retention obligations conflict with the deletion.

We use market-standard technologies in our newsletters that can be used to measure interactions with the newsletters (e.g. opening the e-mail, clicking links). We use this data in pseudonymous form for general statistical evaluations as well as for the optimization and further development of our contents and customer communication. This is done with the help of small graphics embedded in the newsletters (so-called pixels). The data will be collected exclusively pseudonymously and will not be linked to your other personal data. The legal basis for this is our above-mentioned legitimate interest in accordance with Article 6 (1) lit. a GDPR. If you do not want to analyze usage behavior, you can unsubscribe from the newsletters or disable graphics in your e-mail program by default. The data for the interaction with our newsletters are stored pseudonymously for 30 days and then completely anonymized.

We use CleverReach GmbH & Co. KG, Schafjückenweg 2, 26180 Rastede, Germany (“CleverReach”) to process the sending of newsletters as well as transactional e-mails (e.g. booking confirmations and training reminders). The legal basis for the use of CleverReach for this is our legitimate interest in the efficient sending of the newsletters, Article 6 (1) lit. f GDPR. The e-mail addresses of our newsletter recipients and recipients of transactional e-mails, as well as their other data described in the context of these notices, are stored on servers in Germany. CleverReach uses this information for sending and evaluating the newsletters on our behalf.

You can find the privacy policy of CleverReach under this link https://www.cleverreach.com/en/privacy-policy/

20. Google Analytics

Based on LIP’s legitimate interests (i.e. interest in the analysis, optimization and economic operation of our online offer within the meaning of Article 6 (1) lit. f . GDPR, LIP uses Google Analytics, a web Analysis service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). Google Analytics uses cookies and similar technologies in order to analyse and improve LIP’s websites based on the user’s behaviour.

For evaluation purposes, Google may transfer the data generated in this context to a server in the USA and store it there.  In the event that personal data is transferred to the USA, Google has subjected itself to the EU-US Privacy Shield (https://www.privacyshield.gov/welcome). However, a user’s IP address is shortened before the usage statistics are evaluated. This means that no conclusions can be drawn about an users’ identity. For this purpose, LIP uses Google Analytics only with IP anonymization enabled. This ensures that IP addresses are collected in anonymized form.
Google will process the information generated by the cookies for the purpose of evaluating your use of LIP’s websites, compiling reports on website activity for the website’s operators, and providing other services relating to website usage and internet usage.

You can prevent the storage of cookies

For more information on Google’s use of data, setting and opposition options, please visit the Google Web pages: https://www.google.com/intl/de/policies/privacy/partners (“Data use by Google in your use of websites or apps of our partners”), https://policies.google.com/technologies/ads (“Data use for advertising purposes”), https://adssettings.google.com/authenticated (“Manage information that Google uses to show you ads”).

21.       Integration of third-party services and content

Based on legitimate interests in the meaning of Article 6 (1) lit. f GDPR (i.e. interest in the analysis, optimization and of technical and economic operations of our online offer), LIP uses third-party content or service offerings, for example to enable the hosting of the website, payment processing or to the streaming of videos. If the third-party providers receive personal data of the user (e.g. the IP address of the user), this happens only insofar as the respective data processing is required to fulfill LIP’s contract liabilities towards the customer.

Third parties can also use so-called pixel tags (invisible graphics, also called ”Web Beacons”) used for statistical or marketing purposes. The “pixel tags” can be used to evaluate the visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the user’s device, including technical information on the browser and operating system, referring Web pages, visiting time and other information on the use of our online offer. can also be linked to such information from other sources.

The following list provides an overview of third parties as well as their contents, along with links to their privacy policies which provide further information on the processing of data and, as in some cases already mentioned here, opposition possibilities (so-called Opt-out).

    • Stripe Inc. 185 Berry Street, Suite 550, San Francisco, CA 94108, USA (“Stripe”). Stripe is an external payment service provider used if you wish to process a payment to LIP via credit card.
      The Privacy Policy of Stripe can be accessed here: https://stripe.com/en-de/privacy

In connection with the processing of payments via PayPal or Sripe, LIP does not retain any personally identifiable information or financial information such as credit card numbers. Rather, these data (in particular contact and transaction data such as credit card data or bank details) are forwarded directly to by you to PayPal or Stripe, whose use of your personal data is governed by its privacy policy. The use of an external payment service provider is based on LIP’s legitimate interest in being able to offer you an additional payment option with PayPal or Stripe. The legal basis is Art. 6 Para 1. Lit f GDPR. PayPal and Stripe collect further data for their own purposes such as the prevention of misuse and further development of their products as well as for marketing purposes. The data collected by cookies and other technologies includes in particular communication data (IP address, device identifier, browser version, information on the operating system). The data processing by Stripe partly takes place on servers in the USA. In the event that personal data is transferred to the USA, Stripe has submitted to the EU-US Privacy Shield: https://www.privacyshield.gov/welcome

December 2019, Law in Practice GmbH. Subject to change.