Data Protection

Many thanks for your interest in our law firm. Data protection is particularly important to us. The use of our website www.simongraeser.law is fundamentally possible without disclosing any personal data. If, however, you decide now or at a later point in time to use or wish to use special services of our law firm via our website, this might require the processing of personal data.

Any processing of personal data, such as your name, address, e-mail address, or telephone number, will always be in line with the General Data Protection Regulation and in compliance with the applicable state-specific data protection provisions for the law firm. This data protection declaration is intended to inform the public about the nature, scope and purpose of the personal data that we collect, use and process. You will also be informed of the rights you are entitled to through this data protection declaration.

Our law firm has implemented numerous technical and organisational measures to ensure that the personal data processed through this website is protected as completely as possible. However, internet-based data transmissions can have security gaps in principle, meaning that absolute protection cannot be guaranteed. This is why you are free to transmit personal data to us by alternative means, for example by telephone.

Name and contact details of the person responsible for the processing:
This data protection information applies to data processing by:

Responsible:
Karin Simon, Susane Graeser
Uhlandstraße 2
D-80336 München
Germany

Accessibility:
E-Mail: contact@simongraeser.law
Phone +49 (0)89 90 42 27 51-0
Fax +49 (0)89 90 42 27 51-9

Collection and storage of personal data as well as type and purpose of its use:

When visiting the website:
By accessing the website www.simongraeser.law information from the browser used on your end device is automatically sent to the server of the website. This information is temporarily stored in a so-called log file. The following information is gathered without your involvement and stored until it is automatically deleted:

• IP address of the accessing computer,
• Date and time of access,
• Name and URL of the file accessed,
• Website from which access was made (referrer URL),
• The browser used and, where applicable, the operating system of your computer as well as the name of your access provider.

We process the aforementioned data for the following purposes:

• Ensuring a smooth connection set-up of the website,
• Ensuring comfortable usage of our website,
• Analysis of the system security and stability as well as
• for other administrative purposes.

The legal basis for data processing is Art. 6 para. 1 p. 1 lit. f GDPR. We have a legitimate interest in collecting the data for the purposes listed above. Under no circumstances do we use the collected data for the purpose of drawing conclusions about you as an individual.

We will not pass on your personal data to third parties for any other purposes than those listed below.

We will only disclose your personal data to third parties if:

• You have given your explicit consent in accordance with Art. 6 para. 1 p. 1 lit. a GDPR,
• the disclosure is necessary in accordance with Art. 6 para. 1 p. 1 lit. f GDPR for the enforcement, exercise or defence of legal claims and there are no grounds for assuming that you have an overriding interest that merits protection in the non-disclosure of your data,
• there is a legal commitment for the disclosure in accordance with Art. 6 para. 1 p. 1 lit. c GDPR, as well as
• if this is legally permissible and necessary for the processing of contractual relationships with you in accordance with Art. 6 para. 1 p. 1 lit. b GDPR.

• in accordance with Art. 15 GDPR to request information about your personal data that we process. More specifically, you have the right to request information about the purposes of processing, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to correction, deletion, restriction of processing or objection, the existence of a right to lodge a complaint, the origin of your data insofar as it has not been collected by us, as well as the existence of automated decision-making including profiling and, where applicable, meaningful information about its details;
• in accordance with Art. 16 GDPR to request the correction of incorrect or incomplete personal data stored by us without delay;
• in accordance with Art. 17 GDPR to request the deletion of your personal data held by us, insofar as the processing is not necessary for exercising the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the enforcement, exercise or defence of legal claims;
• in accordance with Art. 18 GDPR to request that the processing of your personal data be restricted to the extent that the accuracy of the data is disputed by you, the processing is unlawful, but you oppose its deletion and we no longer require the data, but you need it for the enforcement, exercise or defence of legal claims or you have lodged an objection to the processing in accordance with Art. 21 GDPR;
• in accordance with Art. 20 GDPR to obtain your personal data that you have provided to us in a structured, customary and machine-readable format or to request that it be transmitted to another responsible party;
• in accordance with Art. 7 para. 3 GDPR to withdraw your consent at any time. This has the effect of prohibiting us from continuing the data processing that was previously based on this consent in the future; and
• in accordance with Art. 77 GDPR to lodge a complaint with a supervisory authority. You can usually contact the supervisory authority responsible for your usual place of residence or workplace or our registered office for this purpose.

Google Analytics

This website uses functions of the web analysis service Google Analytics. The provider of this service is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Analytics enables the website operator to analyze the behavior patterns of website visitors. To that end, the website operator receives a variety of user data, such as pages accessed, time spent on the page, the utilized operating system and the user’s origin. This data is summarized in a user-ID and assigned to the respective end device of the website visitor.

Furthermore, Google Analytics allows us to record your mouse and scroll movements and clicks, among other things. Google Analytics uses various modeling approaches to augment the collected data sets and uses machine learning technologies in data analysis.

Google Analytics uses technologies that make the recognition of the user for the purpose of analyzing the user behavior patterns (e.g., cookies or device fingerprinting). The website use information recorded by Google is, as a rule transferred to a Google server in the United States, where it is stored.

The use of these services occurs on the basis of your consent pursuant to Art. 6(1)(a) GDPR and § 25(1) TTDSG. You may revoke your consent at any time.

Data transmission to the US is based on the Standard Contractual Clauses (SCC) of the European Commission. Details can be found here: https://privacy.google.com/businesses/controllerterms/mccs/.

The company is certified in accordance with the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the US, which is intended to ensure compliance with European data protection standards for data processing in the US. Every company certified under the DPF is obliged to comply with these data protection standards. For more information, please contact the provider under the following link: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt000000001L5AAI&status=Active

IP anonymization

Google Analytics IP anonymization is active. As a result, your IP address will be abbreviated by Google within the member states of the European Union or in other states that have ratified the Convention on the European Economic Area prior to its transmission to the United States. The full IP address will be transmitted to one of Google’s servers in the United States and abbreviated there only in exceptional cases. On behalf of the operator of this website, Google shall use this information to analyze your use of this website to generate reports on website activities and to render other services to the operator of this website that are related to the use of the website and the Internet. The IP address transmitted in conjunction with Google Analytics from your browser shall not be merged with other data in Google’s possession.

Browser plug-in

You can prevent the recording and processing of your data by Google by downloading and installing the browser plugin available under the following link: https://tools.google.com/dlpage/gaoptout?hl=en.

For more information about the handling of user data by Google Analytics, please consult Google’s Data Privacy Declaration at: https://support.google.com/analytics/answer/6004245?hl=en.

Google Signals

We use Google Signals. Whenever you visit our website, Google Analytics records, among other things, your location, the progression of your search and YouTube progression as well as demographic data (site visitor data). This data may be used for customized advertising with the assistance of Google Signal. If you have a Google account, your site visitor information will be linked to your Google account by Google Signal and used to send you customized promotional messages. The data is also used to compile anonymized statistics of our users’ online patterns.

Contract data processing

We have executed a contract data processing agreement with Google and are implementing the stringent provisions of the German data protection agencies to the fullest when using Google Analytics.

Google Tag Manager

We use the Google Tag Manager. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Google Tag Manager is a tool that enables us to integrate tracking or statistical tools and other technologies on our website. The Google Tag Manager itself does not create any user profiles, does not store any cookies and does not carry out any independent analyses. It is only used to manage and display the tools integrated via it. However, Google Tag Manager records your IP address, which may also be transmitted to Google’s parent company in the United States.
can be transmitted.

The Google Tag Manager is used on the basis of Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the fast and uncomplicated integration and management of various tools on its website. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user’s terminal device (e.g. device fingerprinting) within the meaning of the TTDSG. Consent can be revoked at any time.

The company is certified in accordance with the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA, which is intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified in accordance with the DPF undertakes to comply with these data protection standards. Further
information on this can be obtained from the provider at the following link:

https://www.dataprivacyframework.gov/s/participant-search/participantdetail?
contact=true&id=a2zt000000001L5AAI&status=Active

contact@simongraeser.law

When you visit our website, we use the common SSL (Secure Socket Layer) technology in conjunction with the highest level of encryption that is supported by your browser. This is generally a 256-bit encryption. If your browser does not support 256-bit encryption, we will instead use 128-bit v3 technology. It is possible to tell whether an individual page of our website is transmitted in an encrypted format by the appearance of the closed key or lock symbol in the lower status bar of your browser.

We also make use of appropriate technical and organisational security measures so that your data is protected against accidental or intentional tampering, partial or complete loss, destruction or unauthorised access by third parties. Our security measures are continuously improved to reflect technological developments.

This data protection declaration is currently valid and was updated in May 2022. It corresponds to the recommendation of the German Bar Association (DAV).

It may become necessary to modify this data protection declaration due to the further development of our website and services on it or due to changes in legal or official requirements. The currently valid data protection declaration can be accessed and printed out at any time on the website at https://www.simongraeser.law/en/data-protection.