In this data protection notice Dr. Stefan Shaw, Himmelreichstraße 3, 80538 München, Deutschland, firstname.lastname@example.org (hereinafter “we”, “us”) wish to inform you as the controller pursuant to data protection law of how we process your personal data during your visit to our website „www.legacies-now.com“.
1. Which personal data about you do we collect?
Personal data covers all information about a specific or specifiable natural person which you notify to us or which is generated or collected by us. On our website, this includes in particular Enquiry data: We provide different options for enquiries on our website, where you can opt to seek to get in contact with us, and, when using our form, will provide data entered by you or collected about you in this context. In particular, this may include:
- If you send general or specific enquiries to us using the contact form or email addresses provided on our website, we will process the data specified therein to answer your enquiry.
- If you register for our newsletter using the respective form, we will process your email address for sending our newsletter, provided that you have expressly consented to our newsletter being sent to the email address specified by you.
Server-Logdaten: Wenn Sie unsere Webseiten nutzen, werden auf unseren Servern hierüber Daten (wie Datum und Uhrzeit Ihres Besuchs, aufgerufene Seiten und angeforderte Dateien, Typ und Version des von Ihnen verwendeten Webbrowsers, Typ und Betriebssystem des von Ihnen verwendeten Endgeräts sowie Ihre IP-Adresse) temporär in einer Protokolldatei gespeichert.
Server log data: When you use our websites, data on your usage (such as the date and time of your visit, pages called up and files requested, type and version of the web browser used by you, type and operating system of the end device you use as well as your IP address) is temporarily stored in a log file on our server.
What do we use your personal data for, on what legal basis and for how long?
2.1 Your enquiries
Should you submit enquiries to us via a contact form or per email, we process the information given therein to answer your query as well as the IP address and date/time of the request in order to avoid misuse of the contact form.
The legal basis for the processing is our legitimate interest pursuant to Art. 6 (1) (f) GDPR in providing you with the respective service you requested.
You may oppose the processing of your data on grounds of Art. 6 (1) (f) GDPR. In this case, upon proving mandatory reasons for the processing we can continue the processing. This can, in such case, be particularly necessary in order to prove past queries and communications with you. If no such mandatory reasons exist, we will cease our communication with you and delete already collected data.
This data will be deleted when our communication with you or the respective relationship established by your enquiry has ended, i.e. when the factual situation at issue has been conclusively clarified and no further legitimate interest exists for the storage, respectively no further statutory obligations exist to store such data.
2.2 Information and product development (user data, newsletters, etc.), right to object
We also wish to use the data entered by you in any event or collected during your use of the websites to inform you about our offer, if requested, or to improve our website and our services (product development).
2.2.1 Anonymised usage data
We use the anonymised and/or aggregated data collected with the aid of analysis tools, to be able to understand the surfing behaviour of all visitors and therewith improve the design of our website and of our product range in general. For details of the analysis tools, see point 4 below.
2.2.2 Direct marketing
On our website, you may subscribe to our newsletter, which is free of charge. The data collected upon subscription will be processed (the data provided in the mandatory fields are indispensable for receipt of the newsletter, data in the voluntary fields only serve the purpose of a more personalised contact and selection of the displayed information).
We will contact you by email with information regarding Services that are personally tailored to you and your interests, on the basis of your express consent. In this context, we will also process data on your user conduct after we have sent you emails (e.g. click behaviour). For details refer to 3.1.
You may at any time wholly or partially object to the use of your personal data for purposes of the newsletter and product development as well as the ensuing contact for such purposes by email or may revoke any consents you may have granted. Please use the corresponding functions that are already provided for your use (e.g. the unsubscribe function in the newsletter) or address a corresponding written notification or email to the contact details given in clause 8.
The legal basis for the processing is your consent (Art. 6 (1) (a) GDPR) and our legitimate interests (Art. 6 (1) (f) GDPR.
This data will be deleted by us following your objection, respectively revocation of any consents given, or otherwise upon the end of your use at the latest, respectively it will only be stored in aggregated, anonymised form. To the extent necessary, we will store the fact that you have objected in order to prevent you being contacted further.
2.3 Provision of the website and rendering of services
The processing of the server log data is necessary for technical reasons in order to provide the website and render the services and thereafter to ensure the system security.
The legal basis for the processing is our legitimate interest in providing the website with our services (Art. 6 (1) (f) GDPR).
The processing is a mandatory prerequisite for the use of our website; no objection right is hence available.
This data is deleted after 14 days at the latest.
The server log data may then be assessed in anonymised form for statistical purposes and to improve the quality of our internet presence. There is no link between the server log data and your personal data nor is the server log data combined in any way with other personal data sources.
3. Transfer of the data.
3.1 Transfer of data to data processors
We partially use service providers, in observance of the statutory requirements, by means of data processor relationships, i.e. processing is performed on the basis of a respective contract, for our account, according to our directions and subject to our control.
Data processors are, in particular
- technical service providers whose services we retain for the provision of the website, e.g. service providers for software maintenance, data-processing operations and hosting;
- technical service providers, whose services we retain for the provision of functionalities, e.g. technically required Cookies;
- service providers for the practical execution of sending newsletters, online surveys and analysis Cookies.
In such cases we remain responsible for the data processing; the transfer and processing of personal data to or by our data processors is made on the legal basis upon which we are permitted to process data in each case. No separate legal basis is required.
The email newsletter is dispatched by “MailChimp”, a newsletter distribution platform of the US provider Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA.
The email addresses of our newsletter recipients and their further details described ferin are stored on the MailChimp servers in the USA. MailChimp uses this information to send and evaluate the newsletters on our behalf. MailChimp can by its own admission also use this data to enhance or improve its own services, e.g. to technically enhance the dispatch procedure and display of the newsletter. However, MailChimp will not use the data of our newsletter recipients to contact them itself or forward it to third parties.
The newsletter contain a “web beacon”, i.e. a pixel-size file that is retrieved from the MailChimp server when opening emails. This initially involves technical information being retrieved such as information on the browser and your system as well as your IP address and the time of retrieval. This information is used to make technical improvements to services based on technical data or the target groups and their reading behaviour based on their retrieval locations (that can be determined with the IP address) or access times.
The statistical surveys also involve determining whether the newsletters are opened, when they are opened and which links are clicked on. This information may be assigned to individual newsletter recipients for technical reasons but it is neither our intention nor that of Mail-Chimp to monitor individual users. The evaluations instead help us to recognise the reading habits of our users and to adapt our content to them or to send different content based on our users’ interests.
3.2 Data transfer to third parties
We partially also transmit your data to third parties, i.e. partners with whom we collaborate outside of a contracted processing. Such partners render their services on their own responsibility; the processing of your data by our partners is exclusively governed by the data protection notices of such third party.
To the extent you want to share one of our websites in a social network (e.g. Facebook or Twitter) and for this purpose click one of the “share” buttons, the respective information will be transferred to the social network. Of course, you have to be logged into the respective social network. The legal basis for the transfer is our legitimate interest to provide you with the opportunity to “share”, Art. 6 (1) (f) GDPR.
4. Cookies and web analysis.
4.1 What are Cookies?
We and our partners use so-called “Cookies” to fashion our website in a most user-friendly way. Cookies are small files stored on the user’s device. They allow the storage of information for a determinate period of time and the identification of the user’s device. For this purpose, also tracking-pixel might be used that are not stored on the user’s hard drive, but that may in the same way help to recognize a user’s device. When using the term “Cookie”, this refers to Cookies in the technical sense as well as tracking pixel and other technologies.
4.2 What Cookies do we use on what legal basis and for how long?
On this website we use twotypes of Cookies: (1) Cookies required for technical purposes, without which the functionality of our website would be reduced, (2) optional Cookies for analytics:
4.2.1 Cookies required for technical purposes
These Cookies are indispensable if we want to ensure proper functioning and easy navigation of our website. They allow, e.g., the storage of your language selections. Such Cookies do not collect any information about you for marketing purposes and do not record the sites you visit when surfing the internet. A deactivation of this type of Cookies would reduce all or part of the functions of the website.
The legal basis for this processing is our legitimate interest (Art. 6 (1) lit f GDPR).
These Cookies are specifically set for individual sessions and expire when you leave the website and end the session.
4.2.2 Cookies for analytics / Google Analytics
Analytics Cookies gather general information on how users use a website, e.g. which pages they visit most frequently and whether they receive any error messages from websites. These Cookies do not collect any data that may lead to an identification of the user. All information collected with the aid of such Cookies exclusively serves the purpose to comprehend and improve the functionality and services of the website.
This website uses Google Analytics, a web analysis service of Google Inc. (“Google”). The information regarding your usage of this website generated by the use of Google Analytics is transmitted to and stored on a Google server in the US. However, due to the activated IP anonymisation on this website, Google will previously abbreviate your IP address within the member states of the European Union and in other contracting states under the Agreement on the European Economic Area. Only in exceptional cases will a full IP address be transmitted to a Google server in the U.S., where it will then be shortened. The IP address transmitted by the browser of the user will not be merged with any other Google data.
Google will use this information on our behalf to analyse the usage of our online offer by users, to compile reports on the activities regarding the use of the online offer, and to render further services to us in connection with the use of our online offer and internet usage. In this context, pseudonymous user profiles may be created from the processed data.
Users can prevent the storage of Cookies by adjusting the setting of their browser accordingly; moreover, users can prevent that the data generated by the Cookie on their use of the online offer is transmitted to and processed by Google by downloading and installing the browser plugin available at: tools.google.com/dlpage/gaoptout?hl=de.
The legal basis for this processing is our legitimate interest, because we only use pseudonymized or anonymized data (Art. 6 (1) lit f GDPR).
The data collected by the use of such Cookies will be anonymised prior to analysis. You can deactivate or delete Cookies and the information stored therein at any time (cf. 4.3).
4.2.3 Deactivation of Cookies for analysis
A deactivation of this types of Cookies for analysis purposes does not reduce the functionality of our website. The Cookies of this type presently used by us are offered by the following providers, to whom you may refer for information on /description of the respective Cookies or if you wish to object to their use:
Tool: Google Analytics
Datenschutzinformationen des Anbieters:support.google.com/analytics/answer/6004245?hl=de
Widerspruchsmöglichkeit (Opt-out): tools.google.com/dlpage/gaoptout?hl=de
If you would rather receive information about these Cookies directly from us, please contact us via email at: info[at]legacies-now.com
4.3 How can I deactivate Cookies?
You may deactivate individual Cookies by clicking on one of the links in the above table (possibility to object, opt out). Finally, you may prevent the use of any Cookies whatsoever by adjusting the settings in your browser accordingly. We wish to point out, however, that in such case the functionality of our website will be reduced, if Cookies required for technical purposes are also blocked.
For further information on Cookies and individual providers, you may e.g. refer to www.youronlinechoices.com. Click here to be forwarded directly to the preferences manager.
We use links to other internet presences of us on websites and services of third parties, e.g. to social media channels such as Facebook or Twitter. These third parties are exclusively responsible for the data processing by such other service providers on their websites and their data protection notices apply.
We and our service providers take technical and organisational security measures to protect your personal data managed by us against accidental or deliberate manipulation, loss, destruction or access by unauthorised persons. Our data processing and our security measures are improved on a constant basis according to the technical developments.
The following security measures are used to protect your personal information against misuse or other unauthorized processing:
- Only a limited number of authorized persons have access to personal data for specified purposes. Our employees and our retained service providers are naturally obliged to maintain confidentiality.
- Collected data are only transmitted in encrypted form. During the transfer of your personal data to us it is encrypted with Secure Socket Layer (SSL).
- In addition, sensitive data is only stored or transmitted in encrypted form.
- The IT systems for processing the data are technically isolated from other systems to prevent unauthorized access, e.g. by hacking.
- In addition, access to these IT systems is permanently monitored to detect misuse at an early stage and to ward off it.
7. Your rights to information, correction, blocking or deletion.
Every natural person whose personal data we process has, in principle (i.e. depending on the respective preconditions), the following rights vis-à-vis us:
- Should you have questions regarding our processing of your personal data, we would be pleased to provide you at any time and at no charge with information on the data stored about you (Art. 15 GDPR).
- You have a right to the correction of incorrect data as well as completion of incomplete data (Art. 16 GDPR).
- You have a right to the blocking/limitation of the processing or to deletion of personal data concerning you which is no longer required or stored on grounds of legal obligations (Art. 17, 18 GDPR).
- You have a right to the transfer of the data in a structured, standard and machine-readable format, insofar as you have provided us with the data on grounds of a consent or contract between us and you (Art. 20 GDPR).
- You have the right to object at any time to the processing of your data for direct marketing purposes (cf. also clause 2.2; Art. 21 para. 2 and 3 GDPR).
- You have the right to object to a processing on the basis of legitimate interest, in which case we are entitled to demonstrate our compelling reasons (Art. 21 para. 1 GDPR). We have pointed out above (clause 2) in which cases this right applies.
- Insofar as you have consented to a data processing, you can revoke this consent at any time with effect for the future, i.e. the legality of the data processing remains unaffected until the date of the revocation. After a revocation of consent, you may no longer be able to use our services.
Please address your concerns in writing (reference: data protection) or by email to the contact details given in point 8 below. We reserve the right to check your identity to ensure that your personal data is not disclosed to unauthorised persons.
Furthermore, you are entitled to file a complaint with a supervisory authority for data protection.
For all matters concerning your personal data please contact:
Dr. Stefan Shaw
Hinweis „data protection“
80538 Munich, Germany
From time to time, the content of this data protection notice may have to be modified. We therefore reserve the right to amend them at any time. We will also publish the amended version of the data protection notice at this place. When you revisit us, you should therefore reread the data protection notice.