1. Name and address of the controller for processing

The controller within the meaning of the GDPR, other data protection laws applicable in the Member States of the European Union and other provisions having the character of data protection legislation is:

Rechtsanwälte Dr. Frank Kebekus et Ralf Zimmermann 
Kebekus et Zimmermann GbR
Ehrenhof 3
40479 Düsseldorf
Telephone: +49 211 49 76 59-0
Internet: kebekus-zimmermann.de 
email: rechtsanwaelte[a]kebekus-zimmermann.de

2. Name and address of the data protection officer

The data protection officer for the controller for processing is:

Tanja Müller
Kebekus et Zimmermann Rechtsanwälte
Ehrenhof 3
40479 Düsseldorf
Telephone: +49 211 49 76 59-0
email: datenschutz[a]kebekus-zimmermann.de

3. General data privacy statement and scope of validity

By using the website of the law firm Kebekus et Zimmermann, you declare that you agree to allow data to be collected, processed and used as described below. 

You can in principle visit our website without having to register. When you visit, data such as the pages accessed, the names of the file accessed, the date and the time of access will be stored on the server for statistical purposes, but these data will not be associated directly with you personally. Personal data, such as in particular your name, address or email address, are collected on a voluntary basis. Your data will not be forwarded to third parties without your consent.

As the controller responsible for processing, we have implemented many technical and organisational measures to ensure the most seamless protection possible of the personal data processed through this website. Gaps in security may arise when transmitting data over the internet, however, therefore absolute protection cannot be guaranteed. For this reason, every data subject is free to use alternative ways of providing us with personal data, such as by telephone. 

How personal data are handled

Personal data are pieces of information that enable a person to be identified, i.e. details that can be traced back to a particular person. They include the name, email address or telephone number. However, data about preferences, hobbies, memberships or what web pages someone has viewed are also personal data.

The provider only collects, uses and forwards personal data if this is allowed by law or the data subject consents to the collection of such data.

The legal bases of data protection are the EU’s General Data Protection Regulation (GDPR) and the German Telemedia Act (Telemediengesetz, TMG).

4. How to contact us

On our website you can contact us using the email address provided. If you get in touch with us using this channel, the personal data provided in this way will be processed and stored. This storage is purely for the purposes of dealing with your enquiry or contacting you. The data are is not forwarded to third parties.

5. Information for participants in insolvency proceedings

Participants in one of the insolvency proceedings we are handling can find out directly about the status of the particular insolvency proceedings. To register, the participants in the proceedings must identify themselves using the court reference number and a PIN code. No further data are processed for this disclosure.

6. Data privacy in applications and the application process

If you send your application to us electronically, we will collect and process your personal data for the purpose of completing the application process. You can send an application to the email address duesseldorf[a]kebekus-zimmermann.de. If we enter into an employment contract with the applicant, the transmitted data will be processed for the purposes of the employment relationship, having due regard for statutory regulations. If no employment contract comes about, the application documents will be deleted two months after notification of the rejection, unless deletion conflicts with any other legitimate interests of the controller. A legitimate interest within the meaning of this section is, for instance, a duty to keep evidence in proceedings under the German General Equal Treatment Act (Allgemeines Gleichbehandlungsgesetz, AGG).

7. Routine erasure and blocking of personal data

We process and store personal data of data subjects only for as long as is necessary to achieve the purpose of the storage. They may be stored for longer if this has been provided for by European or national regulators in Union regulations, laws or other provisions to which the controller for processing is subject. 

As soon as the purpose of storage lapses or a specified storage period stated in the regulations expires, the personal data are routinely erased or blocked.

8. Legal basis for the processing

Where we obtain the consent of the data subject for the processing of personal data, the legal basis for doing so is point (a) of Article 1 (1) of the General Data Protection Regulation (GDPR). Your visit to our site is voluntary. These data are therefore processed based on your consent. The same applies for your registration for creditor information, because the use of this service on our site is voluntary.

Where processing is necessary for the purposes of a legitimate interest pursued by us or a third party, and if your interests, basic rights or basic freedoms do not override the former interest, the legal basis for the processing is point (f) of Article 6 (1) GDPR. Our legitimate interest lies in the performance of our business activities. 

9. Rights of the data subject

If your personal data are processed, you are a data subject within the meaning of the GDPR and you have the following rights vis-à-vis the controller:

Right of access

You can demand confirmation from the controller of whether we process personal data concerning you. 

Where such processing takes place, you can demand details from the controller concerning the following information:

a. the purposes for which the personal data are being processed;

b. the categories of personal data being processed;

c. the recipients or the categories of recipients to whom the personal data concerning you were disclosed or are being disclosed;

d. the planned duration of storage of the personal data concerning you or, if concrete details of this are not possible, criteria for determining the storage period;

e. the existence of a right to rectification or erasure of the personal data concerning you, of a right to restriction of processing by the controller or of a right of objection to this processing; 

f. the existence of a right of complaint to a supervisory authority;

g. all available information about the origins of the data, if the personal data were not collected from the person concerned;

You also have the right to demand information on whether the personal data concerning you are transferred to a third country or an international organisation. In connection with this, you may request to be informed regarding the appropriate safeguards pursuant to Art. 46 GDPR in connection with transfer.

Right to rectification 

You have a right to rectification and/or completion vis-à-vis the controller if the processed personal data concerning you are incorrect or incomplete. The controller must bring about the rectification without undue delay.

Right to restriction of processing

Under the conditions set out below, you can demand that the processing of the personal data concerning you be restricted:

a. if you dispute the accuracy of the personal data concerning you, for a period of time that enables the controller to verify the accuracy of the personal data;

b. if the processing is unlawful and you refuse the erasure of the personal data and instead request the restriction of use of your personal data;

c. if the controller no longer needs the personal data for the purposes of the processing, but you require this for the establishment, exercise or defence of legal claims; or

d. if you have lodged an objection to the processing pursuant to Art. 21 (1) GDPR pending verification of whether the legitimate grounds for the controller override your grounds.

If the processing of the personal data concerning you were restricted, these data may – with the exception of storage – only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.

If processing were restricted in accordance with the above requirements, you will be informed by the controller before the restriction is lifted.

Right to erasure

You can demand that the controller erase any personal data concerning you without undue delay and the controller will be obliged to erase such data without undue delay unless one of the following grounds exists:

a. the personal data concerning you are no longer necessary in relation to the purposes for which they were collected or otherwise processed;

b. you withdraw consent on which the processing was based pursuant to point (a) of Art. 6 (1) GDPR or point (a) of Art. 9 (2) GDPR and there is no other legal basis for the processing; 

c. you object to the processing pursuant to Art. 21 (1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21 (2) GDPR; 

d. the personal data concerning you have been unlawfully processed; or 

e. the personal data concerning you have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject. 

The right to erasure does not exist to the extent that processing is necessary

a. for exercising the right to freedom of expression and information;

b. for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;

c. for reasons of public interest in the area of public health in accordance with points (h) and (i) of Art. 9 (2) as well as Art. 9 (3) GDPR;

d. for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Art. 89 (1) GDPR in so far as the right referred to in paragraph (1) is likely to render impossible or seriously impair the achievement of the objectives of that processing; or

e. for the establishment, exercise or defence of legal claims.

Right to be informed

If you have exercised your right to have the controller rectify or erase the personal data concerning you or restrict their processing, the controller is obliged to communicate this rectification or erasure of the data or restriction of processing to all recipients to whom personal data concerning you have been disclosed, unless this proves impossible or involves disproportionate effort.

You have a right vis-à-vis the controller to be informed of these recipients.

Right to object

You have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you which is carried out on the basis of point (e) or point (f) of Art. 6 (1) GDPR. 

The controller will no longer process the personal data concerning you unless it can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.

Right to revocation of the declaration of consent under the privacy law

You have the right at any time to withdraw consent given under data protection regulations. Withdrawal of consent does not affect the lawfulness of the processing based on consent prior to the withdrawal.

Right to lodge a complaint with a supervisory authority

Notwithstanding any other remedy in administrative law or through the courts, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement, if you believe that the processing of the personal data concerning you infringes the GDPR. 

The supervisory authority with which the complaint was lodged will inform the complainant on the progress and the outcome of the complaint, including the possibility of a judicial remedy pursuant to Art. 78 GDPR.

11. Creation of log files

Every time the website is accessed, the company records data and information by means of an automated system. These are stored in the log files of the server. 

The following data may be collected:

(1) Information about the browser type and version used

(2) The user's operating system

(3) The user's internet service provider

(4) The user's IP address

(5) The date and time of access

(6) Web pages from which the user's system reached our website (referrer)

(7) Web pages called up by the user's system via our website

These data are processed in order to deliver the content of our website, ensure the functional capability of our IT systems and optimize our website. The data of the log files are always stored separately from other personal data of users.

12. Data privacy statement for cookies

Our website uses cookies. These are small text files that make it possible to store specific user-related information on the user's device while they are using the website. Cookies in particular enable the frequency of use and the number of users of the pages to be determined and the patterns of site usage to be analysed, but also to make our site more user-friendly. Cookies remain stored beyond the end of a browser session and can be retrieved again the next time the site is accessed. When you visit our website, a pop-up window telling you about the use of cookies appears. If you do not want to have cookies constantly sent, you should change your browser settings so that it refuses cookies. This is done by enabling the option “I do not consent” to the use of cookies. By continuing to use the website, you implicitly consent to the use of cookies.

13. Data privacy statement for Google Analytics
We do not use Google Analytics.

14. Google web fonts

To ensure consistency in the presentation of fonts, this site uses web fonts provided by Google. When a page is accessed, your browser loads the necessary web fonts in your browser cache so that text and fonts can be displayed correctly.

This requires the browser you are using to establish a connection to Google’s servers. Google therefore learns that our website was accessed from your IP address. Google web fonts are used in order to present our online products in a consistent and appealing way. This is a legitimate interest within the meaning of point (f) of Art. 6 (1) GDPR.

If your browser does not support web fonts, your computer will use a standard font.

Further information about Google web fonts can be found at developers.google.com/fonts/faq  and in Google's data privacy statement: www.google.com/policies/privacy.