Brunner & Memmhardt GbR
Uta Brunner and Mirko Memmhardt
Brunner & Memmhardt GbR
VAT identification number according to § 27a UStG:
Liability for External Links
Our offer may contain external links to third-party websites. If you follow a hyperlink to any of these websites, please note that we cannot accept any responsibility or guarantee for third-party content or the observance of data protection conditions. The respective operators are solely responsible for the content of linked pages. There was no indication that the content of the page that is accessed by the link does not comply with the legal provisions or violates common decency at the time of linking. The license and usage conditions of the respective operator of the Internet offer apply. However, permanent checking of the linked pages in terms of content is not reasonable without specific evidence indicating a legal infringement. We will immediately remove such contents upon discovery of infringements.
LinkedIn, the LinkedIn logo, the IN logo and InMail are registered trademarks or trademarks of LinkedIn Corporation and its affiliates in the United States and/or other countries.
XING and the X logo are registered trademarks or trademarks of XING SE in Germany and/or other countries.
All other trademarks mentioned are the property of their respective owners. The absence of a trademark notice does not imply that the brand name or trademark is not protected.
Data protection declaration
I. Contact details
The responsible person regarding GDPR and other national data protection laws and regulations is:
II. General information on data protection
1. Scope of personal data processing
We collect and process the personal data of our website visitors only to the extent necessary for the provision of a functioning website and our content and services.
2. Legal basis for processing personal data
Insofar as the processing of personal data is based on the consent of the data subject, Art. 6 (1) (a) GDPR acts as the legal basis.
When processing personal data that is necessary for the fulfillment of an Agreement to which the data subject is a party, Art. 6 (1) (d) GDPR acts as the legal basis. This also applies to processing operations that are necessary for carrying out precontractual measures.
Insofar as the processing of personal data is necessary to fulfill a legal obligation to which the Controller is subject, Art. 6 (1) (c) GDPR serves as the legal basis.
In the event that the vital interests of the data subject or another natural person necessitate the processing of personal data, Art. 6 (1) (d) GDPR acts as the legal basis.
If processing is necessary to safeguard a legitimate interest of the Controller or a third party, and if the interests, fundamental rights and freedoms of the data subject do not outweigh the first-mentioned interest, Art. 6 (1) (f) GDPR acts as the legal basis for the processing.
3. Data deletion and storage period
The personal data of the data subject shall be deleted or its processing shall be restricted as soon as the purpose for the processing no longer applies. Furthermore, data may be processed if so provided under EU or national laws or other provisions to which the Controller is subject. The restriction or erasure of data will be carried out even if the storage period prescribed by the above-mentioned standards expires, unless data storage is a necessity for concluding or carrying out an agreement.
III. General information on data protection
1. Description and scope of data processing
Every time you visit our website, our system automatically collects data and information from the computer system of the accessing computer. The following data (so-called server log files), which your browser automatically transmits to us, are collected:
- Information about the browser type (version used, language settings, etc.)
- User operating system
- User IP address
- Date and time of access
- Websites that the user’s system uses to access our website (website, search engine or link, and so-called referrer URL)
- Website accessed by the user’s system through our website
The data is also stored in the log files of our system. This data is not stored together with the user’s other personal data.
2. Legal basis for data processing
The legal basis for the temporary storage of data and log files is Art. 6 (1) (f) GDPR.
3. Purpose of data processing
The temporary storage of IP addresses by the system is necessary to enable access to the website. To this end, the user’s (visitor’s) IP address must remain stored for the duration of the session.
No evaluation of the data for marketing purposes is undertaken in this context.
The storage of data in log files helps to optimise the website and to guarantee the security of our information technology systems.
These purposes also encompass our legitimate interest to process data in accordance with Art. 6 (1) (f) GDPR.
4. Retention period
The data will be deleted as soon as it is no longer necessary for the achievement of the purpose for which it was collected. In the case of data collection for propose of provision of the website, this purpose will be achieved once the respective session has ended.
In the case of storage of the data in log files, data is deleted no later than within seven days. The storage of data for a longer term is possible (e.g., for security reasons, such as during the investigation of abuse or fraud, and storage for purposes of preserving evidence). In this case, the user’s IP addresses will be deleted or distorted so that they can no longer be associated with the accessing client.
5. Objection and deletion options
The collection of data for provision of the website and storage of data in log files are absolutely necessary for operation of the website. Consequently, the user has no option to object.
IV. Rights of the data subject
If your personal data is processed, you are an affected person (data subject) in the meaning of the GDPR and you have the following rights with respect to the Controller:
1. Right to information
You may ask the Controller to confirm whether your personal data is processed by us.
If such processing takes place, you can request the following information from the Controller:
- (1) the purposes for which the personal data is processed;
- (2) the categories of personal data that are processed;
- (3) the recipients or categories of recipients to which your personal data has been disclosed or is still being disclosed;
- (4) the planned duration of the storage of your personal data or, if specific information is not available, criteria for determining the storage period;
- (5) the existence of a right to rectification or erasure of personal data concerning you, a right to restriction of processing by the Controller or a right to object to such processing;
- (6) the existence of a right of appeal to a supervisory authority;
- (7) all available information on the source of the data if the personal data was not collected from the data subject;
You have the right to request information about whether your personal information has been transmitted to a third country or an international organization. In this connection, you can request the appropriate guarantees in accordance with Art. 46 GDPR in connection with the transmission of information.
2. Right to rectification
You have a right to rectification and/or completion against the Controller, provided your personal data that is subject to processing is incorrect or incomplete. The Controller must immediately make all necessary corrections.
3. Right to restriction of processing
You may request the restriction of the processing of your personal data under the following conditions:
- (1) If you contest the accuracy of your personal information for a period of time that enables the Controller to verify the accuracy of your personal data;
- (2) The processing is unlawful and you refuse to delete the personal data and instead request the restriction of the use of the personal data;
- (3) The Controller no longer requires personal data for the purposes of processing, but you need it to assert, exercise or defend against legal claims, or
- (4) If you have objected to the processing pursuant to Art. 21 (1) GDPR, and it is not yet certain whether the legitimate reasons of the Controller prevail over your reasons for objection.
If the processing of your personal data has been restricted, this data may only be used with your consent or for the purpose of asserting, exercising or defending against legal claims or protecting the rights of another natural or legal person or for reasons of important public interest of the EU or a Member State.
If the limitation of processing is instituted in accordance with the above conditions, you will be informed by the Controller before the restriction is lifted.
4. Right to deletion
a) Obligation of deletion
You may request the Controller to delete your personal information without delay, and the Controller will be required to delete that information immediately if one of the following is true:
- (1) Your personal data is no longer necessary for the purposes for which it was collected or otherwise processed.
- (2) You revoke your consent to data processing in accordance with Art. 6 (1) (a) or Art. 9 (2) (a) GDPR and there is no other legal basis for processing.
- (3) You file an objection to processing in accordance with Art. 21 (1) GDPR and there are no prior justifiable reasons for processing, or you file an objection to processing in accordance with Art. 21 (2) GDPR.
- (4) Your personal data has been processed unlawfully.
- (5) The deletion of your personal data is required to fulfill a legal obligation under EU law or the law of the Member States to which the Controller is subject.
- (6) The personal data concerning you was collected in relation to data processing firm services that are offered pursuant to Art. 8 (1) GDPR.
b) Information that is sent to third parties
If the Controller has made your personal data public and is in accordance with Article 17 (1) GDPR obligated to erase this data, then it is also obligated to inform data controllers who process this personal data that you as a data subject have requested the deletion of any links to such personal data or copies or duplicates of such personal data while taking into account the available technology and the costs of implementation, including appropriate technical measures.
There is no right to erasure if the processing is necessary
- (1) to exercise the right to freedom of expression and information;
- (2) to fulfill a legal obligation required by the law of the EU or of the Member States to which the Controller is subject, or to perform a task of public interest or in the exercise of official authority that is conferred by the Controller;
- (3) for reasons of public interest in the area of public health pursuant to Art. 9 (2) (h) and (i) as well as Art. 9 (3) GDPR;
- (4) for archival purposes of public interest, scientific or historical research purposes or for statistical purposes in accordance with Article 89 (1) GDPR, insofar as the law referred to in Section (a) is likely to render impossible or seriously impair the achievement of the objectives of that processing, or
- (5) to assert, exercise or defend against legal claims.
5. Right to information
If you have exercised your right to have the Controller correct, delete, or limit the processing, this party is obliged to inform all recipients to whom the personal data that concerns you has been disclosed of this correction or deletion of the data or restriction on processing, unless this proves impossible or involves disproportionate effort.
You have a right to be informed about these recipients by the Controller.
6. Right to data portability
You have the right to receive a report of the personally identifiable information that you provide to the Controller in a structured, common, and machine-readable format. In addition, you have the right to pass this data on to another controller without obstruction by the controller to which the personal data was provided, insofar as
- (1) the processing is based on prior consent in accordance with Art. 6 (1) (a) GDPR or Art. 9 (2) (a) GDPR or on the basis of an agreement in accordance with Art. 6 (1) (b) GDPR
- (2) the processing is done using automated procedures.
In exercising this right, you also have the further right to obtain your data that is directly transmitted by one controller to another controller, insofar as this is technically feasible. The freedoms and rights of other persons may not be affected.
The right to data portability does not apply to the processing of personal data that is necessary for the performance of a task in the public interest or in the exercise of official authority that is conferred by the Controller.
7. Right of objection
You have the right at any time, for reasons that arise from your particular situation, to contest the processing of your personal data that is processed pursuant to Art. 6 (1) (e) or (f) GDPR. This also applies to profiling based on these provisions.
The Controller will cease to process your personal data unless it can demonstrate compelling legitimate grounds for processing that outweigh your interests, rights and freedoms, or the processing is for the purpose of asserting, exercising or defending against legal claims.
If your personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for the purpose of such advertising; this also applies to profiling insofar as it is pursued for such direct advertising.
If you object to processing for direct marketing purposes, your personal data will no longer be processed for these purposes.
Regardless of Directive 2002/58/EC, you have the option in a situation where a data processing company service is hired of exercising your right to object to the use of automated procedures that use technical specifications.
8. Right to revoke the informed consent related to data protection
You have the right to revoke your data protection declaration at any time. The revocation of consent does not affect the legality of the processing that was conducted on the basis of the consent before the revocation.
9. Automated decisions in individual cases, including profiling
We forgo automated descisions in indivudal cases or profiling.
10. Right to appeal the decision before a supervisory authority
Without prejudice to any other administrative or judicial remedy, you shall have the right to file a complaint with a supervisory authority, in particular in the Member State of your residence or place of work or the place of alleged infringement, if you believe that the processing of your personal data violates the GDPR.
The supervisory authority to which the complaint has been submitted shall inform the complainant of the status and results of the complaint, including the possibility of a judicial remedy under Art. 78 GDPR.
The Controller’s supervisory authority that is responsible for data protection ist the “Landesbeauftragte für den Datenschutz und die Informationsfreiheit Rheinland-Pfalz”.
As of: February 2019