Data Protection

Data protection policy

Welcome to the website of BOEHMERT & BOEHMERT Anwaltspartnerschaft mbB Patentanwälte Rechtsanwälte (hereinafter: “BOEHMERT & BOEHMERT”). We provide this Data Protection Policy to give you information and advice on how BOEHMERT & BOEHMERT processes personal data.

If you have any questions in this regard, please contact us. You can find our contact information in our Legal Notice. The current version of the information in this Policy can be accessed any time on our website.

Overview:

This Data Protection Policy was last updated on 01.09.2023 and may in future be modified according to changing circumstances, in particular to conform to amendments to legal requirements, the practice of public authorities or case law.

Data processing when visiting our website

In the following, we inform you about the processing of your personal data when visiting our website. During your visit to our website, we collect and process the information sent to us through technically automated means and/or personal data which you voluntarily to us, in particular via our contact form or when ordering the publication, “B&B-Bulletin”.

1. Data controller and data protection officer

The data controller is Boehmert & Boehmert Anwaltspartnerschaft mbB, Patent Attorneys, Attorneys at Law, Hildegard-von-Bingen-Straße 5, 28359 Bremen, Germany, Tel.: +49 (0)421 3409 0, Facsimile: +49 (0)421 3491768.

You can contact our Data Protection Officer at BOEHMERT & BOEHMERT Anwaltspartnerschaft mbB, Patent Attorneys, Attorneys at Law, Hildegard-von-Bingen-Straße 5, 28359 Bremen, Germany, Tel.: +49 (0)421 3409 0, email: datenschutzbeauftragter@boehmert.de.

2. Automated processing of data when using the website

2.1. IP address and log files

a) Explanation and purpose of processing:

We automatically process the following information every time you visit our website:

  • The IP address of your computer or other end device (e. g. tablet or smartphone) and the request(s) sent by your browser
  • the volume of data transmitted, the type and version of browser used, the screen resolution and the operating system used.

The IP address and information on the request(s) from your internet browser are necessary, for technical reasons, for you to visit and use the website; without this data being processed, webpages cannot be accessed and cannot be displayed. The processing of the IP address is anonymized by way of abbreviation or deleted once it is no longer required for technical reasons for you to access or to use the website.

In addition, the above-mentioned data will be processed by us for the following purposes:

  • ensuring a smooth connection to the website,
  • ensuring our website can be used in a convenient manner,
  • analysis of system security and stability and
  • other administrative purposes.

Information on the volume of data transmitted, the type and version of browser used, the screen resolution and the operating system used is collected and processed in order to optimize how content is displayed, to determine the system capacity and to make future modifications and improvements to the website, on the basis of statistical analyses (where applicable).

b) Legal basis:

The legal basis for this processing of data is Art. 6 (1) f) GDPR. The legitimate interest in processing the relevant data is that it makes accessing the website technically possible, optimizes how the content is displayed for the user and enables the continued improvement or optimization of the internet service in the future.

2.2. Use of cookies by our server

a) Explanation and purpose of processing:

We use cookies on our website.

Cookies are small text files which are stored locally, during each visit to our website, on the user’s end device (e.g. PC, smartphone, tablet). They can contain a range of information about the end device used as well as about usage behavior. This information is sent back to the cookie-setting web server with the aim of recognizing a returning user and their settings. You can prevent cookies being stored by adjusting your browser settings accordingly; moreover, you can delete stored cookies using your browser. Preventing or deleting cookies may render, in some circumstances, the use of certain functions of the website impossible or inconvenient.

Specifically, the following cookies are set by our server when our website is accessed:

  • cookieconsent_dismissed: This cookie stores the information as to whether you have clicked on “ok” on the cookie notice banner and prevents it from appearing again when a user returns to the website later. It is automatically deleted after 6 months.
  • PHPSESSIONID: This cookie is a so-called session cookie, which is required for the administration of our website. It is immediately deleted when the user leaves the website.

b) Legal basis:

The legal basis for this processing of data is Art. 6 (1) f) GDPR. The legitimate interest in processing the data is that it enables the use of the website and its functions.

2.3. Cookie management in connection with external media

Call & adjust cookie settings her

In order to obtain and manage your consent to the integration of external media, we use a cookie consent management procedure. In this context, your declaration of consent is stored in order not to have to query it again and to be able to prove consent in accordance with the legal provisions. The legal basis for the processing of your personal data is Art. 6 (1) f) GDPR due to our legitimate interest in requesting your consent for the use of non-essential cookies.

Insofar as you have given your consent to the integration of external media, we integrate videos from the video portal “YouTube”, which is operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter “Google”), on our website. The integration is based on your consent, which can be revoked at any time with effect for the future Art. 6 (1) a) GDPR.

We use the “extended data protection mode” option. When you call up a page on which a video is embedded, a connection is established to the Google servers and the video is displayed. According to the information provided by Google, in “extended data protection mode” your data – in particular the parts of our website that you visit and your IP address – are only transmitted to the Google server in the USA when you watch the video.

In some cases, information is transmitted to the parent company Google LLC, based in the USA. To ensure an adequate level of data protection, Google LLC, USA has certified itself under the EU-US Data Privacy Framework (https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt000000001L5AAI&status=Active).

Further information on data protection in connection with YouTube can be found in Google’s privacy policy (https://www.youtube.com/howyoutubeworks/our-commitments/protecting-user-data/).

2.4. Contact form

a) Explanation and purpose of processing:

You can contact us with any questions or requests via our online contact form or by email. In doing so, the personal data transmitted by you will be processed by us electronically for answering your question or dealing with your request. If you use the online contact form, you must provide a valid email address so that we know who has sent the enquiry. First and last name are not marked as required fields.

The personal data collected in this context will be processed exclusively for the purpose of communicating with you and will be deleted when its storage is no longer necessary or, to the extent legal obligations to retain records exist, its processing is limited, unless further processing is regulated by law.

b) Legal basis:

The legal basis is Art. 6 (1) b) GDPR, if the processing is necessary for the performance of a contract or for the implementation of pre-contractual measures. Otherwise, the legal basis of the processing is our legitimate interest (communication with third parties) according to Art. 6 (1) f) GDPR.

2.4. B&B-Bulletin

a) Explanation and purpose of processing:

You have the possibility, via our website, to register for receiving our regular publication, the B&B Bulletin, which is sent out up to four times per year by email. This publication contains short articles written by the attorneys of BOEHMERT & BOEHMERT covering current legal issues, developments in case law, changes in legislation or official practice and events. In order to register to receive that publication, a separate declaration of consent is required, including the provision of an email address, which is stored solely for the purpose of sending that publication to the specified email.

b) Consent

The e-mails are sent to the e-mail address you have provided based on your prior consent. The consent given by you when registering for the Bulletin has the following content:

I consent to the use and storage of the above data by BOEHMERT & BOEHMERT for the purpose of sending the B&B Bulletin with short articles written by lawyers of BOEHMERT & BOEHMERT on current legal topics, developments in jurisdiction, innovations in legislation or official practice and events via the e-mail. I am aware that I can unsubscribe from the B&B Bulletin at any time, and I can revoke my consent with effect for the future.

Consenting to the subscription to the B&B Bulletin is voluntary and the consent can be revoked at any time with effect for the future by means of a simple declaration (also by e-mail to bulletin@boehmert.de). Each issue of the Bulletin also contains a link at the end which allows you to unsubscribe from the e-mail distribution list and thereby revoing your consent. A revocation has no influence on the legality of the processing carried out based on the consent up to the revocation. It is not possible to obtain the publication without consent.

c) Legal basis:

The legal basis for this processing of data is Art. 6 (1) a) GDPR.

3. Recipients of personal data

The sending of the B&B Bulletin is carried out by an external service provider, to whom the data provided in the application to subscribe to the publication is transmitted based on a controller-processor-agreement (Art. 28 GDPR).

4. Your data subject rights

As a data subject, you have the following rights under the GDPR. You are entitled to these rights under the conditions of the respective data protection regulations:

  • Right of access (Art.15 GDPR)
  • Right to rectification (Art. 16 GDPR)
  • Right to erasure (Art. 17 GDPR)
  • Right to restriction of processing (Art. 18 GDPR)
  • Right to data portability (Art. 20 GDPR)
  • Right to lodge a complaint with the respectively competent data protection supervisory authority (Art. 77 GDPR)
  • Right to object to processing (Art. 21 GDPR)

In the case of an objection, BOEHMERT & BOEHMERT will no longer process the personal data, unless

  • the processing serves the assertion, exercise or defense of legal claims or
  • BOEHMERT & BOEHMERT can prove necessary, legitimate grounds for the processing which override the interests, rights and freedoms of the Data Subject.

5. Automated decision-making including profiling

Automated decisions in individual cases including profiling within the meaning of Art. 22 GDPR do not take place in connection with visiting our website.

The processing of personal data when working on client matters and other persons with a client relationship

In the following, we inform you about the type, extent and purpose of data processing by BOEHMERT & BOEHMERT in relation to the receipt of an instruction to act and the handling of a client matter as well as in relation to other activities of BOEHMERT & BOEHMERT.

1. Data controller and data protection officer

The data controller is Boehmert & Boehmert Anwaltspartnerschaft mbB, Patent Attorneys, Attorneys at Law, Hildegard-von-Bingen-Straße 5, 28359 Bremen, Germany, Tel.: +49 (0)421 3409 0, Fax: +49 (0)421 3491768.

You can contact our Data Protection Officer at BOEHMERT & BOEHMERT Anwaltspartnerschaft mbB, Patent Attorneys, Attorneys at Law, Hildegard-von-Bingen-Straße 5, 28359 Bremen, Germany, Tel.: +49 (0)421 3409 0, email: datenschutzbeauftragter@boehmert.de.

2. The processing of clients’ personal data

When we receive an instruction to act as attorneys, we collect and process the name, address and other contact information (e. g. email addresses, telephone and fax numbers etc.) of the requesting party as well as information related to any facts provided by them, which could also contain personal data. In the course of working on client matters, further personal data could also be stored.

The collection and further processing of this data is carried out for the purposes of establishing and performing the contract of engagement and to carry out pre-contractual steps at the request of the Data Subject, as well as for the purposes of billing the services provided.

The legal basis for this processing of data is Art. 6 (1), b) GDPR.

3. The processing of the personal data of others

In the course of providing its services, BOEHMERT & BOEHMERT also processes personal data of third parties, e.g. those of opposing parties, representatives of opposing parties, contact persons in public authorities, courts and service providers, business contacts etc. This includes in particular contact data (names, addresses, telephone numbers and fax numbers, email addresses etc.) as well as information relating to client matters, which could also contain personal data. Some of this data is collected directly from the Data Subject, some is collected by other means, specifically for the purpose of providing legal advice and representation services to clients of BOEHMERT & BOEHMERT, including the related correspondence and documentation, for the purpose of business communications and in relation to establishing a possible working relationship in the future (e. g. recording contact details of translators, research institutes or other service providers; personal contact details in the course of prior business encounters etc.).

The legal basis for this processing of data is Art. 6 (1), f) GDPR. The legitimate interest is in the proper and effective provision of legal advice and representation services to clients.

To the extent that contractual agreements exist between the data subject and BOEHMERT & BOEHMERT and the processing of personal data occurs in the performance of those agreements, the basis for that processing is Art. 6 (1) b) GDPR. The processing may also be necessary in order to comply with a legal obligation; the basis for processing in that case is Art. 6 (1) c) GDPR.

4. Recipients of personal data / transmission to third countries

  1. In the course of the administrative handling of client matters, personal data is sent to service providers who process that data for a specific purpose on behalf of BOEHMERT & BOEHMERT within the meaning of Art. 28 GDPR on the basis of a contractual agreement for third party processing as per Art. 28 (3) GDPR. Primary examples of this are IT service providers, in particular in respect of the attorney software and technical infrastructure used, and service providers for financial bookkeeping and accounting. All service providers engaged by BOEHMERT & BOEHMERT have signed a contractual agreement with BOEHMERT & BOEHMERT in which they undertake to maintain confidentiality where they come into or could come into contact with information covered by a confidentiality undertaking.
  2. Depending on the type of client matter, personal data may also be transferred in the course of working on the matter to third parties who are not processors. This may include, in particular, recipients in the following categories: opposing parties and representatives thereof, courts, authorities, bailiffs, correspondence attorneys and external counsel, translation service providers, research service providers, consulates, embassies etc.

Such a transmission to third parties will only occur if and to the extent that

  • the transmission is necessary for the performance of the contract of engagement (legal basis: Art. 6 (1) b) GDPR) or
  • this is covered by the client’s consent (legal basis: Art. 6 (1) a) GDPR), or
  • the transmission of data is required to preserve the legitimate interests of BOEHMERT & BOEHMERT or a third party, in particular a client, and these are not overridden by the interests or fundamental rights and freedoms of the Data Subject, which require the protection of personal data (legal basis: Art. 6 (1) f) GDPR).
  1. In connection with the work on client matters, personal data may be transmitted, depending on the individual case concerned, to third countries, namely countries outside the European Union and the European Economic Area (EEA), or international organizations (e. g. authorities, opponents and their representatives, correspondent attorneys etc.). This includes transmission to countries in relation to which the European Commission has not decided that the country ensures an adequate level of protection (Art. 45 (3) GDPR) and possibly also transfers for which no safeguards under Art. 46 GDPR are provided.

To the extent that an adequacy decision has not been adopted and/or suitable safeguards have not been provided, a transmission of that kind will only be made in exceptional cases as per Art. 49 (1) point GDPR, in particular if and to the extent that

  • this is necessary for the performance of the contract of engagement between the client and BOEHMERT & BOEHMERT or to carry out precontractual steps at the request of the client,
  • this is necessary for the conclusion or performance of a contract entered into in the interests of the client by BOEHMERT & BOEHMERT with another natural or legal person,
  • this is necessary for the assertion, exercise and defence of legal claims,
  • an express consent within the meaning of Art. 49 (1) a) GDPR, or
  • the transmission is from a register within the meaning of Art. 49 (1) g) GDPR (e. g. the German Trade Mark and Patent Register).

5. Duration of retention

The mandatory retention period for files by attorneys at law and patent attorneys is currently six years, commencing upon expiry of the calendar year in which the concrete case ended; moreover, the general tax and/or commercial retention periods apply. BOEHMERT & BOEHMERT will store the personal data related to clients and client matters for at least the duration of these time limits.

In addition, BOEHMERT & BOEHMERT will, in individual cases, processes, on the basis of Art. 6 (1) f) GDPR, personal data related to clients and client matters also beyond these statutory retention periods, to the extent that this is appropriate and necessary, in particular in the case of open ended client relationships, for the ongoing maintenance, monitoring, preservation and defense of intellectual property rights and other legal interests. In this regard, in the case of open ended client relationships, the data related to individual matters will not be deleted prior to the end of the client relationship to enable information from completed matters to be taken into account in respect of the advice on current and future matters. Moreover, processing beyond the statutory data retention periods is carried out for the purpose of identifying and preventing conflicts of interest before working on new cases as well as for providing information to clients, including in relation to concluded matters.

Contact data not related to a specific client and/or client matter, concerning, for example contact persons at service providers (e. g. research providers, translators, survey institutes etc.) is stored for as long as this is needed for the purposes described above.

6. Your data subject rights

As a data subject, you have the following rights under the GDPR. You are entitled to these rights under the conditions of the respective data protection regulations:

  • Right of access (Art.15 GDPR)
  • Right to rectification (Art. 16 GDPR)
  • Right to erasure (Art. 17 GDPR)
  • Right to restriction of processing (Art. 18 GDPR)
  • Right to data portability (Art. 20 GDPR)
  • Right to lodge a complaint with the respectively competent data protection supervisory authority (Art. 77 GDPR)
  • Right to object to processing (Art. 21 GDPR)

In the case of an objection, BOEHMERT & BOEHMERT will no longer process the personal data, unless

  • the processing serves the assertion, exercise, or defense of legal claims or
  • BOEHMERT & BOEHMERT can prove necessary, legitimate grounds for the processing which override the interests, rights, and freedoms of the Data Subject.

7. Automated decision-making including profiling

Automated decisions in individual cases including profiling within the meaning of Art. 22 GDPR do not take place in connection with our consulting activities.

Data processing for applicants

The data you provide to us as part of your application will only be used to process your application.

1. Data controller and data protection officer

The data controller is Boehmert & Boehmert Anwaltspartnerschaft mbB, Patent Attorneys, Attorneys at Law, Hildegard-von-Bingen-Straße 5, 28359 Bremen, Germany, Tel.: +49 (0)421 3409 0, Fax: +49 (0)421 3491768.

You can contact our Data Protection Officer at BOEHMERT & BOEHMERT Anwaltspartnerschaft mbB, Patent Attorneys, Attorneys at Law, Hildegard-von-Bingen-Straße 5, 28359 Bremen, Germany, Tel.: +49 (0)421 3409 0, email: datenschutzbeauftragter@boehmert.de.

2. Processing of personal data of applicants

The data required for the application process is processed for the purpose of carrying out an application procedure in compliance with the general data protection regulation.

The legal basis is Art. 6 (1) b) GDPR and Art. 88 (1) GDPR in conjunction with Sec. 26 (1) BDSG (Federal Data Protection Act).

If the data is special categories of personal data (such as health data), which you yourself provide to us, the processing is carried out on the legal basis of Art. 9 (2) b) GDPR in conjunction with Sec. 26 (3) BDSG (Federal Data Protection Act).

Rejected applicants have the option of being accepted into our talent pool. In the event of inclusion, all documents and details from your application will be transferred to the talent pool so that we can contact you by e-mail or telephone in the event of suitable job offers. Inclusion in the talent pool is based exclusively on your consent (Art. 6 (1) a) GDPR). Providing your consent is voluntary and can be revoked at any time with effect for the future without giving reasons at: career@boehmert.de. If you do not provide your consent, you will not be assigned to the talent pool.

3. Recipients of personal data

We only pass on the personal data of applicants within our company to those areas and persons who require this data to fulfill contractual and legal obligations and to implement our legitimate interests. In addition, we use the service providers who support us in the areas of applicant management, IT support and with whom separate contracts for order processing have been concluded as part of order processing.

4. Duration of storage

If the application is unsuccessful, the data will be automatically deleted after six months from the date of rejection. If an employment relationship is established, we will store your application data for as long as it is required for the employment relationship.

Your unsolicited application, which we have received with your consent, will also be deleted after six months from the date of rejection.

Upon submission of a consent for inclusion in the talent pool, we store your personal data for a further 12 months provided following the consent.

5. Your Data subject Rights

As a data subject, you have the following rights under the GDPR. You are entitled to these rights under the conditions of the respective data protection regulations:

  • Right of access (Art.15 GDPR)
  • Right to rectification (Art. 16 GDPR)
  • Right to erasure (Art. 17 GDPR)
  • Right to restriction of processing (Art. 18 GDPR)
  • Right to data portability (Art. 20 GDPR)
  • Right to lodge a complaint with the respectively competent data protection supervisory authority (Art. 77 GDPR)
  • Right to object to processing (Art. 21 GDPR)

In the case of an objection, BOEHMERT & BOEHMERT will no longer process the personal data, unless

  • the processing serves the assertion, exercise, or defense of legal claims or
  • BOEHMERT & BOEHMERT can prove necessary, legitimate grounds for the processing which override the interests, rights, and freedoms of the Data Subject.

6. Automated decision-making including profiling

Automated decisions in individual cases including profiling within the meaning of Art. 22 GDPR do not take place in connection with our application process.

Privacy Policy Social Media

BOEHMERT & BOEHMERT uses various social networks to present itself, to make information available and to get in contact with interested parties or users. These are the following social media platforms:

  • LinkedIn
  • XING
  • Kununu
  • X (formerly Twitter)
  • Instagram

1. Controller and Data Protection Officer

1.1 BOEHMERT & BOEHMERT

The data controller within the meaning of Art. 4 (7) DSGVO for data processing by BOEHMERT & BOEHMERT is BOEHMERT & BOEHMERT Anwaltspartnerschaft mbB Patentanwälte Rechtsanwälte, Hildegard-von-Bingen-Straße 5, 28359 Bremen, Germany, Tel: +49 (421) 3409 0, Facsimile: +49 (421) 3491768.

The data protection officer can be reached at BOEHMERT & BOEHMERT Anwaltspartnerschaft mbB Patentanwälte Rechtsanwälte, Hildegard-von-Bingen-Straße 5, 28359 Bremen, Germany, Tel: +49 (421) 3409 0, E-Mail: datenschutzbeauftragter@boehmert.de.

1.2 LinkedIn

The data controller for data processing by LinkedIn (see under sec. 2.2.) is LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland.

You can contact LinkedIn’s data protection officer via the form at: https://www.linkedin.com/help/linkedin/ask/TSO-DPO.

We have entered into agreements as joint controllers with LinkedIn in connection with the use of Insights data, which govern the terms of use of our online presences and similar appearances. More about this under sec. 4.

1.3 Xing und kununu

The data controller for XING and kununu (see under sec. 2.2.) is New Work SE, am Strandkai 1, 20457 Hamburg, Germany, Tel.: +49 40 419 131-0, Fax: +49 40 419 131-11, E-Mail: info@xing.com.

The data protection officer is Felix Lasse, Am Strandkai 1, 20457 Hamburg, Germany, E-mail: Datenschutzbeauftragter@xing.com

1.4 X (formerly Twitter)

The data controller for data processing by Twitter (see under sec. 2.2.) for individuals living in the European Union, EFTA countries or the United Kingdom is Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2 D02 AX07, Ireland.

You can contact Twitter’s data protection officer via the form at: https://twitter.ethicspointvp.com/custom/twitter/forms/data/form_data.asp.

1.5 Instagram

The controller for data processing by Instagram is Meta Platforms Ireland Ltd, 4 Grand Canal Square, Dublin 2, Ireland.

The data protection officer of Meta Platforms Ireland Limited can be contacted at: https://www.facebook.com/help/contact/540977946302970.

2. Purpose of the data processing

2.1 Data processing by BOEHMERT & BOEHMERT

The data you enter on our social media pages, such as comments, likes, public messages, etc., will be processed by us if applicable to respond to your comments or communicate with you via social media platform. The data processing is carried out in the interest of our public relations and communication in order to ensure the broadest possible presence on the Internet. In this context, we use the analysis function provided to us by the respective platform to obtain statistical evaluations of the use of our site. These statistics include, among other things, demographic and geographic information (e.g., location, industry, field of activity, career) as well as data on interaction with our social media page (e.g., likes, shares). We do not obtain any direct knowledge of the identity of the user in the process. Our Instagram and X accounts do not statistically analyse users.

2.2. Data processing by network operators

When you visit our social media sites, data may also be processed by the platform operator itself. If you are logged into your social media account and visit our social media site, the respective platform operator can assign this visit to your user account. In addition, your personal data may be collected even if you are not logged in or do not have an account with the respective network operator. In this case, this data collection takes place through the collection of your IP address, via cookies or other technical measures that are stored on your terminal device. For details about the collection and storage of your personal data as well as about the type, scope, and purpose of their use by the network operator of the respective social network, please refer to the terms of use and privacy policy of the respective network operator, as we have no influence on these data processing activities. The privacy policy of the respective network operator can be found here:

LinkedIn: under https://de.linkedin.com/legal/privacy-policy?trk=homepage-basic_footer-privacy-policy

XING und kununu: under https://www.xing.com/legal/data-processing-policy

X: under https://twitter.com/de/privacy

Instagram: under https://privacycenter.instagram.com/policy

3. Legal Basic of the data processing

The legal basis for the above data processing by us is Art. 6 (1), f) based on our legitimate interest in an effective corporate presence as well as Art. 6 (1), b) GDPR in order to contact our customers or interested parties, for example, if they have contacted us via the respective platform operator for the purpose of initiating business.

4. Content of joint responsibility in terms of Art. 26 GDPR

Regarding to the statistical evaluation of the use of our websites on LinkedIn (so-called Insights Data), we are not solely responsible, but together with LinkedIn. According to Art. 26 GDPR, joint responsibility exists when two or more controllers jointly determine the purposes and means of the processing. Joint responsible parties specify in an agreement, which of them fulfills which obligation, in particular as regards the exercise of the rights of the data subject, and who fulfills which information obligations under Articles 13 and 14. We have entered into a joint responsibility agreement with LinkedIn. LinkedIn agrees to take responsibility under the GDPR for providing Insights Data and will comply with all applicable obligations under the GDPR with respect to its processing of Insights Data (including, but not limited to, Articles 12-22 and Articles 32-34 of the GDPR). This means that LinkedIn will, among other things, ensure that you are informed about the data being processed and support your rights of access and erasure. LinkedIn decides in its sole discretion how to comply with its obligations under this Addendum. You may assert your data subject rights against us and LinkedIn. To the extent your rights need to be asserted against LinkedIn, we will forward your request to LinkedIn. Our agreement with LinkedIn can be found here: https://legal.linkedin.com/pages-joint-controller-addendum.

5. Transfer of Data in third countries

We generally process your personal data only in Germany and in the European Union.

It cannot be ruled out that LinkedIn, XING, kununu, Instagram and X may also process some of the data collected outside the EU and the European Economic Area (“third countries”). If data is transferred to the USA, this is done on the basis of the adequacy decision between the EU and the USA (EU-U.S. Data Privacy Framework). The platforms described above have been certified accordingly.

6. Duration of storage

The data collected directly by us via social media will be deleted from our system as soon as the purpose for storing it no longer applies. The statutory provisions – in particular statutory retention periods – remain unaffected.

We process the data that you have communicated to us publicly via comment functions for as long as it can be viewed by us. You can determine the visibility of this data yourself, for example by removing or deleting it. We do not store any data beyond this.

We have no influence on the storage period of your data that is stored by platform operators for their own purposes. For details, please contact the platform operator directly.

7. Your Data subject Rights

As a data subject, you have the following rights under the GDPR. You are entitled to these rights under the conditions of the respective data protection regulations.

  • Right of access (Art. 15 GDPR)
  • Right to rectification (Art. 16 GDPR)
  • Right to erasure (Art. 17 GDPR)
  • Right to restriction of processing (Art. 18 GDPR)
  • Right to data portability (Art. 20 GDPR)
  • Right to lodge a complaint with the respectively competent data protection supervisory authority (Art. 77 GDPR)
  • Right to object to processing (Art. 21 GDPR)

In the case of an objection, BOEHMERT & BOEHMERT will no longer process the personal data, unless

  • the processing serves the assertion, exercise, or defense of legal claims or
  • BOEHMERT & BOEHMERT can prove necessary, legitimate grounds for the processing which override the interests, rights, and freedoms of the Data Subject.

8. Automated decision-making including profiling

Automated decisions in individual cases, including profiling within the meaning of Art. 22 GDPR, do not take place.