Data Privacy

We only process the personal data of our users insofar as this is necessary to provide a functional website and our content and services. The processing of personal data of our users takes place regularly only with the consent of the user. An exception applies in cases where prior consent cannot be obtained for factual reasons and the processing of the data is required by law.

 

I. Name and address of the controller

The controller within the meaning of the General Data Protection Regulation (GDPR) and other data protection regulations is:

RESOLVED GmbH 
Linprunstr. 49 
80335 Munich
Germany 
blenk@resolved.legal 
 

 

III. Provision of the website and creation of log files

1. scope and purpose of data processing

To provide our website, we use storage space, computing capacity and software that we rent from the server provider Squarespace as our web host. In addition, data that your browser transmits to our server is automatically processed when you visit our website. This general data and information is stored in the server log files (so-called "server log files"). The following can be recorded:  

  • Browser type and browser version

  • Operating system used

  • Referrer URL (previously visited website)

  • Host name of the accessing computer

  • Date and time of the server request

  • IP address

When using this data and information, we do not draw any conclusions about your person. The purposes we pursue include in particular

  • Provision of our website

  • Provision of our online services and user-friendliness

  • Operation and provision of information systems

  • Content Delivery Network (CDN)

  • Ensuring a smooth connection to the website

  • Clarification of acts of abuse or fraud,

  • Problem analyses in the network

  • Evaluation of system security and stability.

2. legal basis

The legal basis for data processing is Art. 6 para. 1 sentence 1 lit. f GDPR. We have a legitimate interest in being able to provide our website in a technically flawless manner.

3. recipients of personal data

The recipient of your data in this context is our service provider Squarespace, USA. The service provider was carefully selected by us, commissioned in writing and is bound by our instructions. The personal data is transferred to the USA. To ensure an adequate level of data protection at the recipient of your personal data, we have concluded standard contractual clauses of the European Commission for the protection of personal data in accordance with Art. 46 para. 1, 2 lit. c GDPR. For further information, please contact our data protection officer.

We also use a content delivery network (CDN). A CDN is a service with the help of which the content of an online offer, in particular large media files such as graphics or programme scripts, can be delivered faster and more securely with the help of regionally distributed servers connected via the Internet. Therefore, the legal basis is based on the legitimate interests pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR.

The recipient of your data in this context is our service provider Cloudflare, Inc, 101 Townsend St., San Francisco, CA 94107, USA. The service provider was carefully selected by us, commissioned in writing and is bound by our instructions. The personal data is transferred to the USA. To ensure an appropriate level of data protection at the recipient of your personal data, we have concluded standard contractual clauses of the European Commission for the protection of personal data in accordance with Art. 46 para. 1, 2 lit. c GDPR. For further information, please contact our data protection officer.

4. duration of storage

The data is deleted as soon as it is no longer required to fulfil the purpose for which it was collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended. If the data is stored in log files, this is the case after seven days at the latest. Storage beyond this period is possible. In this case, the IP addresses of the users are deleted or anonymised so that it is no longer possible to identify the accessing client.

 

IV. Use of cookies

1. scope and purpose of data processing

Our website uses cookies. Cookies are text files that are stored in the Internet browser or by the Internet browser on the user's computer system. When a user accesses a website, a cookie may be stored on the user's operating system. This cookie contains a characteristic string of characters that enables the browser to be uniquely identified when the website is called up again. We use cookies to make our website more user-friendly. Some elements of our website require that the accessing browser can be identified even after a page change.

From a legal perspective, a distinction must be made between necessary and non-necessary cookies.

1.1 Technically necessary cookies

We use necessary cookies. These are cookies that are technically necessary to provide all the functions of our website. The legal basis for data processing is our legitimate interest within the meaning of Art. 6 para. 1 sentence 1 lit. f GDPR. We have an overriding legitimate interest in being able to offer our website in a technically flawless manner. The legal basis for the use of cookies vis-à-vis our contractual partners who make use of services contractually owed by us via our website is Art. 6 para. 1 sentence 1 lit. b GDPR, the provision of our contractual services.

1.2 Technically unnecessary cookies

We also use non-essential cookies (e.g. preferences, statistics and marketing cookies). These are cookies that are not technically necessary. We use them to understand your behaviour on our website and to improve our offering. The legal basis for data processing is your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR. The cookies are only set after you have given your consent via our "cookie banner".

We also use cookies on our website that enable us to analyse the surfing behaviour of users. This also only takes place after you have given your consent via our "cookie banner". Further information on data processing in connection with technically unnecessary cookies can be found in our cookie banner.

2. duration of storage

With regard to the storage period, a distinction is made between the following types of cookies:

  • Temporary cookies (also: session cookies): Temporary cookies are deleted at the latest after a user has left an online offer and closed his/her end device (e.g. browser or mobile application).

  • Permanent cookies: Permanent cookies remain stored even after the end device is closed. For example, the login status can be saved or favourite content can be displayed directly when the user visits a website again. The user data collected with the help of cookies can also be used to measure reach. If we do not provide users with explicit information on the type and storage duration of cookies (e.g. when obtaining consent), users should assume that cookies are permanent and that they can be stored for up to two years.

If you use a Safari browser version 12.1 or higher, cookies are automatically deleted after seven days. This also applies to opt-out cookies, which are set to prevent tracking measures.

3. cookie banner

3.1 Scope and purpose of data processing

When you visit our website or a sub-website for the first time and it contains cookies, a "cookie banner" will be displayed. There you will be informed about the individual cookies that we use. You can find out the name of each individual cookie, the provider(s), the purpose of processing and the storage period.

Our cookie banner informs you about the specific cookies we use. In addition, we give you the opportunity to decide whether you want to consent to the setting of non-essential cookies. Can be processed:

  • Usage data (e.g. websites visited, time of access)

  • Meta and communication data (e.g. IP address)

3.2 Legal basis

The legal basis for the use of the cookie banner is Art. 6 para. 1 sentence 1 lit. f GDPR. We have an overriding legitimate interest in using the cookie banner, which enables us to obtain the legally required consent for the use of non-essential cookies and to fulfil our duty to provide information regarding cookies.

3.3 Recipients of personal data

Your data will be passed on to the service provider Cookiebot by Usercentrics A/S, Havnegade 39, 1058 Copenhagen, Denmark to the extent necessary as part of order processing. A corresponding order processing contract has been concluded with Usercentrics.

3.4 Duration of storage

The cookie banner stores the preferences until you reset or customise them.

 

V. Site Analytics

 This website collects personal data to power our site analytics, including:

  • Information about your browser, network, and device

  • Web pages you visited prior to coming to this website

  • Your IP address

This information may also include details about your use of this website, including:

  • Clicks

  • Internal links

  • Pages visited

  • Scrolling

  • Searches

  • Timestamps

We share this information with Squarespace, our website analytics provider, to learn about site traffic and activity.

VII Contact options

1. scope and purpose of data processing

It is possible to contact us on our website by e-mail, via the contact form and by telephone. In this case, the user's personal data transmitted by the enquirer will be stored. The data is used exclusively for processing the conversation. The purpose of making contact is to communicate, manage and respond to enquiries.

We process the following personal data:

  • E-mail address

  • Name (first name and surname)

  • Contact reason

  • Text of your message

2. legal basis

The legal basis for the processing of data transmitted in the course of sending an email is Art. 6 para. 1 sentence 1 lit. f GDPR. If the e-mail contact is aimed at the conclusion of a contract, the additional legal basis for the processing is Art. 6 para. 1 sentence 1 lit. b GDPR.

3. duration of storage

The data will be deleted as soon as it is no longer required to fulfil the purpose for which it was collected. For personal data sent by email, this is the case when the respective conversation with the user has ended. The conversation is deemed to have ended when it can be inferred from the circumstances that the matter in question has been conclusively clarified.



 

XII Rights of the data subject

If your personal data is processed, you are a data subject within the meaning of the GDPR and you have the following rights vis-à-vis the controller:

1. right to information (Art. 15 GDPR)

You can request confirmation from the controller as to whether personal data concerning you is being processed by the controller. If such processing is taking place, you can request the following information from the controller:

  • the purposes for which the personal data are processed;

  • the categories of personal data that are processed;

  • the recipients or categories of recipients to whom the personal data concerning you have been or will be disclosed;

  • the planned duration of storage of the personal data concerning you or, if specific information on this is not possible, criteria for determining the storage period;

  • the existence of a right to rectification or erasure of personal data concerning you, a right to restriction of processing by the controller or a right to object to such processing;

  • the existence of a right of appeal to a supervisory authority;

  • all available information about the origin of the data if the personal data is not collected from the data subject;

  • the existence of automated decision-making, including profiling, referred to in Art. 22 (1) and (4) GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.

You have the right to request information as to whether the personal data concerning you is transferred to a third country or to an international organisation. In this context, you may request to be informed of the appropriate safeguards pursuant to Art. 46 GDPR in connection with the transfer.

2. right to rectification (Art. 16 GDPR)

You have a right to rectification and/or completion vis-à-vis the controller if the processed personal data concerning you is incorrect or incomplete.

3. right to restriction of processing (Art. 18 GDPR)

Under the following conditions, you may request the restriction of the processing of your personal data:

  • if you contest the accuracy of the personal data concerning you for a period enabling the controller to verify the accuracy of the personal data;

  • the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;

  • the controller no longer needs the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defence of legal claims, or

  • if you have objected to the processing pursuant to Art. 21 (1) GDPR and it is not yet certain whether the legitimate reasons of the controller(s) outweigh your reasons.

If the processing of personal data concerning you has been restricted, this data - apart from its storage - may only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.

If the restriction of processing has been restricted in accordance with the above conditions, you will be informed by the controller before the restriction is lifted.

4. right to erasure (Art. 17 GDPR)

4.1 Cancellation obligation

You have the right to obtain from the controller the erasure of personal data concerning you without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:

  • The personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed.

  • You revoke your consent on which the processing was based pursuant to Art. 6 para. 1 sentence 1 lit. a or Art. 9 para. 2 lit. a GDPR and there is no other legal basis for the processing.

  • You object to the processing pursuant to Art. 21 (1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21 (2) GDPR.

  • The personal data concerning you has been processed unlawfully.

  • The deletion of personal data concerning you is necessary to fulfil a legal obligation under Union law or the law of the Member States to which the controller is subject.

  • The personal data concerning you was collected in relation to information society services offered in accordance with Art. 8 para. 1 GDPR.

4.2 Information to third parties

If the data controller has made the personal data concerning you public and is obliged to erase it pursuant to Art. 17 (1) GDPR, he/she shall take appropriate measures, including technical measures, taking into account the available technology and the implementation costs, to inform data controllers who process the personal data that you, as the data subject, have requested them to erase all links to this personal data or copies or replications of this personal data.

4.3 Exceptions

The right to erasure does not exist if the processing is necessary

  • to exercise the right to freedom of expression and information;

  • for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;

  • for reasons of public interest in the area of public health in accordance with Art. 9 para. 2 lit. h and i and Art. 9 para. 3 GDPR;

  • for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Art. 89 para. 1 GDPR, insofar as the right referred to in section a) is likely to render impossible or seriously impair the achievement of the objectives of that processing, or

  • for the assertion, exercise or defence of legal claims.

5. right to information

If you have asserted the right to rectification, erasure or restriction of processing against the controller, the controller is obliged to notify all recipients to whom the personal data concerning you have been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves a disproportionate effort.

You have the right vis-à-vis the controller to be informed about these recipients.

6. right to data portability (Art. 20 GDPR)

You have the right to receive the personal data concerning you, which you have provided to the controller, in a structured, commonly used and machine-readable format. You also have the right to transmit this data to another controller without hindrance from the controller to which the personal data has been provided, where

  1. the processing is based on consent pursuant to Art. 6 para. 1 sentence 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR or on a contract pursuant to Art. 6 para. 1 sentence 1 lit. b GDPR and

  2. the processing is carried out using automated procedures.

In exercising this right, you also have the right to have the personal data concerning you transmitted directly from one controller to another, where technically feasible. The freedoms and rights of other persons must not be affected by this.

The right to data portability does not apply to the processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

7. right to object (Art. 21 GDPR)

You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is based on data processing in the public interest pursuant to Art. 6 para. 1 sentence 1 lit. e GDPR or on the basis of our legitimate interest pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR. Please send us an email in this regard to datenschutz@ypog.law.

If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the establishment, exercise or defence of legal claims.

8. right to revoke the declaration of consent under data protection law

You have the right to revoke your declaration of consent under data protection law at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

9. automated decision-making in individual cases including profiling (Art. 22 GDPR)

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision

  1. is necessary for the conclusion or fulfilment of a contract between you and the controller,

  2. is authorised by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests; or

  3. with your express consent.

However, these decisions may not be based on special categories of personal data pursuant to Art. 9 para. 1 GDPR, unless Art. 9 para. 2 lit. a or b GDPR applies and appropriate measures have been taken to protect the rights and freedoms as well as your legitimate interests. With regard to the cases referred to in 1 and 3, the controller shall implement suitable measures to safeguard your rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express your point of view and to contest the decision.

10. right to lodge a complaint with a supervisory authority

You have the right to complain to a supervisory authority responsible for data protection about our processing of personal data.

 

XIII Up-to-dateness and changes to the data protection information

This privacy policy is currently valid and has the following status: November 2023.

If we further develop our website and our offers or if legal or official requirements change, it may be necessary to amend this data protection notice. You can access the current data protection information at any time here.