avocado rechtsanwälte is committed to protecting the privacy of visitors to its website. This notice describes how your personal data are processed.
Collection and processing of personal data
a) When visiting the website
When you visit our website www.avocado.de, the browser used on your device automatically sends information to the server of our website. This information is temporarily stored in a so-called log file. The following personal data will be collected without your intervention and stored until they are automatically deleted:
Your personal data will be processed by us for the following purposes:
The legal basis for data processing is Art. 6 1. (f) GDPR. Our legitimate interest follows from the purposes listed above for the collection of data. Under no circumstances do we use the collected data for the purpose of determining your identity.
The personal data are collected anonymously and cannot technically be assigned to specific persons. The personal data are not merged with other data sources; the data are deleted after statistical evaluation and are not stored as an individual data record.
With every access to our websites and with every retrieval of a file, static IP addresses are also recorded and automatically stored in a log file of the server. Under certain circumstances, static IP addresses may allow conclusions to be drawn about the person of the user. To this end, we neither carry out evaluations nor use such data for our own advertising purposes or make them available to third parties.
b) When subscribing for current information/invitations/news
If you have explicitly consented in accordance with Art. 6 1. (a) GDPR, we will use your e-mail address to send you current information on a regular basis. To receive this news, it is sufficient to provide an e-mail address.
You can unsubscribe at any time by sending an e-mail to news(at)avocado.de.
c) Other data collection, contact
Apart from that, you can visit our websites without providing any personal information. However, you can decide to do this by filling out forms in various areas of our website, such as
Such personal information provided on this website will be used for the purposes described in the relevant part of the website and for other purposes for which you give your consent. The legal basis is Art. 6 1. (a) GDPR (explicit consent) and Art. 6 1. (b) GDPR (performance of contract).
Disclosure of data
Your personal data will not be transferred to third parties for purposes other than those listed below. We will only pass on your personal data to third parties if:
Storage
Your data will be kept and stored for as long as this is necessary for the purpose for which the data were permissibly collected or as required by law or legal obligations.
Cookies
We use cookies on various websites to make visiting our website attractive and to enable the use of certain functions. These are small text files that are stored on your computer. Most of the cookies we use are deleted from your hard drive at the end of the browser session (so-called session cookies). Other cookies remain on your computer and enable us to recognize your computer during your next visit (so-called long-term cookies). These cookies are used to save the individual selections made by the visitor (e.g. the parameters when performing a search) in order to restore them to their original state when the respective website is visited again. The generated cookies expire after closing the browser or after closing the last browser window. Cookies are also used for unpersonalized statistics. The generated cookies have an expiry time of max. three months.
The data processed by cookies are necessary for the purposes mentioned to safeguard our legitimate interests and those of third parties pursuant to Art. 6 1. (f) GDPR.
You can set your browser in a way that you are informed about the setting of cookies, decide on the acceptance of cookies on a case-by-case basis or generally exclude the acceptance of cookies. If cookies are not accepted, the functionality of our website may be restricted.
aa) Provider of the tool
Microsoft Office is software from Microsoft Ireland Ltd, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland (hereinafter: "Microsoft").
bb) Functions used, processing purposes
Teams is used as a collaboration and communication platform. Teams allows you to set up various project rooms and channels and offers a wide range of collaboration options.
Chats can be activated within teams. Private chats and channel chats (posts) are possible. Private chats only take place between direct participants and can be encrypted end-to-end. Public channel chats (or "posts") are messages within a channel in a team room. Within a team room, all participants can read these chats. Both types of chat messages are persistent by default in Teams, i.e. they are not deleted after a certain period of time. Message policies" can be used to specify who can delete chat messages: the owner of a team, the author of the message, or both. Retention policies can be used to define rules with which chat messages are automatically deleted after a certain period of time. A distinction can be made here between private chat messages and channel chats.
OneNote is used for internal note-taking functions. These are administrative functions such as client-related fee calculations or personnel and financial information.
cc) Responsibilities, instructions for invitations to teams
If you receive a request from us to participate in a Teams meeting, you must either install the corresponding MS app or call up the corresponding Microsoft website within the browser. In both cases, data processing by Microsoft takes place, the scope of which we will inform you about below. With the invitation to the meeting, you will receive information from us about , the possibility of accessing the data protection information presented here and any configuration options. No Microsoft account required participate in a meeting.
dd) Processed data and legal bases
The scope of data processing depends on the purpose of the call and the optional data that can be entered. The following personal data is collected and processed:
User name, first and last name (optional), telephone (optional), e-mail address, profile picture (optional).
Meeting data / log data:
Topic, description (optional), IP addresses, device/hardware information, meeting ID, date, time, dial-in telephone number if applicable.
For recordings (optional):
Video, audio and presentation recordings and documentation of the visible chat content.
The legal basis for the implementation of the Teams conference is Art. 6 para. 1 lit. b) GDPR (fulfilment of contract), insofar as the implementation is necessary within the framework of the mandate relationship, otherwise the legal basis is Art. 6 para. 1 lit. f) GDPR (legitimate interest). Our interest lies in the effective organisation of online meetings; in view of the security measures described below, it cannot be assumed that the interests of the data subjects prevail.
The corresponding texts are saved here depending on your entries. The texts are permanently available in the meeting as long as it is active.
The legal basis for the processing of chat data is Art. 6 para. 1 lit. b) GDPR (fulfilment of contract), insofar as the chat content is necessary for the exchange of information within the scope of the client relationship, otherwise the legal basis is Art. 6 para. 1 lit. a) GDPR (implied consent through voluntary entry of data).
The note function allows the permanent storage of information, depending on the corresponding input. As a rule, this is the administrative data mentioned in the processing purpose.
The legal basis for the processing of the OneNote data is Art. 6 para. 1 lit. b) GDPR (fulfilment of contract), as the note content is required for the exchange of information within the scope of the client relationship.
ee) Data transfer
The data relating to the use of Microsoft tools will not be passed on to third parties unless this is exceptionally necessary for the fulfilment of a mandate.
ff) Technical and organisational security measures/data transfer outside the EU/EEA
General information on order processing by Microsoft and Bechtle IT
The Microsoft tools are used on the basis of an order processing contract with Microsoft in accordance with Art. 28 GDPR. The provisions of Art. 28 GDPR, in particular Art. 32 GDPR on the security of the processed data, are complied with. Microsoft processes the following personal data as part of Microsoft Teams: support and feedback data, diagnostics and service data; optional uses beyond this for own purposes are contractually excluded (docs.microsoft.com/de-de/microsoftteams/teams-privacy).
The use is technically mediated by our other processor in accordance with Art. 28 GDPR Bechtle AG, Bechtle Platz 1, 74172 Neckarsulm, kontakt@bechtle.com, telephone: + 49 7132 981-0, the data protection information can be found at www.bechtle.com/privacy-policy.
Microsoft Teams is a tool from Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, United States of America. The European branch of Microsoft, Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland is our processor for the provision of the tool. According to MS, the concerns of the supervisory authority (DSK AG) have been taken into account in that log data storage has only taken place in the EU since 1 January 2013. Emergency administrative access to log data from the USA has been excluded since 31 December 2013, and all administrative data is then only stored in the EU and can only be accessed there.
This is done on the basis of Commission Implementing Decision (EU) 2019/914 of 4 June 2021 on standard contractual clauses for the transfer of personal data to third countries pursuant to Regulation (EU) 2016/976 and the following entry in the Data Privacy Framework to ensure a European level of data protection (www.dataprivacyframework.gov/list):
Microsoft Corporation
Industries
Information and Communications Technology
Software
Participation
EU-U.S. Data Privacy Framework : Active
Original Certification Date
08/12/2016
Next Certification Due Date
09/13/2024
Data Collected
HR and Non-HR Data
UK Extension to the EU-U.S. Data Privacy Framework : ActiveOriginal Certification Date
08/10/2023
Next Certification Due Date
09/13/2024
Data Collected
HR and Non-HR Data
Purpose of Data Collection
Microsoft uses the data we collect to provide rich, interactive experiences. In particular, we use data to: -- Provide our products, which includes updating, securing, and troubleshooting, as well as providing support. It also includes sharing data, when it is required to provide the service or carry out the various business and consumer services; enabling sales and other transactions; conducting data analysis to improve products and services; and/or maintaining marketing relationships. We use data to operate our business, which includes analyzing our performance, meeting our legal obligations, developing our workforce, and doing research.
Privacy Policy
HR Data
Name
Microsoft Data Privacy Notice
Description
The Microsoft Data Privacy Notice describes the collection and use of personal employment data of employees, external staff, candidates and guests. The Notice is available to employees on Microsoft internal and external websites, systems, tools and applications used by employees, external staff, candidates, and guests to enter, edit or view their personal data. For description about Data Privacy Framework, please see the section "Where we store and process personal data”: go.microsoft.com/fwlink/
Effective Date
09/14/2023
Non-HR Data
Name
Microsoft Privacy Statement
Description
The Microsoft Privacy Statement explains the personal data Microsoft processes, how Microsoft processes it, and for what purpose. For a description of our participation in EU-U.S. Data Privacy Framework, Swiss-U.S. Data Privacy Framework, and UK Extension to the EU-U.S. Data Privacy Framework, please expand the "Other important privacy information" section and see "Where we store and process personal data": go.microsoft.com/fwlink
Effective Date
08/23/2023
Policy Link
https://go.microsoft.com/fwlink?linkid=521839
Verification Method
Self-Assessment
Additional measures taken / information on data protection-compliant use
We have also taken the following measures through our service provider Bechtle IT to comply with the instructions of the data protection authorities, in particular the instructions of the EDPS of 11 March 2024 (Press release "European Commission's use of Microsoft 365 infringes data protection law for EU institutions and bodies"):
Notes for your use:
You can take the following measures to minimise the processing of personal data:
gg) Data erasure, storage duration
Log data in MS Teams is stored for 90 days. Chat data and OneNote data will only be stored for as long as required by the legal basis, i.e. chat data will only be stored until it has been transferred for further client processing. Data in OneNote will be stored for as long as this corresponds to the general storage principles of avocado rechtsanwälte for client processing.
You can access our YouTube channel without providing any personal information. In individual cases, however, we process your personal data, for example if you communicate with us via the YouTube channel. If you provide us with information about third parties, such as spouses or relatives, we assume that you have given us your prior consent to do so. We would like to point out that you use the YouTube website and its functions on your own responsibility. This applies in particular to the use of interactive functions (e.g. commenting, sharing, rating).
To set up the YouTube channel, we have selected the most privacy-friendly settings possible. For data processing by the YouTube platform, please refer to Google's privacy policy, which you can access via the following link: https://policies.google.com/privacy?hl=de.
As the provider of the YouTube channel, we only collect and process the statistical data automatically provided to us by YouTube regarding the use of the channel. In addition, we may process your personal data to moderate the comment function or to respond directly to enquiries addressed to us. The legal basis for this is the fulfilment of the purpose of the contract (answering or directly commenting on questions) in accordance with Art. 6 para. 1 lit. b) GDPR We also process this data in order to be able to provide you with the most informative and interesting offer possible on the channel or to moderate comments under the channel. The legal basis for this is the protection of our legitimate interests in accordance with Art. 6 para. 1 lit. f) GDPR. Our legitimate interests lie in being able to provide existing and potential future clients with an informative offer on the YouTube channel that is optimised to the interests of users. It can be assumed that this does not affect your interests as a data subject, as it is to be expected that the data will be used accordingly when you participate in communication on a YouTube channel.
We integrate videos from the YouTube platform of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, on the website. The videos are implemented using the so-called two-click solution, which means that data is only transferred to YouTube if you have consented to this data transfer by clicking on it.
The data collected about users when using the service is processed by Google and may be transferred to countries outside the European Union. This includes the IP address, the application used, information on the end device used (including device ID and application ID), information on websites accessed, the location, the mobile phone provider and other information available on the user's PC in the form of cookies.
The use of YouTube is justified by the user's consent, which he or she gives by clicking on the corresponding symbol, in accordance with Art. 6 para. 1 lit. a) GDPR. The user can revoke their consent at any time with effect for the future by closing the subpage on which the video is played.
Google describes what information it collects and processes in general terms in its privacy policy. Users can find further information in the general information on data protection settings when using Google services and with specific reference to individual services (including YouTube).
etracker – rights of revocation
The tracking measures listed below and used by us are carried out on the basis of Art. 6 1. (f) GDPR. With the tracking measures used, we want to ensure that our website is designed as required and continuously optimised.
On the other hand, we use the tracking measures in order to statistically record the use of our website and to evaluate it for the purpose of optimising our offer to you. These interests are to be regarded as justified within the meaning of the aforementioned provision.
As an analysis tool for our website, we use the web analysis service etracker of etracker GmbH. The web analysis service uses cookies of the type described above to enable an analysis of your use of the website. The data collected using the technologies of the aforementioned web analysis services will not be used to personally identify the visitor to this website and will not be merged with personal data relating to the bearer of the pseudonym without the explicit consent of the data subject. In this context, we would also like to point out the possibility described above of preventing the storage of cookies by means of browser software settings.
The collection and storage of data by etracker can also be revoked at any time with effect for the future.
Confidentiality and security
We will keep your information confidential and protect it in accordance with our usual practices and all applicable laws.
Your rights
You have the right:
Your right of objection
If your personal data are processed on the basis of legitimate interests pursuant to Art. 6 1. (f) GDPR, you have the right, pursuant to Art. 21 GDPR, to object to the processing of your personal data if there are reasons for doing so which arise from your particular situation or if the objection is directed against direct advertising. In the latter case, you have a general right of objection, which is implemented by us without stating a particular situation.
If you wish to make use of your right of revocation or objection, an e-mail to datenschutz(at)avocado.de is sufficient.
Data security
We use the SSL (Secure Socket Layer) method in connection with the highest level of encryption supported by your browser. As a rule, this is a 256-bit encryption. If your browser does not support 256-bit encryption, we use 128-bit v3 technology instead. You can tell whether an individual page of our website is transmitted in encrypted form by the closed representation of the key or lock symbol in the lower status bar of your browser.
We also use appropriate technical and organisational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorised access by third parties. Our security measures are continuously improved in line with technological developments.
Actuality and amendment of this privacy policy
This privacy policy is currently valid and as of Septemger 2021.
Due to the further development of our website and offers on it or due to changed legal or official requirements, it may be necessary to amend this data protection declaration. You can view and print out the current privacy policy at any time on the website at https://www.avocado.de/en/privacy-policy/
Contact person
If you have questions about the processing of your personal data, please contact us:
datenschutz(at)avocado.de