avocado rechtsanwälte
  • Deutsch
  • English
  • Français
avocado rechtsanwälte
avocado rechtsanwälte
  • Home
  • About us
    • About us
    • Practice groups
    • Sector groups
    • Locations
    • International
    • History
  • Professionals
  • News
    • News
    • Events
    • Blog
  • Contact
  • Career
    • Career
    • Online application
    • Deutsch
    • English
    • Français
You are here: Privacy policy

Privacy policy

avocado rechtsanwälte is committed to protecting the privacy of visitors to its website. This notice describes how your personal data are processed.

Collection and processing of personal data

a) When visiting the website

When you visit our website www.avocado.de, the browser used on your device automatically sends information to the server of our website. This information is temporarily stored in a so-called log file. The following personal data will be collected without your intervention and stored until they are automatically deleted:

  • IP address of the requesting computer,
  • Date and time of access,
  • Name and URL of the retrieved file,
  • Website from which access is made (referrer URL),
  • the browser used and, if applicable, the operating system of your computer as well as the name of your access provider.

Your personal data will be processed by us for the following purposes:

  • Ensuring a smooth connection of the website,
  • Ensuring comfortable use of our website
  • Evaluation of system safety and stability as well as
  • for other administrative purposes.

The legal basis for data processing is Art. 6 1. (f) GDPR. Our legitimate interest follows from the purposes listed above for the collection of data. Under no circumstances do we use the collected data for the purpose of determining your identity.

The personal data are collected anonymously and cannot technically be assigned to specific persons. The personal data are not merged with other data sources; the data are deleted after statistical evaluation and are not stored as an individual data record.

With every access to our websites and with every retrieval of a file, static IP addresses are also recorded and automatically stored in a log file of the server. Under certain circumstances, static IP addresses may allow conclusions to be drawn about the person of the user. To this end, we neither carry out evaluations nor use such data for our own advertising purposes or make them available to third parties.

b) When subscribing for current information/invitations/news

If you have explicitly consented in accordance with Art. 6 1. (a) GDPR, we will use your e-mail address to send you current information on a regular basis. To receive this news, it is sufficient to provide an e-mail address.

You can unsubscribe at any time by sending an e-mail to news(at)avocado.de.

c) Other data collection, contact

Apart from that, you can visit our websites without providing any personal information. However, you can decide to do this by filling out forms in various areas of our website, such as

  • Career
  • Contact us

Such personal information provided on this website will be used for the purposes described in the relevant part of the website and for other purposes for which you give your consent. The legal basis is Art. 6 1. (a) GDPR (explicit consent) and Art. 6 1. (b) GDPR (performance of contract).

Disclosure of data

Your personal data will not be transferred to third parties for purposes other than those listed below. We will only pass on your personal data to third parties if:

  • you have given your explicit consent in accordance with Art. 6 1. (a) GDPR,
  • the disclosure pursuant to 6 1. (f) GDPR is necessary for the assertion, exercise or defence of legal claims and there is no reason to assume that you have an overriding legitimate interest in not disclosing your data,
  • in the event that there is a legal obligation to pass on data pursuant to Art. 6 1. (c) GDPR, and
  • it is legally permissible and required for the execution of contractual relationships with you pursuant to Art. 6 1. (b) GDPR.

Storage

Your data will be kept and stored for as long as this is necessary for the purpose for which the data were permissibly collected or as required by law or legal obligations.

Cookies

We use cookies on various websites to make visiting our website attractive and to enable the use of certain functions. These are small text files that are stored on your computer. Most of the cookies we use are deleted from your hard drive at the end of the browser session (so-called session cookies). Other cookies remain on your computer and enable us to recognize your computer during your next visit (so-called long-term cookies). These cookies are used to save the individual selections made by the visitor (e.g. the parameters when performing a search) in order to restore them to their original state when the respective website is visited again. The generated cookies expire after closing the browser or after closing the last browser window. Cookies are also used for unpersonalized statistics. The generated cookies have an expiry time of max. three months.

The data processed by cookies are necessary for the purposes mentioned to safeguard our legitimate interests and those of third parties pursuant to Art. 6 1. (f) GDPR.

You can set your browser in a way that you are informed about the setting of cookies, decide on the acceptance of cookies on a case-by-case basis or generally exclude the acceptance of cookies. If cookies are not accepted, the functionality of our website may be restricted.

Data processing through Microsoft 365: Microsoft Teams

aa) Provider of the tool

Microsoft Office is software from Microsoft Ireland Ltd, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland (hereinafter: "Microsoft").

bb) Functions used, processing purposes

  • Teams 

Teams is used as a collaboration and communication platform. Teams allows you to set up various project rooms and channels and offers a wide range of collaboration options. 

  • Chat 

Chats can be activated within teams. Private chats and channel chats (posts) are possible. Private chats only take place between direct participants and can be encrypted end-to-end. Public channel chats (or "posts") are messages within a channel in a team room. Within a team room, all participants can read these chats. Both types of chat messages are persistent by default in Teams, i.e. they are not deleted after a certain period of time. Message policies" can be used to specify who can delete chat messages: the owner of a team, the author of the message, or both. Retention policies can be used to define rules with which chat messages are automatically deleted after a certain period of time. A distinction can be made here between private chat messages and channel chats.

  • OneNote

OneNote is used for internal note-taking functions. These are administrative functions such as client-related fee calculations or personnel and financial information. 

cc) Responsibilities, instructions for invitations to teams

If you receive a request from us to participate in a Teams meeting, you must either install the corresponding MS app or call up the corresponding Microsoft website within the browser. In both cases, data processing by Microsoft takes place, the scope of which we will inform you about below. With the invitation to the meeting, you will receive information from us about , the possibility of accessing the data protection information presented here and any configuration options. No Microsoft account  required participate in a meeting.

dd) Processed data and legal bases

  • Teams

The scope of data processing depends on the purpose of the call and the optional data that can be entered. The following personal data is collected and processed:

User name, first and last name (optional), telephone (optional), e-mail address, profile picture (optional).

Meeting data / log data: 

Topic, description (optional), IP addresses, device/hardware information, meeting ID, date, time, dial-in telephone number if applicable.

For recordings (optional): 

Video, audio and presentation recordings and documentation of the visible chat content.

The legal basis for the implementation of the Teams conference is Art. 6 para. 1 lit. b) GDPR (fulfilment of contract), insofar as the implementation is necessary within the framework of the mandate relationship, otherwise the legal basis is Art. 6 para. 1 lit. f) GDPR (legitimate interest). Our interest lies in the effective organisation of online meetings; in view of the security measures described below, it cannot be assumed that the interests of the data subjects prevail.

  • Chat

The corresponding texts are saved here depending on your entries. The texts are permanently available in the meeting as long as it is active.

The legal basis for the processing of chat data is Art. 6 para. 1 lit. b) GDPR (fulfilment of contract), insofar as the chat content is necessary for the exchange of information within the scope of the client relationship, otherwise the legal basis is Art. 6 para. 1 lit. a) GDPR (implied consent through voluntary entry of data).

  • OneNote

The note function allows the permanent storage of information, depending on the corresponding input. As a rule, this is the administrative data mentioned in the processing purpose.

The legal basis for the processing of the OneNote data is Art. 6 para. 1 lit. b) GDPR (fulfilment of contract), as the note content is required for the exchange of information within the scope of the client relationship.

ee) Data transfer           

The data relating to the use of Microsoft tools will not be passed on to third parties unless this is exceptionally necessary for the fulfilment of a mandate.

ff) Technical and organisational security measures/data transfer outside the EU/EEA

General information on order processing by Microsoft and Bechtle IT

The Microsoft tools are used on the basis of an order processing contract with Microsoft in accordance with Art. 28 GDPR. The provisions of Art. 28 GDPR, in particular Art. 32 GDPR on the security of the processed data, are complied with. Microsoft processes the following personal data as part of Microsoft Teams: support and feedback data, diagnostics and service data; optional uses beyond this for own purposes are contractually excluded (docs.microsoft.com/de-de/microsoftteams/teams-privacy).

The use is technically mediated by our other processor in accordance with Art. 28 GDPR Bechtle AG, Bechtle Platz 1, 74172 Neckarsulm, kontakt@bechtle.com, telephone: + 49 7132 981-0, the data protection information can be found at www.bechtle.com/privacy-policy.

Microsoft Teams is a tool from Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, United States of America. The European branch of Microsoft, Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland is our processor for the provision of the tool. According to MS, the concerns of the supervisory authority (DSK AG) have been taken into account in that log data storage has only taken place in the EU since 1 January 2013. Emergency administrative access to log data from the USA has been excluded since 31 December 2013, and all administrative data is then only stored in the EU and can only be accessed there. 

 This is done on the basis of Commission Implementing Decision (EU) 2019/914 of 4 June 2021 on standard contractual clauses for the transfer of personal data to third countries pursuant to Regulation (EU) 2016/976 and the following entry in the Data Privacy Framework to ensure a European level of data protection (www.dataprivacyframework.gov/list):

Microsoft Corporation

Industries


Information and Communications Technology
Software

Participation


EU-U.S. Data Privacy Framework :  Active

Original Certification Date

08/12/2016

Next Certification Due Date

09/13/2024

Data Collected

HR and Non-HR Data


UK Extension to the EU-U.S. Data Privacy Framework :  ActiveOriginal Certification Date

08/10/2023

Next Certification Due Date

09/13/2024

Data Collected

HR and Non-HR Data

Purpose of Data Collection

Microsoft uses the data we collect to provide rich, interactive experiences. In particular, we use data to: -- Provide our products, which includes updating, securing, and troubleshooting, as well as providing support. It also includes sharing data, when it is required to provide the service or carry out the various business and consumer services; enabling sales and other transactions; conducting data analysis to improve products and services; and/or maintaining marketing relationships. We use data to operate our business, which includes analyzing our performance, meeting our legal obligations, developing our workforce, and doing research.

Privacy Policy


HR Data

Name

Microsoft Data Privacy Notice

Description

The Microsoft Data Privacy Notice describes the collection and use of personal employment data of employees, external staff, candidates and guests. The Notice is available to employees on Microsoft internal and external websites, systems, tools and applications used by employees, external staff, candidates, and guests to enter, edit or view their personal data. For description about Data Privacy Framework, please see the section "Where we store and process personal data”: go.microsoft.com/fwlink/

Effective Date

09/14/2023

Non-HR Data

Name

Microsoft Privacy Statement

Description

The Microsoft Privacy Statement explains the personal data Microsoft processes, how Microsoft processes it, and for what purpose. For a description of our participation in EU-U.S. Data Privacy Framework, Swiss-U.S. Data Privacy Framework, and UK Extension to the EU-U.S. Data Privacy Framework, please expand the "Other important privacy information" section and see "Where we store and process personal data": go.microsoft.com/fwlink

Effective Date

08/23/2023

Policy Link

https://go.microsoft.com/fwlink?linkid=521839

Verification Method

Self-Assessment

Additional measures taken / information on data protection-compliant use

We have also taken the following measures through our service provider Bechtle IT to comply with the instructions of the data protection authorities, in particular the instructions of the EDPS of 11 March 2024 (Press release "European Commission's use of Microsoft 365 infringes data protection law for EU institutions and bodies"):

  • No team groups can be created.
  • OneDrive, SharePoint and external data storage cannot be used via Teams. Chats are deactivated.
  • External apps do not have access to Teams
  • Settings are always set to the highest level of encryption.
  •  Preventing the transmission of telemetry data when using Microsoft 365 or the underlying Windows operating system. With Windows 10 Enterprise, data transmission to Microsoft can be largely prevented by settings in the operating system, see also details in the recommendations:
    www.datenschutz.rlp.de/de/themenfelder-themen/windows-10/
    www.datenschutzkonferenz-online.de/media/dskb/TOP_30_Beschluss_Windows_10_mit_Anlagen.pdf
    www.datenschutzkonferenz-online.de/media/ah/20191106_win10_pruefschema_dsk.pdf
  • Log data is partially anonymised and pseudonymised (with identifiers for problem cases), use of business pseudonymous email addresses/accounts (ideally temporarily from a pool) and the prohibition of the use of private Microsoft accounts.
  • Use of the encryption option with your own key ("BYOK") and the so-called "Customer Lockbox".
  • Log data is stored for between 7 and 90 days and aggregated as quickly as possible (for details, see Microsoft 365 audit log collection - Microsoft Service Assurance | Microsoft Learn)
  • MS will continue to defend itself in court against attempts by US security authorities to access customer data. 
  • Preview versions are not used, as these are often not yet configured to the most data protection-friendly default settings.
  • Conclusion of the updated DPA with additional agreements, see also Microsoft General - Data Transfer Impact Assessment at https://servicetrust.microsoft.com/DocumentPage/e5de2bcf-285c-4b9d-afd0-42480deb1184 and other contract documents in the "Trust Portal" at servicetrust.microsoft.com/ViewPage/PrivacyDataProtection 
  • Access to MS data management to fulfil the accountability obligation under Art. 5 GDPR at servicetrust.microsoft.com 
  • Conclusion of the supplementary agreement for persons subject to professional secrecy (query.prod.cms.rt.microsoft.com/cms/api/am/binary/RE3Pcj0)
  • Use of the "waiting room" option for pre-checking the identity of participants;
  • Maximum deactivation of all other login and recording functions as well as additional apps and functions.

Notes for your use:

You can take the following measures to minimise the processing of personal data:

  • Choice of a pseudonym for user names. The pseudonym should be communicated to the team administrator via a separate communication channel so that admission to the room is possible.
  • Avoid the unnecessary disclosure of personal and, in particular, sensitive data 
  • Deactivation of autostart for MS Teams 
  • Please avoid using screenshots without the consent of the other participants
  • Please end the meeting when you leave it

gg) Data erasure, storage duration

Log data in MS Teams is stored for 90 days. Chat data and OneNote data will only be stored for as long as required by the legal basis, i.e. chat data will only be stored until it has been transferred for further client processing. Data in OneNote will be stored for as long as this corresponds to the general storage principles of avocado rechtsanwälte for client processing.

Data protection information YouTube channel www.youtube.com/@avocado.vloggt

You can access our YouTube channel without providing any personal information. In individual cases, however, we process your personal data, for example if you communicate with us via the YouTube channel. If you provide us with information about third parties, such as spouses or relatives, we assume that you have given us your prior consent to do so. We would like to point out that you use the YouTube website and its functions on your own responsibility. This applies in particular to the use of interactive functions (e.g. commenting, sharing, rating).

To set up the YouTube channel, we have selected the most privacy-friendly settings possible. For data processing by the YouTube platform, please refer to Google's privacy policy, which you can access via the following link: https://policies.google.com/privacy?hl=de.

As the provider of the YouTube channel, we only collect and process the statistical data automatically provided to us by YouTube regarding the use of the channel. In addition, we may process your personal data to moderate the comment function or to respond directly to enquiries addressed to us. The legal basis for this is the fulfilment of the purpose of the contract (answering or directly commenting on questions) in accordance with Art. 6 para. 1 lit. b) GDPR We also process this data in order to be able to provide you with the most informative and interesting offer possible on the channel or to moderate comments under the channel. The legal basis for this is the protection of our legitimate interests in accordance with Art. 6 para. 1 lit. f) GDPR. Our legitimate interests lie in being able to provide existing and potential future clients with an informative offer on the YouTube channel that is optimised to the interests of users. It can be assumed that this does not affect your interests as a data subject, as it is to be expected that the data will be used accordingly when you participate in communication on a YouTube channel.

Data protection information on integrated YouTube videos

We integrate videos from the YouTube platform of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, on the website. The videos are implemented using the so-called two-click solution, which means that data is only transferred to YouTube if you have consented to this data transfer by clicking on it. 

The data collected about users when using the service is processed by Google and may be transferred to countries outside the European Union. This includes the IP address, the application used, information on the end device used (including device ID and application ID), information on websites accessed, the location, the mobile phone provider and other information available on the user's PC in the form of cookies.

The use of YouTube is justified by the user's consent, which he or she gives by clicking on the corresponding symbol, in accordance with Art. 6 para. 1 lit. a) GDPR. The user can revoke their consent at any time with effect for the future by closing the subpage on which the video is played.

Google describes what information it collects and processes in general terms in its privacy policy. Users can find further information in the general information on data protection settings when using Google services and with specific reference to individual services (including YouTube).

etracker – rights of revocation

The tracking measures listed below and used by us are carried out on the basis of Art. 6 1. (f) GDPR. With the tracking measures used, we want to ensure that our website is designed as required and continuously optimised.

On the other hand, we use the tracking measures in order to statistically record the use of our website and to evaluate it for the purpose of optimising our offer to you. These interests are to be regarded as justified within the meaning of the aforementioned provision.

As an analysis tool for our website, we use the web analysis service etracker of etracker GmbH. The web analysis service uses cookies of the type described above to enable an analysis of your use of the website. The data collected using the technologies of the aforementioned web analysis services will not be used to personally identify the visitor to this website and will not be merged with personal data relating to the bearer of the pseudonym without the explicit consent of the data subject. In this context, we would also like to point out the possibility described above of preventing the storage of cookies by means of browser software settings.

The collection and storage of data by etracker can also be revoked at any time with effect for the future.

Confidentiality and security

We will keep your information confidential and protect it in accordance with our usual practices and all applicable laws.

Your rights

You have the right:

  • to request information about your personal data processed by us in accordance with Art. 15 GDPR. In particular, you may request information on the processing purposes, the category of personal data, the categories of recipients to whom your data have been or will be disclosed, the planned storage period, the existence of a right of rectification, deletion, restriction of processing or objection, the existence of a right of complaint, the origin of your data, unless it has been collected from us, as well as the existence of an automated decision-making process including profiling and, if applicable, meaningful information on its details;
  • in accordance with Art. 16 GDPR, to immediately request the correction of incorrect or incomplete personal data stored by us;
  • to demand the deletion of your personal data stored by us in accordance with Art. 17 GDPR, unless the processing is necessary for the exercise of the right to freedom of expression and information, for the fulfilment of a legal obligation, for reasons of public interest or for the assertion, exercise or defence of legal claims;
  • to demand the restriction of the processing of your personal data pursuant to Art. 18 GDPR if the accuracy of the data is disputed by you, the processing is unlawful but you refuse its deletion and we no longer need the data but you need it to assert, exercise or defend legal claims or you have lodged an objection to the processing pursuant to Art. 21 GDPR;
  • in accordance with Art. 20 GDPR, to receive your personal data which you have provided to us in a structured, common and machine-readable format or to request the transfer to another responsible party;
  • in accordance with Art. 7 para. 3 GDPR, to revoke your consent once given to us at any time. The consequence of this is that we may no longer continue the data processing based on this consent in the future, and
  • to complain to a supervisory authority pursuant to Art. 77 GDPR. As a rule, you can contact the supervisory authority of your usual place of residence or place of work or our office.


Your right of objection

If your personal data are processed on the basis of legitimate interests pursuant to Art. 6 1. (f) GDPR, you have the right, pursuant to Art. 21 GDPR, to object to the processing of your personal data if there are reasons for doing so which arise from your particular situation or if the objection is directed against direct advertising. In the latter case, you have a general right of objection, which is implemented by us without stating a particular situation.

If you wish to make use of your right of revocation or objection, an e-mail to datenschutz(at)avocado.de is sufficient.

Data security

We use the SSL (Secure Socket Layer) method in connection with the highest level of encryption supported by your browser. As a rule, this is a 256-bit encryption. If your browser does not support 256-bit encryption, we use 128-bit v3 technology instead. You can tell whether an individual page of our website is transmitted in encrypted form by the closed representation of the key or lock symbol in the lower status bar of your browser.

We also use appropriate technical and organisational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorised access by third parties. Our security measures are continuously improved in line with technological developments.

Actuality and amendment of this privacy policy

This privacy policy is currently valid and as of Septemger 2021.

Due to the further development of our website and offers on it or due to changed legal or official requirements, it may be necessary to amend this data protection declaration. You can view and print out the current privacy policy at any time on the website at https://www.avocado.de/en/privacy-policy/

Contact person

If you have questions about the processing of your personal data, please contact us:
datenschutz(at)avocado.de

© avocado rechtsanwälte Berlin Frankfurt Hamburg Cologne Munich Brussels

to top
  • Legal notice
  • Privacy policy
  • Contact
  • change your data privacy settings

This website uses cookies to make the site user-friendly and to inform us about your usage behaviour. Learn more

Accept Dont Accept