Data protection provisions

1. When you visit our website www.finlex.io, the browser used on your end device automatically sends information to the server of our website. This information is temporarily stored in a log file. The following information is collected without your help and stored until it is automatically deleted: IP address of the requesting computer, date and time of access, name and URL of the accessed file, website from which the access originates (referrer URL), used browser and, if applicable, the operating system of your computer and the name of your access provider. The aforementioned data is processed by us for the following purposes: Ensuring a smooth connection of the website, ensuring a comfortable use of our website, evaluation of system security and stability and also for other administrative purposes. The legal basis for the data processing is Art. 6 para. 1 s. 1 lit. f GDPR. Our legitimate interest follows from the above-listed data collection purposes. Under no circumstances will we use the collected data to draw conclusions about your person. In addition, we use cookies and analytics services when you visit our website. You can find more detailed explanations about this under the tabs “Cookies” and “Analysis tools” of this privacy policy.
2. When using our contact form. If you have any questions, you can contact us via a form provided on the website. This requires a valid e-mail address so that we know from whom the request originates and can answer it. Additional information can be provided voluntarily. Data processing in order to contact us is based on your voluntarily given consent according to Art. 6 para. 1 s. 1 lit. a GDPR. The personal data collected by us for the use of the contact form will be automatically deleted after your request is completed.
3. When subscribing to our newsletter. Our website provides the option to subscribe to a free newsletter. When registering for the newsletter, the data from the input mask is transmitted to us. The collection of the user’s e-mail address is used to deliver the newsletter. The collection of other personal data serves to prevent abuse of the service or the used e-mail address. The legal basis for the processing of data after registration for the newsletter is Article 6 para. 1 lit. a GDPR based on your voluntarily given consent. You can unsubscribe from the newsletter at any time via a link at the end of each newsletter. Alternatively, you can also send your unsubscribe request by e-mail to info(a)finlex.io. The data is deleted as soon as it is no longer required for the purpose for which it was collected. Accordingly, your data will be processed as long as the newsletter subscription is active. We use the email marketing platform Mailchimp to send the newsletter. Website: https://mailchimp.com/; Privacy Policy: https://mailchimp.com/legal/privacy/. d) As Applicants. Individuals may submit applications to us electronically (e.g., via email). In this case, the personal data submitted in the application is collected and processed in order to carry out the application procedure and thus for the potential initiation of an employment relationship. The Human Resources Department will review your application upon receipt. Suitable applications are then forwarded to the person responsible for the respective vacant or suitable position and to other employees within Finlex. Throughout the company, only persons have access to your data who need it in order to conduct the application process. The legal basis for the processing of the data is Art. 6 para. 1 lit. b GDPR. The processing is necessary to fulfill a contract to which the applicant is a party or to execute pre-contractual measures taken at the request of the applicant. If an employment contract is concluded with Finlex, the transmitted data will be stored in order to process the employment relationship in compliance with the statutory provisions. If an employment contract is not concluded, the data will be deleted within 6 months of notification of the rejection decision, provided that this does not conflict with any other legitimate interests of Finlex.

Your personal data will not be transferred to third parties for purposes other than those listed below. We will only disclose your personal data to third parties if: You have given your express consent to do so in accordance with Art. 6 para. 1 s. 1 lit. a GDPR; the disclosure is necessary in accordance with Art. 6 para. 1 s. 1 lit. b GDPR in order to fulfill a contract with you or to implement pre-contractual measures that are carried out at your request;  this is necessary according to Art. 6 para. 1 s. 1 lit. c GDPR in order to fulfill a legal obligation to which the controller is subject; this is necessary according to Art. 6 para. 1 s. 1 lit. f GDPR in order to assert, exercise or defend legal claims and there is no reason to assume that you have an overriding legitimate interest not to disclose your data. If we process data in a third country outside the EU or the EEA, or if the processing occurs in the context of the use of third-party services or the disclosure or transfer of data to other persons, bodies or companies, this is done according to the legal requirements. Subject to explicit consent or contractually or legally required transfer, we only process or have the data processed in third countries with a recognized level of data protection, contractual obligation through standard protection clauses of the EU Commission, if certifications or binding internal data protection regulations are available.

We use cookies on our site. Cookies are small files that your browser automatically creates and that are stored on your end device (laptop, tablet, smartphone or similar) when you visit our site. Cookies do not cause any damage to your end device, do not contain viruses, Trojans or other malware. Information is stored in the cookie that results in each case in connection with the specific end device used. However, this does not mean that we thereby obtain direct knowledge of your identity. On the one hand, the use of cookies serves to make the use of our Offer more pleasant for you. For example, we use session cookies to recognize that you have already visited individual pages of our website. These cookies are automatically deleted after leaving our site. In addition, we also use temporary cookies to optimize user-friendliness; these are stored on your terminal device for a certain specified period of time. If you visit our site again to use our services, it is automatically recognized that you have already been with us and which entries and settings you have made so that you do not have to enter these again. On the other hand, we use cookies to statistically record the use of our website and to evaluate it in order to optimize our Offer for you (see the “Analysis tools” tab). These cookies allow us to automatically recognize that you have already been with us when you visit our site again. These cookies are automatically deleted after a defined period of time. The data processed by cookies is necessary for the aforementioned purposes to protect our legitimate interests as well as those of third parties pursuant to Art. 6 para. 1 s. 1 lit. f GDPR. Most browsers accept cookies automatically. However, you can configure your browser in such a way that cookies are not stored on your computer, or a notice always appears before a new cookie is created. However, the complete deactivation of cookies may mean that you cannot use all the functions of our website.

The tracking measures listed below and used by us are carried out based on “Art. 6 para. 1 lit. f GDPR”. We use the tracking measures to ensure a needs-based design and the ongoing optimization of our website. On the other hand, we use the tracking measures to statistically record the use of our website and to evaluate it in order to optimize our Offer for you. These interests are to be considered legitimate within the meaning of the aforementioned provision. The corresponding tracking tools provide the respective data processing purposes and data categories.

• Google Analytics: We use Google Analytics, a web analytics service provided by Google Inc. (https://www.google.de/intl/de/about/) (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; hereinafter “Google”) for the purpose of needs-based design and continuous optimization of our pages. Pseudonymized usage profiles are created, and cookies (see the “Cookies” tab) are used in this context. The information generated by the cookie about your use of this website, such as browser type/version, operating system used, referrer URL (the previously visited page), host name of the accessing computer (IP address), time of server request, is transmitted to a Google server in the USA and stored there. The information is used to evaluate the use of the website, to compile reports on website activity and to provide other services related to website and Internet use for market research and needs-based design of these Internet pages. This information may also be transferred to third parties if the law requires this or if third parties process this data on our behalf. Under no circumstances will your IP address be merged with other data from Google. The IP addresses are anonymized so that it is not possible to assign them (IP masking). You may refuse the use of cookies by selecting the appropriate settings on your browser, however, please note that if you do this, you may not be able to use the full functionality of this website. In addition, you can prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) and the processing of this data by Google by downloading and installing a browser add-on (https://tools.google.com/dlpage/gaoptout?hl=de). As an alternative to the browser add-on, especially for browsers on mobile devices, you can also prevent the collection by Google Analytics by clicking on this link. In that case, an opt-out cookie will be placed, which will prevent the collection of your data during visits to this website in the future. The opt-out cookie only applies in this browser and only for our website and is stored on your device. If you delete the cookies in this browser, you must set the opt-out cookie again. We have concluded an order processing agreement with Google in this context to ensure data protection-compliant processing for you. Google Analytics Help, for example, has further information on data protection in connection with Google Analytics (https://support.google.com/analytics/answer/6004245?hl=de).
• Google Adwords/ Conversion Tracking: We also use Google Conversion Tracking in order to statistically record the use of our website and to evaluate it for the purpose of optimizing our website for you. Google Adwords sets a cookie (see the “Cookies” tab) on your computer if you have accessed our website via a Google ad. These cookies lose their validity after 30 days and are not used to identify you personally. If the user visits certain pages on an ad client’s website and the Cookie has not expired, Google and the client may recognize that the user clicked on the ad and was directed to that page. Each Adwords client receives a different cookie. Cookies can therefore not be traced via the websites of Adwords clients. The information collected using the conversion cookie is used to create conversion statistics for Adwords clients who have opted for conversion tracking. Adwords clients will learn the total number of users who clicked on their ad and were redirected to a page tagged with a conversion tracking tag. However, they do not receive any information which can personally identify users. If you do not wish to participate in the tracking procedure, you can also refuse the setting of a cookie required for this – for example, with a browser setting that generally deactivates the automatic setting of cookies. You can also disable cookies for conversion tracking by setting your browser to block cookies from the domain “googleadservices.com”. You can find Google’s privacy policy on conversion tracking here (https://services.google.com/sitestats/de.html).
• Mouseflow: This website uses Mouseflow, a web analytics tool provided by Mouseflow ApS, Flaesketorvet 68, 1711 Copenhagen, Denmark. The data processing is used in order to analyze this website and its visitors. For this purpose, data is collected and stored for marketing and optimization purposes. Usage profiles can be created under a pseudonym from this data. Cookies can be used for this purpose. The web analysis tool Mouseflow records randomly selected individual visits (only with anonymized IP address). This creates a log of mouse movements and clicks with the intention of randomly replaying individual website visits and deriving potential improvements for the website. The data collected with Mouseflow will not be used to personally identify the visitor to this website without the separately granted consent of the data subject and will not be merged with personal data about the bearer of the pseudonym. The processing is based on “Art. 6 para. 1 lit. f GDPR” due to the legitimate interest in direct customer communication and in the needs-based design of the website. You have the right to object at any time to this processing of your personal data based on “Art. 6 para. 1 lit. f GDPR” for reasons resulting from your particular situation. To do this, you can deactivate a recording on all websites that use Mouseflow globally for the browser you are currently using at the following link: https://mouseflow.de/opt-out/

We use social plug-ins from social networks such as Facebook and Twitter on our website based on “Art. 6 para. 1 lit. f GDPR” in order to make our company better known through these social networks. The underlying promotional purpose is to be considered as a legitimate interest within the meaning of the GDPR. Their respective providers must ensure responsibility for data protection-compliant operation. We are integrating these plug-ins through the “two-click method” in order to protect visitors to our website as best as possible.

• Facebook: We use social media plug-ins from Facebook on our website in order to make their use more personal. For this purpose, we use the “LIKE” or “SHARE” button. This is an offer from Facebook. When you visit a page of our website that contains such a plugin, your browser directly connects with the Facebook servers. Facebook directly transmits the content of the plugin to your browser, which then integrates it into the website. By integrating the plugins, Facebook receives the information that your browser has accessed the corresponding page of our website, even if you do not have a Facebook account or are not currently logged in to Facebook. Your browser transmits this information (including your IP address) directly to a Facebook server in the USA and stores it there. If you are logged in to Facebook, Facebook can assign your visit to our website directly to your Facebook account. If you interact with the plugins, for example by clicking the “LIKE” or “SHARE” button, the corresponding information is also transmitted directly to a Facebook server and stored there. The information will also be published on Facebook and displayed to your Facebook friends. Facebook may use this information in order to advertise, perform market research, and customize Facebook pages. For this purpose, Facebook creates usage, interest and relationship profiles, e.g., to evaluate your use of our website with regard to the advertisements displayed to you on Facebook, to inform other Facebook users about your activities on our website and to provide other services associated with the use of Facebook. If you do not want Facebook to assign the data collected via our website to your Facebook account, you have to log out of Facebook before visiting our website. You can find the purpose and scope of the data collection and the further processing and use of the data by Facebook, as well as your rights in this regard and setting options for protecting your privacy, in Facebook’s privacy policy (https://www.facebook.com/about/privacy/).
• Twitter: Our website contains plugins of the short message network of Twitter Inc. (Twitter) integrated. You can recognize the Twitter plugins (tweet button) from the Twitter logo on our site. You can find an overview of tweet buttons here (https://about.twitter.com/resources/buttons). When you visit a page of our website that contains such a plugin, a direct connection is established between your browser and the Twitter server. Twitter thereby receives the information that you have visited our site with your IP address. If you click the Twitter “tweet button” while logged into your Twitter account, you can link the contents of our pages on your Twitter profile. This allows Twitter to assign the visit to our pages to your user account. We would like to point out that as the provider of the pages we have no knowledge of the content of the transmitted data or its use by Twitter. Please log out of your Twitter user account if you do not want Twitter to be able to associate your visit to our pages. For more information, please refer to Twitter’s privacy policy (https://twitter.com/privacy).
• XING: Plugins from the XING website are integrated on our website. The “XING Share button” is used on this website. When you visit this website, a connection is briefly established via your browser to servers of XING AG (“XING”) which provide the “XING Share button” functions (in particular the calculation/display of the counter value). XING does not store any personal data about you when you visit this website. In particular, XING does not store IP addresses. Your usage behavior via the use of cookies is also not evaluated in connection with the “XING Share button”. You can find the current data protection information on the “XING Share button” and supplementary information on this website: https://www.xing.com/app/share?op=data_protection
• LinkedIn: Plugins of the social network LinkedIn of the LinkedIn Corporation are integrated on our website. You can recognize the LinkedIn plugins by the LinkedIn logo or the “Share Button” (“Recommend”) on this website. When you visit this website, a connection is directly established between your browser and the LinkedIn server via the plugin. LinkedIn thereby receives the information that you have visited our website with your IP address. If you click the LinkedIn “Share Button” while logged into your LinkedIn account, you can link the content of this website on your LinkedIn profile. This allows LinkedIn to assign your visit to this website with your user account. We would like to point out that we have no knowledge of the content of the transmitted data or its use by LinkedIn. LinkedIn’s privacy policy provides details on data collection (purpose, scope, further processing, use) as well as your rights and setting options. LinkedIn provides this information at http://www.linkedin.com/static?key=privacy_policy&trk=hb_ft_priv.
• YouTube: Our Internet pages contain plugins from YouTube, which belongs to Google Inc. As soon as you visit pages of our website that have a YouTube plugin, a connection is established to the YouTube servers. This informs the YouTube server which specific page of our website you visited. If you are also logged into your YouTube account, you would enable YouTube to assign your surfing behavior directly to your personal profile. You can nullify this option of attribution if you log out of your account previously. For more information on collecting and using your data by YouTube, please see the privacy notices there at www.google.de/intl/de/policies/privacy/

You have the right: to request information about your personal data processed by us pursuant to Art. 15 GDPR. You can, in particular,  request information about the processing purposes, the category of personal data, the categories of recipients to whom your data have been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right of complaint, the origin of your data if it was not collected by us, as well as the existence of automated decision-making including profiling and, if applicable, meaningful information about its details. Pursuant to Art. 16 GDPR, you may immediately request the correction of inaccurate or incomplete personal data stored by us; pursuant to Art. 17 GDPR, you may request the erasure of your personal data stored by us, unless the processing is necessary in order to exercise the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the assertion, exercise or defense of legal claims; pursuant to Art. 18 GDPR to restrict the processing of your personal data, as far as you dispute the accuracy of the data, the processing is unlawful, but you object to its erasure and we no longer need the data, but you need it for the assertion, exercise or defense of legal claims, or you have filed an objection to the processing of your personal data pursuant to Art. 21 GDPR; pursuant to Art. 20 GDPR to receive your personal data that you have provided to us in a structured, common and machine-readable format or to request the transfer to another controller; pursuant to Art. 7 para. 3 GDPR to revoke your consent once given to us at any time. Consequently, we may no longer continue the data processing based on this consent for the future and pursuant to Art. 77 GDPR you have the right to lodge a complaint with a supervisory authority. As a rule, you can contact the supervisory authority of your habitual residence or workplace or our company headquarters for this purpose.

If your personal data is processed based on the legitimate interests pursuant to Art. 6 para. 1 s. 1 lit. f GDPR, you have the right to object to the processing of your personal data pursuant to Art. 21 GDPR, provided that reasons exist for doing so that arise from your particular situation or the objection is directed against direct advertising. In the latter case, you have a general right to object, which we will implement without a specification of a particular situation. If you wish to exercise your right to revoke or object, simply send an e-mail to info(a)finlex.io.

As part of your website visit, we use the widespread TLS (Transport Layer Security)/SSL (Secure Socket Layer) method in conjunction with the highest encryption level supported by your browser. Usually, this is a 256-bit encryption. If your browser does not support 256-bit encryption, we use 128-bit v3 technology instead. You can tell whether an individual page of our website is transmitted in encrypted form by the closed display of the key or lock symbol in the lower status bar of your browser. We also use appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorized access by third parties. We continuously improve our security measures in line with technological developments.

It may become necessary to change this privacy policy due to the further development of our website and Offers on it or due to changed legal or regulatory requirements. You can visit and print out the current privacy policy at any time on the website at https://finlex.io/datenschutz/. This privacy policy is currently valid and has the status of January 2021.