Data protection notice

The following data protection notice is intended to inform you in what way, to what extent and for what purposes personal data and further information of you are processed when you access this website and to inform you about your rights related to data protection.

1. Identity and contact details of the controller

The controller of data processing by meaning of Regulation (EU) 2016/679 – General Data Protection Regulation (GDPR) – and other nationally applicable data protection laws of the member states of the European Union and other data protection regulations is:

Eva Klempert, LL.M., Lawyer, MERCATIUS© Business Law Firm,
Heinz-Fangman-Str.4, 42287 Wuppertal,
Telefon: 0202/39362004, Telefax: 0202/39362005,
Emailaddress: zentrale(at)mercatius.de,
Website: www.mercatius.de,

- hereinafter referred to “controller”.

2. Principles of processing personal data

Personal data is information that according to Article 4 section 1 GDPR refers to an identified or identifiable natural person. Such data could be e.g. your name, address, IP- or Email-address. The controller processes personal data solely by considering the regulations of the GDPR and other applicable national privacy rules.

3. Extent of data processing by accessing this website

For technical reasons, each time this website is accessed, the server system of the controller collects data and information by default from the computer system of the device you are using. Thereby, the following data and information can be temporarily stored in Access Log Files:

  • IP address of the requesting device in an anonymous form
  • Date and time of access and time zone shift
  • Used request method, requested file and the transmission protocol
  • Status code of the server response
  • Transmitted amount of data - in bytes – of the server response
  • The website from which the access occurred (Referrer-URL)
  • Operating system of the device used
  • Browser and its version of the device used

In addition, the server system generates for technical reasons Error Log Files when this website is accessed, that may indicate program or runtime errors and that can temporarily store the following information and data:

  • Date and time of access and time zone shift
  • Server module on which the error occurred
  • Process ID of the web server process
  • IP address of the requesting device
  • Error code and error message

4. Purposes and legal basis of data processing

The purpose of the data processing is to enable a connection to this website, to inspect its functionality and the stability of its IT-systems, to determine errors, to parry attacks and to ensure the security of its usage. Furthermore, data are statistically evaluated without the connection of references to natural persons in order to enhance the user-friendliness of this website. The stored data will neither be assigned to a natural person, nor used for a determination of the identity of natural persons, unless required by legal or statutory reasons such as prosecution of attacks.

The processing of personal data is based on the legal grounds of Article 6 paragraph 1 subparagraph 1 point f GDPR. The legitimate interests of the controller ensured by the data processing result from the purposes of data processing and include the ensuring of the functionality, security and usability of this website and its protection against attacks.

5. Recipients of data

The controller uses the services of processors who support on her behalf the IT-systems and webhosting of this website and, by fulfillment of their services, have access possibilities to stored data. Apart from that, the controller will not transfer your personal data to any third party without your consent, unless obligated by legal or statutory reasons.

6. Period of storage

In general, the temporarily stored data are automatically erased when the purposes of their processing are served and as far as legal or statutory reasons do not regulate any different handling. Access Log Files are automatically deleted after a period of sixty days and Error Log Files after seven days.

7. Your rights

According to the General Data Protection Regulation (GDPR), you have the following rights that you can assert to the controller at any time by informal notice using the contact details specified in section 1, provided that the respective specific legal requirements are fulfilled and as far as legal or statutory reasons do not provide any restrictions or a different handling:

7.1 Right to object

You have a right to object to the processing of your personal data (Article 21 GDPR). You will find further information on this right in section 11 at the end of this data protection notice.

7.2 Right of access

You have the right to request form the controller a confirmation whether personal data about you is being processed. As far as this is the case, you have the right to obtain access to your personal data and other information provided by law (Article 15 GDPR).

7.3 Right to rectification

You have a right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning you as well as the completion of incomplete personal data concerning you (Article 16 GDPR).

7.4 Right to erasure

You have the right under the conditions of Article 17 GDPR, to obtain from the controller the erasure of personal data concerning you without undue delay, provided that one of the specific legal grounds of Article 17 GDPR applies, such as if the data is not needed any more for the purposes pursued.

7.5 Right to restriction of processing

You have the right to obtain from the controller the restriction of the processing of your personal data (Article 18 GDPR).

7.6 Right to data portability

When you have consented to data processing or when a data-processing contract exists, and if the processing is carried out by automated means, then you have the right to data portability (Article 20 GDPR).

7.7 Right of withdrawal

If the data processing is based on your consent, you have the right at any time to withdraw your consent. The withdrawal of consent does not affect the lawfulness of the processing on the basis of the consent until the withdrawal (Article 7 GDPR).

7.8 Right to lodge a complaint

You have the right to lodge a complaint with a supervisory authority if you consider that the processing of personal data relating to you infringes the General Data Protection Regulation (Article 77 GDPR).

8. Links to websites of third parties

This website may refer to websites of third parties by direct links. This data protection notice does not apply to those websites. The controller has no influence on their content and does not assume any responsibility for their privacy conditions.

9. Technical safety

The controller implements appropriate technical and organizational measures to protect personal data of the users of this website against unauthorized interventions such as destruction, loss or alteration and the unauthorized access by third parties. This website has been encrypted with the system of Transport Layer Security (TLS), version 1.2. This procedure is intended to enable a protected data transmission between your internet browser and the server. The encryption strength can achieve pending 256 bits. The Secure Sockets Layer (SSL) certificate contains verified information about this website by a certification authority.

The security measures are continually being adapted by the controller in correspondence with technological developments, still, a full protection against unauthorized access by third parties via Internet cannot be guaranteed, since the transmission of data via internet, like the sending of emails, may show security holes.

10. Topicality of this data protection notice

This data protection notice is topical valid, but the controller reserves the right to change or adapt it at any time with effect to the future, insofar as this is necessary or permissible due to technological advancements or changes in legal regulations. The current version is available on her website in section "data protection notice".

11. Right to object according to Article 21 GDPR

You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on point (e) or (f) of Article 6 paragraph 1 subparagraph 1 GDPR, including profiling based on those provisions. The controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defense of legal claims.

Where your personal data are processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing.

You can assert your right of objection at any time to the controller by informal communication using the contact details mentioned in section 1 of this data protection notice.

DPN-Version I.2