The Controller in the meaning of the General Data Protection Regulation (“GDPR” in the following) and other national data protection laws and provisions is:
ROSE & PARTNER LLP.
20354 Hamburg Deutschland
Telefon: 040 / 414 37 59 0
Our data protection officer can also be reached via this contact details.
II. General Information on Data Processing
Data protection is of particular significance to us. Therefore, we only collect and use personal data of our users insofar as is required to provide our content and services and a functioning website. Personal data includes all information referring to an identified or identifiable natural person (“Person Concerned” in the following).
The collection and use of personal data of our users is always conducted in accordance with the GDPR and the applicable national data protection laws and provisions. If the processing of personal data is required, and such processing is not allowed by statutory regulations, we always seek the consent of the Person Concerned.
In general, we do not transfer personal data to third parties. A transfer only takes place, if you have given your express consent (Art. 6 Sec. 1 p. 1 lit. a GDPR); if a legitimate interest in such transfer exists and there is no reason to assume that you have an overriding and legitimate interest in you data not being transferred (Art. 6 Sec. 1 p. 1 lit. f GDPR); if a transfer is necessary for compliance with a legal obligation (Art. 6 Sec. 1 p. 1 lit. c GDPR); or if a transfer is necessary for the performance of a contract to which you are a party (Art. 6 Sec. 1 p. 1 lit. b GDPR).
III. Visits on our Website
When you visit our website www.rosepartner.de, the browser you use automatically sends information to the server on our website. The following information are collected and stored until automatic deletion:
- IP adress,
- Time of the server request,
- Referrer URL,
- Browser type and browser version,
- Operating system used,
- Host name of the accessing computer.
These data are only stored temporarily in a so-called log file. Not affected by this are the IP addresses of the user or other data that allow the assignment of the data to a user. A storage of this data together with other personal data of the user does not take place. When using this data, we draw no conclusions about the person concerned.
The legal basis for this processing is Art. 6 Sec. 1 p. 1 lit. f GDPR. The legitimate interest in the meaning of the GDPR is providing a working website with properly delivered content, optimizing our systems and providing law enforcement with the information needed to prosecute cyberattacks. As soon as there is no legitimate interest and there is no statutory retention requirement, these data will routinely deleted.
We use so-called session cookies to recognize that you have already visited individual pages on our website. These cookies are automatically deleted after leaving our site. In addition, we use temporary cookies that are stored on your device for a specific period of time. Visit our page again, it will automatically detect that you were with us already and what settings and adjustments they have made in order not to have to enter it again. The data collected includes the frequency of page views, search terms entered, and the use of website features.
If you click "ok" in the cookie note displayed on our website, you authorize us to set cookies. If you click "reject" only the technically necessary cookies are set.
The data processed by cookies are for the purposes mentioned in order to safeguard our legitimate interests as well as third parties according to Art. 6 Sec. 1 p. 1 lit. f GDPR required. Most browsers automatically accept cookies. However, you can set your browser in a way that it does not save cookies on your computer or always a hint appears before a new cookie is created. However, disabling cookies completely may mean that you can not use all features of our website.
V. Analytic Tools (Google Analytics)
We use Google Analytics, a web analytics service provided by Google Ireland Limited (https://www.google.de/intl/de/about/), Gordon House, Barrow Street, Dublin 4, Ireland („Google“ in the following), for the purpose of customizing and continually optimizing our pages.
We use Google Analytics on the basis of Art. 6 Sec. 1 p. 1 lit. f GDPR. We want to ensure a needs-based design and the continuous optimization of our website. On the other hand, we use the tracking measures to statistically record the use of our website and evaluate it for the purpose of optimizing our offer for you. These interests are to be regarded as justified within the meaning of the aforementioned provision.
In this context, pseudonymised usage profiles are created and cookies (see under section IV.) are used. The information generated by the cookie about your use of this website such as
- browser type / version,
- used operating system,
- Referrer URL (the previously visited page),
- host name of the accessing computer (IP address),
- time of server request,
are usually transferred to a Google server and stored there. There may also be a transfer of data to Google's servers in the United States. Due to Google's certification under the EU-US Privacy Shield, the European Commission has identified an appropriate level of privacy for Google.
The informations may also be transferred to third parties, if required by law or as far as third parties process this data in the order. In no case will the IP address transmitted by your browser be merged with any other data provided by Google. The IP addresses are anonymized, so that an assignment is not possible (IP masking). Only in exceptional cases will the full IP address be sent to a Google server in the US and shortened there.
On our behalf, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide us with other services related to website usage and internet usage.
You can prevent the installation of cookies by setting the browser software accordingly; however, we point out that in this case not all features of this website may be fully exploited. You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) and the processing of this data by Google by downloading and installing a browser add-on (https://tools.google.com/dlpage/gaoptout?hl=de). As an alternative to the browser add-on, especially for browsers on mobile devices, you can prevent the collection by Google Analytics by clicking on this LINK. An opt-out cookie will be set to prevent future collection of your information when you visit this site. The opt-out cookie is stored on your device and is only valid in this browser and only for our website. If you delete the cookies in this browser, you must set the opt-out cookie again.
For more information about privacy related to Google Analytics, see the Google Analytics Help Center: https://support.google.com/analytics/answer/6004245?hl=de.
VI. Marketing Tools (Google Ads)
On our website we have integrated the Google Ads service. Google Ads is an Internet advertising service that allows you to show ads on both Google and Google Network search engine results. The operator of this service is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
We use Google Ads on the basis of Art. 6 Sec. 1 p. 1 lit. f GDPR. We want to ensure a targeted and needs-based application of our website. In conjunction with the tracking measures described in Section V., the use of the advertising offers on our website is statistically recorded and evaluated for the purpose of optimizing our offer for you. These interests are to be regarded as justified within the meaning of the aforementioned provision.
The purpose of Google Ads is to promote our website by displaying advertisements on third-party websites and in Google's search results, as well as showing advertisements on our website.
To statistically evaluate and improve our offer, Google Ads ads are evaluated using Google Conversion Tracking. Google Ads sets a cookie (see section IV.) on your computer if you have reached our website via a Google ad. These cookies lose their validity after 30 days and are not used for personal identification. If the user visits certain pages of the Ads customer's website and the cookie has not expired, Google and the customer can see that the user clicked on the ad and was redirected to this page.
Each Ads customer receives a different cookie. Cookies can not be tracked via the websites of Ads customers. The information gathered using the conversion cookie is used to generate conversion statistics for Ads customers who have opted for conversion tracking. Ads customers are told the total number of users who clicked on their ad and were redirected to a conversion tracking tag page. However, they do not receive any information that personally identifies users. If you do not want to participate in the tracking process, you can also refuse the required setting of a cookie - for example, via a browser setting that generally deactivates the automatic setting of cookies. You can also disable cookies for conversion tracking by setting your browser to block cookies from the domain "www.googleadservices.com".
We also use Google Tag Manager on our website. Google Tag Manager is a solution that enables marketers to manage website tags from one interface. The Tag Manager tool itself (which implements the tags) is a cookie-less domain and does not collect personally identifiable information. The tool triggers other tags, which may collect data. Google Tag Manager does not access this data. If disabled at the domain or cookie level, it will remain in effect for all tracking tags implemented with Google Tag Manager.
More information can be found here: http://www.google.de/tagmanager/use-policy.html and https://policies.google.com/technologies/ads?hl=de
VII. Contact via our website
Due to statutory regulations our website contains information that enables a quick electronic communication with our company (email address, in particular). If you contact us via email, your personal data, which you submit voluntarily, are automatically saved for the purpose of use and communication. Such data will not be transferred to third parties. The data will be deleted, when the legal retention period expires and the data are no longer required to perform or initiate a contract. The legal basis for processing data, which are transferred by sending an email, is Art. 6 Sec. 1 p. 1 lit. f GDPR. The legitimate interest in the meaning of the GDPR is to process and answer your contact request.
The data will be deleted as soon as they are no longer required to fulfil the purposes mentioned above, i.e. when the respective communication with the user is finished. The communication is deemed finished when the circumstances suggest that the matter in question has been resolved conclusively.
You have the right to object to the storage of your personal data at any time. For this purpose, please contact the Controller mentioned in Sec I. (in writing, per email or by phone). The data from any prior communication will then be deleted; a further communication will not be possible.
VIII. Contact form
Users of our website have the opportunity to contact us through a contact form ("contact" or "become a partner"). If you make this possible, the data entered in the input mask will be transmitted to us and saved. These data are:
- Phone number,
- Post code
- E-Mail adress,
- your personal information in the subject or free text.
At the time of sending the message, the following data is also stored:
- IP address of the calling computer,
- Date and time of registration.
We need the collected data solely to answer your contact request. The data stored at the time of dispatch serve to ensure the security of our systems and to prevent the misuse of the contact form. Any further use or disclosure of this data will not take place.
The data will be deleted as soon as it is no longer necessary to achieve the purpose of its collection. For the personal data from the input mask of the contact form, this is the case when the respective conversation with the user has ended. The conversation ends when it can be inferred from the circumstances that the facts are finally clarified.
If the contract request results in a contract or contract initiation relationship, the legal basis for further data processing is Art. 6 Sec. 1 p. 1 lit. b GDPR.
You have the opportunity to revoke your consent to the processing and storage of your data at any time with effect for the future. For this purpose, please contact the person named in I. (in writing, by e-mail or by telephone). The data from the previous communication is then deleted, another conversation is no longer possible without further consent.
IX. Integration of social media components and plugins
We use on our website on the basis of Art. 6 Sec. 1 p. 1 lit. a GDPR social media plugins on the social networks Facebook, Twitter, Xing, LinkedIn and Google+, in order to make our website and our company better known. The underlying commercial purpose is to be regarded as legitimate interest within the meaning of the GDPR. The responsibility for the data protection compliant enterprise is to be guaranteed by the respective offerer.
1. Facebook Plugin
Our website uses components and plugins from the social network facebook.com. Facebook.com is operated by Facebook Inc., Hacker Way, Menlo Park, CA 94025, USA ("Facebook" in the following). The person responsible for the processing of personal data for those affected outside the US or Canada is Facebook Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland.
You can recognize these plugins by the Facebook logo (white "f" on blue tile), by a "thumbs up" sign or by buttons labeled "LIKE" or "SHARE". It is an offer from Facebook. If you visit a page of our website that contains such a plugin, your browser establishes a direct connection to the Facebook servers. The content of the plugin is transmitted by Facebook directly to your browser and incorporated by this into the website. By integrating the plugins, Facebook receives the information that your browser has accessed the corresponding page of our website, even if you do not have a Facebook account or are currently not logged in to Facebook. This information (including your IP address) is transmitted from your browser directly to a Facebook server in the US and stored there. If you are logged in to Facebook, Facebook can assign the visit to our website directly to your Facebook account. If you interact with the plugins, for example by pressing the "LIKE" or "SHARE" button, the corresponding information is also transmitted directly to a Facebook server and stored there. The information will also be published on Facebook and - depending on the setting on Facebook - displayed to your Facebook friends.
Facebook may use this information for the purpose of advertising, market research and tailor-made Facebook pages. For this purpose, Facebook uses user, interest and relationship profiles, e.g. to evaluate your use of our website in relation to the advertisements displayed on Facebook, to inform other Facebook users about your activities on our website, and to provide other services related to the use of Facebook.
If you do not want Facebook to assign the data collected via our website to your Facebook account, you must log out of Facebook before visiting our website.
2. Facebook Pixel
Furthermore, we use the so-called "Facebook Pixel" of the social network Facebook. On the one hand, with the help of the Facebook pixel, Facebook is able to designate visitors to our online offer as a target group for the presentation of advertisements (so-called "Facebook ads"). Accordingly, we use the Facebook Pixel to display the Facebook Ads we have been sent only to those Facebook users who have also shown an interest in our online offer or who have certain features (eg interests in certain topics or products visited by them) Web pages determined), which we transmit to Facebook (so-called "Custom Audiences"). With the help of the Facebook pixel, we also want to make sure that our Facebook ads are in line with the potential interest of users and are not annoying. With the help of the Facebook pixel, we can continue to understand the effectiveness of the Facebook ads for statistical and market research purposes, in which we see whether users were redirected to our website after clicking on a Facebook ad (so-called "conversion").
Our Web site includes components and plug-ins from the Twitter News Network, 1355 Market Street, Suite 900, San Francisco, CA 94103, USA ("Twitter" in the following). The Twitter plugins (tweet button) can be recognized by the Twitter logo.
When you visit a page of our website that contains such a plugin, a direct connection is established between your browser and the Twitter server. Twitter receives the information that you have visited our site with your IP address. If you click on the Twitter "tweet button" while logged in to your Twitter account, you can link the contents of our pages to your Twitter profile. This allows Twitter to associate your visit to our pages with your user account. We point out that we as the provider of the pages are not aware of the content of the transmitted data and their use by Twitter. Regardless of whether you click on a Twitter component, Twitter will know that you have visited our website if you are logged in to Twitter at the same time.
Our website uses components and plugins from the social network xing.com. Xing.com is operated by Xing SE, Dammtorstraße 30, 20354 Hamburg, Germany ("Xing" in the following). Xing is a social network especially for business contacts.
You can recognize the Xing plug-ins by the buttons with the Xing logo or by the name "XING". This is an offer from Xing. By accessing pages of this website on which Xing plug-ins have been integrated, your browser establishes a direct connection to the Xing servers. The content of the plugin is transmitted by Xing directly to your browser and integrated by this into the website. By integrating the plugins, Xing receives the information that your browser has accessed the corresponding page of our website. If you are logged in to Xing with your own profile, Xing can assign your visit to our website, the visited subpages and the duration of your stay directly to your Xing account. This happens regardless of whether you use a Xing button. If you interact with the plugins, for example by pressing the "Share" button, the corresponding information is also transmitted directly to a server from Xing and stored there. The information will also be published on Xing and displayed to your Xing contacts, depending on your setting on Xing.
If you do not want Xing to associate the data collected through our website with your Xing account, you must log out of Xing before visiting our website.
Information on the collection, processing and use of personal data by Xing is available at https://privacy.xing.com/de/datenschutzerklaerung.
In addition, our website uses components of the Google+ social network operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google" in the following).
You will recognize these plugins by the Google + logo ("G +"). This is an offer from Google. When you visit a page of our website that contains such a plugin, your browser establishes a direct connection to Google's servers.
The content of the plugin is transmitted by Google directly to your browser and incorporated by him into the website. By integrating the plugins, Google receives the information that your browser has accessed the corresponding page of our website, even if you do not have a Google account or are currently not logged in to Google. This information (including your IP address) will be transmitted from your browser directly to a Google server in the US and stored there.
If you're logged in to Google, Google can assign your visit to our website directly to your Google Account. If you interact with the plug-ins, for example by clicking on the "SHARE" button, the corresponding information is also transmitted directly to a Google server and stored there together with other personal information from other Google services. The information will also be published on Google+ and, depending on the setting on Google+, displayed to your Google + contacts.
On our website we have also integrated components of the website linkedin.com. Linkedin.com is operated by the LinkedIn Corporation, 2029 Stierlin Court Mountain View, CA, 94043, USA, for the operation of the site and data protection matters outside the United States are the LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland ("LinkedIn" in the following). LinkedIn is a social network especially for business contacts.
You can recognize LinkedIn's plugins by the buttons with the LinkedIn logo or by the name "in". This is an offer from LinkedIn.
By accessing pages of this website on which LinkedIn plugins have been integrated, your browser establishes a direct connection with LinkedIn's servers. The content of the plugin is transmitted by LinkedIn directly to your browser and integrated by the latter into the website. By integrating the plugins LinkedIn receives the information that your browser has accessed the corresponding page of our website.
If you are logged in to LinkedIn with your own profile, LinkedIn can directly associate your visit to our website, visited subpages, and length of stay with your LinkedIn account. This happens regardless of whether you use a LinkedIn button. If you interact with the plugins, for example by clicking the "notify" button, the corresponding information is also transmitted directly to a LinkedIn server and stored there. The information may also be published on linkedin.com and displayed to your contacts, depending on your preferences.
X. Rights of the data subject
As the Person Concerned (= data subject) you have the following rights against the Controller. If you wish to assert any of such rights, please contact the Controller under the contact details mentioned in I.
1. Right of access (Art. 15 GDPR)
You have the right to obtain information from the Controller on whether or not personal data concerning you are being processed.
Where that is the case, you may obtain from the Controller access to the personal data and information on the purposes of the processing; the categories of personal data concerned; the recipients or categories of recipient to whom the personal data have been or will be disclosed; where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period; the existence of the right to request from the Controller rectification or erasure of personal data or restriction of processing of personal data concerning you or to object to such processing; the right to lodge a complaint with a supervisory authority; where the personal data are not collected from you, any available information as to their source; the existence of automated decision-making, including profiling, referred to in Art. 22, Sec. 1 and 4 GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing to you; information on the transfer of personal data to a third country or to an international organization, and the appropriate safeguards pursuant to Art. 46 GDPR relating to the transfer.
2. Right to Rectification (Art. 16 GDPR)
You have the right to obtain from the Controller without undue delay the rectification and/or completion of personal data concerning you that is incorrect or incomplete.
3. Right to Erasure (Art. 17 GDPR)
You have the right to obtain from the Controller the erasure of personal data stored by us, if the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; if you withdraw consent on which the processing is based, and where there is no other legal ground for the processing; if you object to the processing pursuant to Art. 21, Sec. 1 and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Article 21, Sec. 2; if the personal data have been unlawfully processed; if the personal data have to be erased for compliance with a legal obligation; or if the personal data have been collected in relation to the offer of information society services referred to in Art. 8, Sec. 1 GDPR.
This right to erasure does not apply to the extent that processing is necessary for exercising the right of freedom of expression and information; for compliance with a legal obligation; for reasons of public interest; or for the establishment, exercise or defence of legal claims.
4. Right to Restriction of Processing (Art. 18 GDPR)
You have the right to obtain from the Controller restriction of processing, if the accuracy of the personal data is contested by you, for a period enabling the controller to verify the accuracy of the personal data; if the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead; if the Controller no longer needs the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defence of legal claims; or if you have objected to processing pursuant to Art. 21 Sec. 1 GDPR, pending the verification whether the legitimate grounds of the Controller override those of you.
Where processing has been restricted, such personal data shall, with the exception of storage, only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.
If you have obtained restriction of processing, you shall be informed by the Controller before the restriction of processing is lifted.
5. Right to Data Portability (Art. 20 GDPR)
You have the right to receive the personal data concerning you, which you have provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller.
6. Right to Object
Insofar as your personal data are processed on the basis of legitimate interests in accordance with Art. 6 Sec. 1 p. 1 lit. f GDPR, you have the right to object such processing of your personal data on grounds relating to your particular situation. If your objection is directed against direct marketing, you have a general right to object which we will implement without you being required to submit grounds relating to your particular situation
7. Right to Withdraw Consent (Art. 7 Sec. 3 GDPR)
You have the right to withdraw your consent at any time so that we are not allowed to continue processing data based on such consent in the future.
8. Right to lodge a complaint with a supervisory authority (Art. 77 GDPR)
You have the right to lodge a complaint with a supervisory authority. You may address the supervisory authority of your habitual residence or place of work, or the supervisory authority concerned with us.
XI. Data Security
To protect your data, we use the SSL (Secure Socket Layer) method on our website, combined with the highest level of encryption supported by your browser. Whether a single page of our website is transmitted in encrypted form is indicated by the closed presentation of the key or lock symbol in the status bar of your browser.
Incidentally, we use appropriate technical and organizational security measures to protect your data against manipulation, loss, destruction or against unauthorized access by third parties.