Legalian GmbH (hereinafter referred to as "Legalian" or "we"), as the operator of this website (the "www.legalian.io"), takes the protection of personal data very seriously. We treat personal data confidentially and in accordance with statutory data protection regulations, as well as on the basis of this privacy policy. The legal bases can be found in particular in the General Data Protection Regulation (GDPR), the Telecommunications-Telemedia Data Protection Act (TDDSG), and the Federal Data Protection Act (BDSG).
When you use this website, various personal data are processed depending on the type and extent of use. Personal data are information relating to an identified or identifiable natural person; a natural person is considered identifiable if they can be identified directly or indirectly (e.g., by means of assignment to an online identifier).
This privacy policy informs you in accordance with Art. 12 et seq. GDPR about the processing of your personal data when using our website (the "website data"). It explains in particular which personal data we collect and the purposes for which we use them. Moreover, it informs you about how and for what purposes this occurs and on which legal basis.
Responsible party
The data controller, according to the GDPR, is the natural or legal person who alone or jointly with others determines the purposes and means of processing personal data.
The data controller for the data processing operations covered by this privacy policy in relation to the website data is:
Legalian GmbH, Wolfratshauserstraße 50A, 82049 Pullach i. Isartal
Email: privacy@legalian.io
Purposes and Legal Bases for Data Processing
Accessing and Visiting our Website: For the technical provision of this website, it is necessary for us to process certain information automatically transmitted by your browser to display our website in your browser and enable you to use the website. This information (the “access data”) is automatically recorded every time our website is accessed and is stored in the so-called server log files automatically. These are:
Browser type and browser version
Operating system used
Website from which access is made (Referrer URL)
Hostname of the accessing computer
Date and time of access
IP address of the requesting computer
The processing of the aforementioned access data is necessary for technical reasons to provide the functional website and ensure system security. This also applies to the processing of your IP address, which is necessarily carried out and can theoretically allow for association with your person under further conditions. Beyond the purposes mentioned above, we use server log files exclusively for the demand-orientated design and optimisation of our internet offering purely statistically and without drawing conclusions about your person. The merging of this data with other data sources does not take place, and an evaluation of the data for marketing purposes does not occur.
If you visit the website to obtain information or use it based on a contractual relationship, the basis for the temporary storage of access data is Art. 6 para. 1 sentence 1 lit. b GDPR (legal basis), which permits the processing of data to fulfil a contract or to carry out pre-contractual measures.
Furthermore, Art. 6 para. 1 sentence 1 lit. f GDPR serves as the legal basis for the temporary storage of access data. Our legitimate interest here is to be able to provide you with a technically functional and user-friendly designed website and to ensure the security of our systems.
Retention period and deletion of your access data are regulated by the chapter “Duration of Data Processing and Deletion” of this privacy policy. Your IP address will be stored on our web server for IT security purposes for a maximum of 7 days.
Use of Cookies and Related Functions/Technologies: We partly use so-called cookies on our website. Cookies are intended to make our offering more user-friendly, effective, and secure, and to enable the provision of certain features of our website. Cookies are small text files that are stored on your computer and saved by your browser. A cookie contains a characteristic string of characters that enables the unique identification of your browser upon re-accessing the website.
Most of the cookies we use are so-called “session cookies.” They are automatically deleted after your visit or your browser session ends (so-called transient cookies). Other cookies remain stored on your device for a predetermined period or until you delete them (so-called persistent cookies). These cookies allow us to recognise your browser on your next visit.
You can usually set your browser so that you are informed about the setting of cookies and allow cookies only in individual cases, exclude the acceptance of cookies for specific cases or in general, and activate the automatic deletion of cookies when closing the browser. You can usually find how to deactivate cookies via the “Help” function of your internet browser.
Deactivating cookies may limit the functionality and/or full availability of this website.
Some of the cookies we use on our website come from third parties who help us analyse the impact of our website and the interests of our visitors, measure the performance and effectiveness of our website, or place demand-driven advertising and other content on our website. Within our website, we use both first-party cookies (only visible from the domain currently visited) and third-party cookies (visible across domains and regularly set by third parties).
The data processing based on cookies is carried out on the basis of your consent granted under Art. 6 para. 1 sentence 1 lit. a GDPR (legal basis) or on the basis of Art. 6 para. 1 sentence 1 lit. f GDPR (legal basis) to safeguard our legitimate interests. Our legitimate interests especially lie in providing you with a technically optimised and user-friendly designed website, ensuring the security of our systems. Consents that you have provided to us can be revoked at any time.
Retention period and deletion of your corresponding data are also regulated by the chapter “Duration of Data Processing and Deletion” of this privacy policy.
Website Compliance with Legal Obligations: We also process your website data to fulfil legal obligations that may arise in connection with our business activities. This includes, in particular, commercially, trade, or tax-related retention periods.
We process your website data in accordance with Art. 6 para. 1 sentence 1 lit. c GDPR (legal basis) to fulfil a legal obligation to which we are subject.
Legal Enforcement: We also process your website data to assert and enforce our rights and legal claims. Further, we process your website data to be able to defend against legal claims. Finally, we process your website data insofar as it is necessary to avert or pursue criminal offences.
We process your website data hereby to safeguard our legitimate interests in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR (legal basis), as far as we assert legal claims or defend ourselves in legal disputes or prevent or clarify criminal offences (legitimate interest).
Consent-based Data Processing
Provided that you have given us consent to process personal data for specific purposes, the legality of this processing is based on your consent.
In this case, the legal basis is Art. 6 Para. 1 Sentence 1 lit. a GDPR.
A granted consent can be revoked at any time. Please note that the revocation is effective only for the future and does not affect processing carried out prior to the revocation.
Recipients of Data
Within our company, those positions that require access to your data to fulfil our contractual and legal obligations or to exercise our rights will receive access.
Service providers and vicarious agents (e.g., technical service providers) employed by us may also receive data for these purposes.
In some cases, recipients receive your personal data as sub-processors and are then strictly bound by our instructions when handling your personal data. These sub-processors in particular include the following companies:
Name: Hubspot Ireland Limited
Location: Ireland
Description of processing (including a clear demarcation of responsibilities, if multiple sub-processors are approved): Booking of meetings, webinars
Description of processing (including a clear demarcation of responsibilities, if multiple sub-processors are approved): Hosting and creation of the website
Legal basis: Art. 6 (1) (a) GDPR
Finally, on a case-by-case basis, we transfer website data to our advisors in legal or tax matters, wherein these recipients are usually already obliged to special confidentiality and secrecy due to their professional status.
Data Transfer to Third Countries
As far as required for our purposes, we may also transfer your data to recipients outside the European Economic Area (“Third Countries”). This is particularly the case in the context of contract execution or due to legal regulations.
We only transfer your data to recipients in third countries in accordance with the provisions of Chapter 5 of the GDPR, i.e., when it is ensured that the EU Commission has determined an adequate level of data protection within the meaning of Article 45(1) GDPR or appropriate safeguards as per Article 46(2) and (3) GDPR have been implemented, or an exception under Article 49 GDPR has been established and there are no overriding legitimate interests against the data transfer.
To ensure an adequate level of protection for the recipient of the data, we particularly use the EU Commission's standard contractual clauses for transferring personal data to third countries (SCC).
We may transfer your data to the following third countries and implement the respective listed appropriate or adequate safeguards to protect your rights there:
Hubspot Ireland Limited: Ireland
Framer: USA
You have the option to access the SCC via the provided link, or request a copy from the data protection officer.
Diese Dritten haben nur Zugang zu Ihren personenbezogenen Daten, um diese Aufgaben in unserem Auftrag durchzuführen, und sind verpflichtet, diese nicht für andere Zwecke offenzulegen oder zu verwenden.
Duration of Data Processing and Deletion
We process your website data initially for the duration required by the respective processing purpose as outlined above.
Insofar as processing is carried out for the execution of a contract, the processing period also encompasses the periods of initiation of a contract (pre-contractual legal relationship) and the execution of a contract (including any subsequent claims).
If the processing is carried out to safeguard our legitimate interests, the processing period covers the duration until the pursued processing purposes are achieved.
In cases where processing is based on consent granted by you, the processing period covers the time from when your consent is given until the time your consent is withdrawn or until the processing covered by the consent is completed.
In this context, we point out that even in the event of a withdrawal of consent, further processing on the basis of other legal grounds may be possible (Art. 17 para. 1 lit. b) GDPR).
Even upon achievement of the primary processing purposes, further processing of your website data may occur, particularly if this is necessary to fulfil legal obligations and/or to safeguard our rights. These include, but are not limited to, the following purposes:
Fulfilment of statutory retention obligations, which may arise from, for example, the Commercial Code (§§ 238, 257 para. 4 HGB) and the Fiscal Code (§ 147 para. 3, 4 AO). The specified periods for retention or documentation can be up to ten years.
Preservation of evidence with respect to the limitation statutes. According to §§ 194 ff. of the Civil Code (BGB), these limitation periods can be up to 30 years, with the regular limitation period being three years.
Website Data Security
Personal data is protected by us through appropriate technical and organisational measures to ensure an adequate level of protection and to safeguard your personal rights. The measures implemented are designed to prevent unauthorised access to the technical facilities used by us and to protect personal data from unauthorised disclosure by third parties. In particular, this website utilises SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as contact requests you send to us as site operators. You can recognise an encrypted connection by the fact that the address bar of the browser changes from “http://” to “https://” and by the lock symbol in your browser bar. When SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties. However, we point out that data transmission over the Internet (e.g. communication by e-mail) may have security vulnerabilities. Complete protection of data from access by third parties is not possible.
Rights of the data subjects
Right of Access: You have the right to request confirmation from us as to whether website data concerning you is being processed; if so, you are entitled to access this website data pertaining to you and information in accordance with Art. 15 (1) (a-h) GDPR. If website data concerning you is transferred to a third country or an international organisation, you have the right to be informed about the appropriate safeguards as per Art. 46 GDPR in relation to the transfer. You have the right, under the conditions mentioned in Art. 15 GDPR, to obtain a copy of the website data concerning you that is subject to processing.
Right to Rectification: You have the right to demand from us the immediate rectification of website data pertaining to you if it is incorrect. Considering the purposes of the processing, you have the right to request the completion of incomplete website data concerning you – also by means of a supplementary statement.
Right to Erasure: You have the right to demand from us the immediate deletion of website data concerning you, provided one of the reasons stated in Art. 17 GDPR applies, for example, if the data is processed unlawfully.
Right to Restriction of Processing: You have the right, under the conditions mentioned in Art. 18 GDPR, to request from us the restriction of processing.
Right to Data Portability: Under the conditions outlined in Art. 20 GDPR, you have the right to receive the website data concerning you that you have provided to us, in a structured, commonly used, and machine-readable format, and you have the right to transmit this data to another controller without hindrance from us, to whom the website data was provided. In exercising this right, you have the right to have the website data concerning you transmitted directly by us to another controller, where technically feasible.
Right to Withdraw Consent: If the data processing is based on consent pursuant to Art. 6 (1) (a) GDPR or Art. 9 (2) (a) GDPR, you may withdraw your consent at any time with effect for the future. The lawfulness of processing the website data concerning you up to the point of withdrawal remains unaffected. When withdrawing consent, you may, among other options, choose the contact method you used when giving consent.
Right to Lodge a Complaint with a Supervisory Authority: You have the right to lodge a complaint with a supervisory authority, notwithstanding any other administrative or judicial remedy, particularly in the member state of your habitual residence, workplace, or place of the alleged infringement, if you believe the processing of website data concerning you infringes the GDPR.
Right to object
Under the conditions mentioned in Art. 21 GDPR, you have the right to object at any time to the processing of website data related to you, which takes place based on Art. 6 para. 1 lit. e or f GDPR, for reasons arising from your particular situation; this also applies to profiling based on these provisions. If the website data concerning you is processed for direct marketing purposes, you have the right to object at any time to the processing of data related to you for such advertising purposes; this also applies to profiling insofar as it is connected with such direct marketing.
Under the conditions mentioned in Art. 21 GDPR, you have the right to object, for reasons arising from your particular situation, to the processing of website data concerning you, which is carried out for scientific or historical research purposes or for statistical purposes in accordance with Art. 89 para. 1 GDPR.
Rights of the Data Subject and Right to Object Against the Obligated Party
Obligation to Provide Data
In principle, you are not obliged to provide us with your personal data. However, should you choose not to do so, we will not be able to provide you with full access to our website or respond to your inquiries.
Personal data that we do not absolutely require for the aforementioned processing purposes is accordingly marked as voluntary information.
Automated Decision-Making/Profiling
We do not employ automated decision-making or profiling (an automated analysis of your personal circumstances).
Currency and Amendment of this Privacy Policy
This privacy policy is currently valid and is up to date as of 10/2023.
Due to the further development of our website or as a result of changed legal or regulatory requirements, it may become necessary to amend this privacy policy. In such a case, we will update this privacy policy accordingly on our website.
