How we protect your data on this website
Data protection in general and protecting your personal data in particular are not only important to us, they are also governed by a number of legal requirements. Essential elements of data protection are, for example, making sure that a person who provides personal data, also referred to as data subjects, knows what data are collected, whether and how they are shared with third parties, for what purposes the data are collected, what the legal basis for the data collection and processing is and when the data will be deleted.
By publishing the following Data Protection Policy, the operator of this website provides you with the information you need to understand how your personal data is processed whenever you visit this website. In addition, this Policy also includes information on your rights to your personal data – for example, your right to revoke your consent to data collection and processing, your right to request the erasure of your personal data and your right to have erroneous data corrected.
Your rights and how to exercise them are explained below.
Definitions
Many of the terms used in this Data Protection Policy are defined in the European Union’s General Data Protection Regulation (hereinafter, GDPR). The aim of the GDPR is to protect natural persons whenever their personal data is processed by others. This Policy uses the same terminology as the GDPR because the GDPR plays such an essential role in the protection of personal data. Some of the definitions used in this Policy have been abbreviated – for the full definition, please refer to the full text of the GDPR.
Personal data means any information relating to an identified or identifiable natural person (hereinafter referred to as a “data subject”). For further details, please refer to Article 4(1) of the GDPR.
The Data Controller is the natural or legal person who determines the purposes and means of the processing of personal data. For further details, please refer to Article 4(7) of the GDPR.
Processing means any operation or set of operations which is performed on personal data, such as the collection, storage, modification, transmission and erasure of data. For further details, please refer to Article 4(2) of the GDPR.
The website is defined as the URL www.baltic-berlin.de and www.baltic-berlin.com and all sub-pages to this website.
Data Controller within the meaning of the GDPR
Signature Capital GmbH
Zoofenster
Hardenbergstraße 27
D-10623 Berlin
Managing Director: Laurence Doyle, Arnd Leinemann, Enda Woods
District Court of Charlottenburg
HRB 102483 B
Telephone: +49 30 318 04 92 0
Email: info@signaturecapital.com
Hereinafter referred to as “operator” or “organisation”.
Representative of the Data Controller
The Data Controller has no representative.
Jointly responsible persons
There are no other responsible persons apart from the Data Controller specified above.
Data Protection Officer
The Data Controller has appointed the following Data Protection Officer:
Name: Gross Rechtsanwälte Service GmbH
Address: Strausberger Platz 1, 10243 Berlin
Telephone: +49 30 419939660
Email: kanzlei@gross.team
Purpose of data processing
The Data Controller processes personal data for the following purposes, all of which are described in more detail below:
- Communication
- Contract initiation
- Contract conclusion
- Contract performance
- Contract termination
- Improving users’ experience while using the website
- Improving the design of the website
- Improving the services offered to users via the website
- Improving the features offered to users via the website
Legal basis for data processing
The operator of this website processes data in compliance with the following legal principles:
- data processing is subject to the data subject’s consent
Data processing is required
- to implement pre-contractual measures at the data subject’s request;
- to conclude, perform or terminate a contract with the data subject;
- to assert, exercise or defend legal claims; and
- to protect the legitimate interests of the operator or of a third party
The relevant legal framework is set out below.
Categories of data subjects
There are different categories of data subjects from whom the operator collects and processes personal data:
- Website visitors
- Prospective customers
- Contractual partners
Categories of personal data
There are also different categories of personal data collected and processed by the operator. The following categories of personal data are processed. The purposes for which they are collected and processed are explained below.
Whenever you contact us, the operator will collect the following personal data:
- First name
- Last name
- Title
- Address
- Telephone number
- Email address
Your browser automatically transmits the following data to our webhosting service provider.
- Your IP address;
- The referrer URL, i.e. the website you visited prior to accessing our website;
- Details of any pages of our website you visit and files you access;
- The date and time you access our website;
- Details of the volume of data transferred; and
- The status of your access (file transferred, not found, etc.).
Categories of recipients
There are different categories of recipients to whom your personal data has been or may be transmitted. We may transfer your personal data to the following categories of recipients. More detailed information on the potential recipients is provided below.
- The operator’s management
- Departments within the operator’s organisation
- Internet service providers
- IT service providers
- Providers of online marketing services
- Lawyers
- Architects
- Banks
We will not transmit your personal data to other third parties.
We do not transfer personal data to third countries or to international organisations.
Insofar as data are processed in a third country because our website uses the services of third parties, or if your personal data are disclosed or transmitted to third parties, this will only ever take place in order to fulfil our (pre-)contractual obligations, on the basis of your consent, on the basis of a legal obligation or on the basis of our legitimate interests. Subject to legal and/or contractual permissions, we will only transmit your personal data to a third country insofar as the special conditions laid down in Articles 44–50 of the GDPR have been fulfilled. This means that your personal date will only be processed, for example, where appropriate safeguards are in place and effective legal remedies for data subjects are available.
Erasure of personal data
Data that are no longer necessary for the purposes for which they were originally collected or otherwise processed will be erased within a period of six (6) months, unless there is an overriding legal obligation that prevents their erasure.
If you, as the data subject, withdraw your consent and there is no other legal basis for processing your data, we will erase your data without undue delay.
Data that is automatically collected by our IT systems when you visit our website is automatically erased within 3 days.
Data protection based on technical and/or organisational measures
SSL/TLS encryption
For additional security and to protect the transmission of confidential data, including orders and/or inquiries that you send to this website’s operator, our website uses SSL or TLS encryption. You can tell when your connection to a website is encrypted by the fact that the website address displayed by your browser changes from “http://” to “https://” and by the lock symbol that appears next to the website address in your browser window.
When SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.
Data transmission via the internet
We would like to point out that the transmission of data via the internet (e.g. by email) is subject to certain vulnerabilities. It is therefore not possible to guarantee complete protection against access by third parties.
Order processing
We also use third parties to process your personal data. In the GDPR, these third parties are referred to as contract processors. In order to process orders efficiently, we have concluded contracts with contract processors. These contracts specify, for example, which data are to be processed by the processor, how these data are to be processed and, in particular, when the data are to be deleted.
Detailed information on how and why we process personal data
Server log files
As the provider of this website, we automatically collect and store information in so-called server log files, which your browser automatically sends to us. These data encompass:
- Your IP address;
- The referrer URL, i.e. the website you visited prior to accessing our website;
- Details of any pages of our website you visit and files you access;
- The date and time you access our website;
- Details of the volume of data transferred;
- The status of your access (file transferred, not found, etc.); and
- Details of the type and version of browser you used to access our website.
These data are stored in order to ensure the stability and operational consistency of our website. The legal basis for this is provided by Article 6(1)(f) of the GDPR (legitimate interest).
These data will not be merged with other data sources.
Information on your rights with regard to data processing
Revoking your consent to data processing
Many data processing operations are only possible and permissible with your express consent. You can revoke your consent at any time. If you wish to revoke your consent, please send us an informal instruction to inform us accordingly. Your revocation of consent shall apply to all future processing; the legality of the data processing prior to your revocation of consent shall remain unaffected.
Right to information, restriction of processing, erasure
Within the framework of the applicable legal provisions, you as the data subject have the right to request information free of charge and at any time about the personal data concerning you that we store, along with details of the data’s origin, recipients and the purpose of the data processing and, insofar as applicable, a right to correct, erase or restrict the processing of these data. In order to request this information, or to ask any other questions regarding your personal data, please contact us at any time at the address provided in our website’s Legal Notice.
Right to lodge a complaint with a competent supervisory authority
In the event of an alleged infringement of data protection law, you as a data subject have the right to lodge a complaint with the competent supervisory authority. The competent supervisory authority in matters of data protection law is the State Data Protection Commissioner of the federal state in which our company is based. A list of the data protection officers and their contact details can be found at the following link: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.
Right to data portability
You have the right to receive the personal data concerning you, which you have provided to us with your consent, or which has been processed automatically in fulfilment of a contract, in a structured, commonly used and machine-readable format. You also have the right to have your personal data transmitted directly from us to another data controller, insofar as this is technically feasible.
Right to object
Insofar as your personal data are processed on the basis of legitimate interests, you have the right to object, on grounds relating to your particular situation, to the processing of your personal data in accordance with Article 21 of the GDPR. If you wish to exercise your right of revocation or objection, please send an email to our Data Controller.
Provision of data
You are not required by law or contract to provide us with your personal data. These data are required for concluding a contract. You are not legally obliged to provide these data. However, if you do not provide us with these data, we will be unable to achieve the data processing purposes stated in this policy.
Third party tools
Google Maps
This site uses the Google Maps service via an API. The service is provided by Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
In order to use the functions of Google Maps, Google needs to store your IP address. This information is usually transmitted to a Google server in the United States and stored there. As the operator of this site, we have no influence on the transmission of this data.
We use Google Maps in order to enhance the functionality and appearance of our website and to make it easier for users of our website to find the locations we indicate on our website. This represents a legitimate interest in accordance with Article 6(1)(f) of the GDPR.
More information on Google’s processing of user data can be found in Google’s privacy policy: https://www.google.de/intl/de/policies/privacy/.