Data protection declaration
Capstone Legal Rechtsanwaltsgesellschaft mbH takes the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the provisions of data protection law.
This data protection declaration is intended to inform the users of this website in accordance with the Data Protection Regulation (DSGVO) and the Federal Data Protection Act (BDSG) about the nature, scope and purpose of the collection and use of personal data by us as the website operator during
- the use of the website,
- the establishment of contact with us,
- the establishment of a client relationship with us,
- the participation as a third party or opposing party in a mandate or
- a job application with us.
Responsible person
Responsible person in the sense of data protection law:
Capstone Legal Rechtsanwaltsgesellschaft mbH
Cremon 1
20457 Hamburg
T: +49 40 537 97 68-68
info@capstone-legal.com
Data processing to enable the use of our website
When you visit our website, we collect personal data to enable you to use it (usage data). This includes your IP address and data about the beginning, end and subject of your use of the website. This also includes the technical data transmitted by your browser, such as browser type / browser version, the website previously visited (referrer URL), monitor resolution, operating system, device information (e.g. device type), etc., if applicable. We process this usage data in our legitimate interest (Art. 6 para. 1 p. 1 lit. f DSGVO) for the purpose of providing this website and designing it to meet our needs.
Cookies and web analysis
When visiting our website, information may be stored on your terminal device in the form of cookies. A cookie is a small text file that is sent to your browser by a web server and stored on your terminal device. When you next visit our website, cookie data will again be transmitted to our web server. In this way, we can recognise you, for example, and take your individual settings into account when displaying the website. There are cookies that are absolutely necessary to guarantee the technical functionality of the website. The legal basis for the use of technically necessary cookies is our legitimate interest in providing our website in accordance with Art. 6 para. 1 lit. f DSGVO.
Other cookies may be used in the context of web analytics. They can be combined with further information about your activities on our website and are processed in pseudonymous usage profiles. This helps us to analyse information about web traffic and to improve our website in order to adapt it to the needs of users. We use this information for statistical analysis only. The legal basis for the use of other cookies and web analytics is your consent in accordance with Art. 6 para. 1 lit. a DSGVO. Your consent also covers any data transfers to the USA that may be associated with the use of cookies (see also Clause 14).
We display a dedicated banner in which we indicate the use of cookies. Only if you agree to the setting of all cookies used by us, we set non-essential cookies. Before you give your consent, only technically necessary cookies are set.
In addition to our cookie banner, you can limit the content of your consent to the setting of cookies entirely or in part by configuring your browser settings accordingly and deactivating the setting of cookies either entirely or in part. Additionally, you may install a privacy protection plugin in your browser that offers the option to prevent web analytics - e.g., AdBlock, Ghostery or NoScript (please refer to the privacy notices of the respective plugin provider). Some web analytics providers are also members of industry associations whose websites allow you to centrally prevent usage-based online advertising and web analytics by their respective members. Below you will find the websites of these associations for convenient cross-provider web analytics prevention. In this way, you can also prevent the creation of pseudonymous usage profiles.
- “European Interactive Digital Advertising Alliance” (EDAA): http://www.youronlinechoices.com/de/praferenzmanagement/
- “Digital Advertising Alliance“ (DAA): aboutads.info/choices/
- “Network Advertising Initiative“ (NAI): http://optout.networkadvertising.org/?c=1
If you do not declare your consent to the use of cookies or delete cookies from your terminal device, this may affect your ability to use the website or individual functionalities. For detailed information on the individual cookies used on our website, please refer to the privacy settings.
Google Analytics
This website uses Google Analytics, a web analytics service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA („Google“), if you have given us your consent to do so through the cookie banner. Google Analytics uses cookies (see Clause 3) to enable an analysis of your use of the website. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there. Your IP address will, however, be shortened beforehand by Google within member states of the European Union or in other contracting states to the Agreement on the European Economic Area and thus anonymised. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and shortened there (see also Section 14 on data transfers to the USA). On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be linked to any other data held by Google. For the prevention of processing by Google, see also Clause 3, in particular the information in the table. Alternatively, you can revoke your consent by clicking on the “Revoke Google Analytics” button. In this case, we set a technically necessary cookie that recognises your revocation of consent when you visit our website.
Embedded Vimeo videos
Our website contains embedded videos from the streaming service Vimeo. This service is operated exclusively by third-party providers. When you play videos, information may be transmitted to these providers. For the playback of videos, we use the so-called „two-click solution“. This means that when you visit our website, we do not pass on any personal data. Only when you watch embedded videos will data be transmitted to the respective provider. For information on the purpose and scope of the data collection and the further processing and use of the data by the provider, as well as your rights in this regard and setting options for protecting your privacy, please refer to the data protection information of the respective provider. This information is available here:
Vimeo, Inc., 555 West 18th Street, New York, New York 10011, USA
https://vimeo.com/privacy
Handling contact data
If you contact the website operator using the contact options provided, your details will be stored so that they can be used to process and address your enquiry. If you have a contractual relationship with us or are interested in our services, the legal basis for the processing is Art. 6 para. 1 lit. b DSGVO. Otherwise, the legal basis of the processing is our legitimate interest in providing means of contact within the scope of our business operations (Art. 6 para. 1 lit. f DSGVO).
Regular contact in the course of business
In the case of spontaneous business contact data exchanges, including at events, business lunches or other official activities, e.g. by exchanging business cards, we process your contact data (name, address, e-mail or telephone number), data about your company (address, field of business, job description, title), data about your input/enquiry (content, time of enquiry, means of communication) in order to re-establish contact with you and process your enquiry. The legal basis for this is Art. 6 para. 1 lit. f DSGVO.
Data processing upon the establishment of a client relationship
In the event of a mandate being granted, we collect and process the following data: Title, first name and surname, e-mail address, address, telephone/mobile phone number, information necessary for the assertion and defence of the client within the scope of the mandate or for counselling.
We require these data so that we can identify you as our client, provide you with appropriate legal advice and representation, communicate with you, for billing purposes, and so that we can handle any liability claims that may exist and the assertion of any claims against the client.
The data processing is performed in response to your request and is required in accordance with Art. 6 para. 1 sentence 1 lit. b DSGVO for the aforementioned purposes for the appropriate processing of the mandate and for the mutual fulfilment and commitment arising from the mandate agreement. The collection of the data is also a prerequisite for the acceptance of the mandate.
The personal data collected will be stored until the expiry of the statutory retention obligation for lawyers (6 years after the end of the calendar year in which the mandate was terminated) and then deleted, unless Capstone is obliged to store the data for a longer period of time pursuant to Art. 6 para. 1 sentence c DSGVO on the basis of tax and commercial law or professional obligations to retain and document data (from the German Commercial Code (HGB), the German Criminal Code (StGB), the German Tax Code (AO) or the German Federal Lawyers‘ Act (BRAO)) or the client has consented to further storage pursuant to Art. 6 para. 1 sentence 1 lit a DSGVO.
The above information does not constitute an obligation to retain information.
Beyond this, we also process data of persons with whom there is no (direct) client relationship, insofar as this is necessary for the initiation or implementation of client relationships. This means that we can process your data if you are a representative, a contact person or an employee of a company that is our client. In this case, the legal basis is our legitimate interest in the initiation or implementation of the respective client relationship (Art. 6 para. 1 lit. f DSGVO).
Data processing in the event of your participation as an additional party or third party within the scope of the mandate relationship
Insofar as we assert our clients‘ interests or claims against you (or against a company of which you are the representative or contact person) in or out of court, we may process your personal data in the course of such proceedings. The same applies if you (or a company of which you are a representative, employee or contact person) are involved in another way in or out of court (e.g. as a business or negotiating partner, as an intervening party, as a joint litigant, or as an employee of a court) and the processing is necessary for the implementation of the client relationship.
In this context, the legal basis for the processing of your personal data is Art. 6 para. 1 lit. f DSGVO. Our legitimate interest is to enforce our clients‘ interests and claims effectively. This interest also requires the direct contact and collection of personal data of opposing parties, potential witnesses, and other third parties relevant to the administration of the case.
Data processing when applying for a job with us
During the application process, regardless of whether the application is made by e-mail or by postal mail, we process your personal data, usually name, address, e-mail, telephone number, marital status, qualifications, and, if applicable, other personal information from your cover letter and CV, as well as file attachments (including CV and references) that you may provide. The processing is conducted for the purpose of contacting you and assessing your suitability for the job you are applying for. The legal basis is Section 26 para. 1, para. 8 sentence 2 BDSG or Section 26 para. 2, para. 8 sentence 2 BDSG. If your application is unsuccessful, this data will be deleted six months after the end of the application process, unless you have expressly agreed to longer storage. You are under no obligation to provide us with your personal data. We would, however, like to point out that your application cannot be considered if you do not provide us with your personal data. There will be no further consequences for you.
Data processing in the use of a videoconferencing service
We may use a third-party video conferencing service for telephone calls and online meetings with you. If you attend such meetings, information may be transmitted to the respective provider. Your participation in such a meeting is voluntary. If necessary, we will be happy to provide you with another way of communicating with us.
The legal basis for processing your personal data in the context of online meetings is Article 6 para. 1 lit. b DSGVO (if we hold the meeting for the implementation of a contractual relationship with you) or Article 6 para. 1 lit. f DSGVO (if we hold the meeting for other business purposes); in the latter case, our legitimate interest is to be able to use functional and widely used tools for video conferencing services in order to communicate efficiently with clients and external partners.
We do not record video or phone conferences. Video conferences are secured according to the state of the art and encrypted end-to-end, provided that the third-party provider offers this from a technical point of view in the specific situation.
Insofar as we use the „Microsoft Teams“ or „Zoom“ services for the technical implementation, the following applies: The service provider we use is, in the case of „Microsoft Teams“, Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA, and in the case of „Zoom“, Zoom Video Communications, Inc., 55 Almaden Boulevard, Suite 600, San Jose, CA 95113 (collectively, Third Party Providers). The third-party providers process personal data of the participants on our behalf, in particular the IP address, the content of the conversation, e-mail addresses, names and possibly other service-related data, and store these for the duration of the video conference or, if you use the services beyond that, for the duration of the use. The third-party providers are appropriately obligated by us as processors to comply with data protection. The third-party providers may also process the data outside the European Economic Area (see Transfer of personal data to third parties and in countries outside the European Economic Area (EEA).
Protection of the website
In order to prevent unauthorised access to your data by third parties, we follow the latest technical and organisational practices. For this reason, we also use SSL encryption for our website in all areas to ensure the best possible data security. We expressly advise you that data transmission on the Internet (e.g. communication by e-mail) may be subject to security gaps. There is no complete protection against access to data.
Transfer of personal data to third parties and to countries outside the European Economic Area (EEA)
Your personal data will only be transferred to third parties if this is permitted by law or if you have given your prior consent. We will only pass on your data to state authorities within the scope of legal obligations or on the basis of an official order or court ruling.
There is no transfer to recipients outside the EEA, with the exception of data processing in the use of other cookies (see Clauses 4 and 5) and a video conferencing service (see Clause 12). The above-mentioned processing operations result in the transmission of data to the servers of the third-party providers commissioned by us. These servers are located partly in the USA. If the servers are located in Europe, it cannot be completely excluded that data is nevertheless transferred to the USA because the providers are based in the USA. The data transfer occurs on the basis of so-called standard contractual clauses of the EU Commission.
We indicate that the USA is not a safe third country within the meaning of EU data protection law. In certain cases, US companies are obliged to hand over personal data to safety authorities without you as a data subject being able to take legal action against this. Therefore, it cannot be excluded that US authorities (e.g. intelligence services) process, evaluate and permanently store your data located on US servers for surveillance purposes. We have no influence over these processing activities.
Duration of storage
We delete your personal data as soon as they are no longer required for the aforementioned processing purposes.
Your Rights
As a data subject, you have the right to obtain confirmation as to whether personal data relating to you is being processed by us and, if so, the right to obtain information about that personal data (Art. 15 DSGVO), the right to have your inaccurate data corrected (Art. 16 DSGVO), the right to have your data deleted (Art. 17 DSGVO) and the right to have your data restricted (blocked) (Art. 18 DSGVO).
You may also object to processing on the basis of Article 6 para. 1 lit. e or f DSGVO (Article 21 DSGVO), in which case you must provide a specific reason, except in the case of direct marketing.
If you have provided your data, you can request the transfer of the data (Art. 20 DSGVO). Whether and to what extent these rights exist in individual cases and under what conditions they apply is specified by law in the designated standards. If the processing is based on consent within the meaning of Art. 6 para. 1 lit. a DSGVO, you may revoke this consent at any time for the future (Art. 7 para. 3 DSGVO). In addition, you have the right to contact the competent data protection supervisory authority (Art. 77 DSGVO).
No automated case-by-case decision
We do not use your personal data for automated case-by-case decisions within the meaning of Art. 22 para. 1 DSGVO.
Changes to the data protection declaration
New legal requirements, business decisions or technical developments may require changes to our privacy policy. The data protection declaration will then be updated accordingly. You will always find the latest version on our website.
Current version: January 2022
