DE · EN
Privacy Policy

We are pleased that you are visiting our website. The protection and security of your personal information when using our website is very important to us. We would therefore like to take this opportunity to inform you about which of your personal data we collect when you visit our website and for what purposes it is used.

This privacy policy applies to our internet services, which can be accessed under this domain and the various subdomains (‘our website’).

Objection to advertising e-mails

We hereby object to the use of the contact data published on the website in accordance with the imprint obligation, the data protection notice and other contact data published on the website for sending unsolicited advertising and information material. The operators of the pages expressly reserve the right to take legal action in the event of unsolicited advertising information being sent, for example by spam e-mails.

Who is responsible and how can I contact you?

Person responsible
for the processing of personal data within the meaning of the EU General Data Protection Regulation (GDPR)

Samson & Partner Patentanwälte mbB
Widenmayerstr. 6
80538 Munich

Data Protection Officer
Stephan Krischke, datenschutz@samson-partner.de

What is this about?

This privacy statement fulfils the legal requirements for transparency when processing personal data. This is any information relating to an identified or identifiable natural person. This includes, for example, information such as your name, age, address, telephone number, date of birth, email address, IP address or user behaviour when visiting a website. Information that we cannot (or only with disproportionate effort) link to you personally, e.g. through anonymisation, is not personal data. The processing of personal data (e.g. collection, retrieval, use, storage or transmission) always requires a legal basis and a defined purpose.

Stored personal data is deleted as soon as the purpose of the processing has been achieved and there are no legitimate reasons for further storage of the data. We will inform you about the specific storage periods or criteria for storage in the individual processing operations. Irrespective of this, we store your personal data in individual cases for the assertion, exercise or defence of legal claims and in the event of statutory retention requirements.

Who receives my data?

Your personal data will not be transferred to third parties for purposes other than those listed below.

We only disclose your personal data to third parties if:

• you have given us your express consent to do so in accordance with Art. 6 (1) point a GDPR,

• the disclosure is permissible in accordance with Art. 6 (1) point f GDPR for the purposes of our legitimate interests and there is no reason to assume that you have an overriding legitimate interest in the non-disclosure of your data,

• in the event that disclosure is required by law in accordance with Article 6 (1) (c) of the GDPR, and

• this is legally permissible and necessary for the performance of a contract with you in accordance with Article 6 (1) (b) of the GDPR.

In order to protect your data and, if necessary, to enable data transmission to third countries (outside the EU/EEA), we have concluded agreements for order processing based on the standard contractual clauses of the European Commission. If the standard contractual clauses are not sufficient to establish an adequate level of security, your consent can serve as the legal basis for the transfer to third countries in accordance with Art. 49 (1) point a GDPR. This does not apply to data transfers to third countries for which the European Commission has issued an adequacy decision in accordance with Art. 45 GDPR.

Personal data may be transferred to the United States as part of the processing operations described in this privacy policy. In particular, US investigative authorities may require US companies to disclose personal data without the data subjects being able to effectively take legal action against this. This means that there is a fundamental possibility that your personal data may be processed by US investigative authorities. We have no influence over these processing activities. The data transfer to the USA is carried out in accordance with Art. 45 (1) GDPR on the basis of the European Commission's adequacy decision. The US companies involved and/or their US subcontractors are certified according to the EU-U.S. Data Privacy Framework (EU-U.S. DPF). In cases where there is no adequacy decision by the European Commission (including US companies that are not certified under the EU-US DPF), we have agreed other appropriate safeguards with the recipients of the data within the meaning of Art. 44 et seq. of the GDPR. These are – unless otherwise indicated – standard contractual clauses of the EU Commission in accordance with Implementing Decision (EU) 2021/914 of 4 June 2021. You can view a copy of these standard contractual clauses at https://eur-lex.europa. eu/legal-content/EN/TXT/HTML/?uri=CELEX:32021D0914&from=EN. If the standard contractual clauses are not sufficient to establish an adequate level of security or it is not possible to conclude the standard contractual clauses, your consent can serve as the legal basis for the transfer in accordance with Art. 49 (1) point a GDPR.

Do you use cookies?

Cookies are small text files that we send to the browser of your device and store there when you visit our website. As an alternative to the use of cookies, information can also be stored in the local storage of your browser. Some of our website functions cannot be offered without the use of cookies or local storage (technically necessary cookies). Other cookies, on the other hand, enable us to perform various analyses so that, for example, we are able to recognise the browser you are using when you visit our website again and transmit various information to us (non-essential cookies). With the help of cookies, we can, among other things, make our website more user-friendly and effective for you by tracking your use of our website and determining your preferred settings (e.g. country and language settings). If third parties process information via cookies, they collect the information directly via your browser. Cookies do not cause any damage to your end device. They cannot execute programs or contain viruses.

We provide information about the respective services for which we use cookies in the individual processing operations. You can find detailed information about the cookies used in the cookie settings or in the Consent Manager of this website.

What are my rights?

Under the conditions laid down in the statutory provisions of the General Data Protection Regulation (GDPR), you have the following rights as a data subject:

Right of access in accordance with Article 15 of the GDPR to the personal data stored about you in the form of meaningful information on the details of the processing and a copy of your data;

Rectification of incorrect or incomplete data stored by us in accordance with Art. 16 GDPR;

Erasure of the data stored by us in accordance with Art. 17 GDPR, unless the processing is necessary to exercise the right to freedom of expression and information, to fulfil a legal obligation, for reasons of public interest or to establish, exercise or defend legal claims;

Restriction of processing in accordance with Art. 18 GDPR, insofar as the accuracy of the data is disputed, the processing is unlawful, we no longer require the data and you reject its erasure because you require it for the establishment, exercise or defence of legal claims or you have objected to the processing in accordance with Art. 21 GDPR.

Data portability in accordance with Art. 20 GDPR, insofar as you have provided us with personal data within the scope of consent in accordance with Art. 6 (1) point a GDPR or on the basis of a contract in accordance with Art. 6 (1) point b GDPR and this data has been processed by us using automated procedures. You will receive your data in a structured, commonly used and machine-readable format or we will transmit the data directly to another controller, where technically feasible.

Objection in accordance with Art. 21 GDPR to the processing of your personal data, insofar as this is based on Art. 6 Para. 1 lit. e, f GDPR and there are reasons for this that arise from your particular situation or the objection is directed against direct mail. The right to object does not apply if there are compelling legitimate reasons for the processing or the processing is carried out for the purpose of asserting, exercising or defending legal claims. If the right to object does not apply to individual processing operations, this is indicated there.

Revocation of your consent with effect for the future in accordance with Art. 7 (3) GDPR.

Complaint in accordance with Art. 77 GDPR to a supervisory authority if you believe that the processing of your personal data violates the GDPR. As a rule, you can contact the supervisory authority at your usual place of residence, your workplace or our company headquarters.

How is my data processed in detail?

In the following, we will inform you about the individual processing operations, the scope and purpose of the data processing, the legal basis, the obligation to provide your data and the respective storage period. There is no automated decision-making in individual cases, including profiling.

Provision of the website
Type and scope of processing
When you access and use our website, we collect the personal data that your browser automatically transmits to our server. The following information is temporarily stored in a so-called log file:

• IP address of the requesting computer
• Date and time of access
• Name and URL of the retrieved file
• Website from which access is made (referrer URL)
• Browser used and, if applicable, your computer's operating system, as well as the name of your access provider

Our website is not hosted by ourselves, but by a service provider who, for the purpose of processing the aforementioned data on our behalf in accordance with Art. 28 GDPR, processes the aforementioned data in our order.

Purpose and legal basis
The processing is carried out to safeguard our overriding legitimate interest in displaying our website and ensuring security and stability on the basis of Article 6(1)(f) GDPR. The collection of data and storage in log files is essential for the operation of the website. There is no right to object to the processing due to the exception under Article 21(1) GDPR. Insofar as further storage of the log files is required by law, the processing is carried out on the basis of Art. 6 (1) point c GDPR. There is no statutory or contractual obligation to provide the data, but accessing our website without providing the data is technically impossible.

Storage duration
The aforementioned data is stored for the duration of the display of the website and - for technical reasons - for a maximum of 7 days.

Contact
Type and extent of processing
When you contact us (e.g. using the contact form or by email), personal data is collected. The data collected when you use the contact form can be seen on the contact form itself. You can also voluntarily provide additional information that you feel is necessary for your enquiry to be processed.

When you contact us, your personal data will not be passed on to third parties.

Purpose and legal basis
Your data is processed for the purpose of communicating with you and handling your enquiry on the basis of your consent in accordance with Article 6(1)(a) GDPR. If your enquiry relates to an existing contractual relationship with us, the data is processed for the purpose of fulfilling the contract on the basis of Article 6(1)(b) GDPR. There is no legal or contractual obligation to provide your data, but it is not possible to process your request without providing the information in the mandatory fields. If you do not wish to provide this data, please contact us by other means.

Storage period
If you contact us on the basis of your consent, we store the data collected for each request for a period of three years, beginning with the completion of your request or until you revoke your consent.

If you contact us in the context of a contractual relationship, we store the data collected for each request for a period of three years from the end of the contractual relationship.

Contact form for applicants
Type and scope of processing
We collect and process the personal data of applicants. Such data processing may also be carried out electronically, for example, when applicants send us application documents by email or via a web form on our website. On our website, we offer you the opportunity to submit applications for advertised positions by email.

Any storage of your data in an applicant database beyond the current application process will only take place if you have given us your separate consent to do so.

Purpose and legal basis
The legal basis for the processing of your personal data in this application process is primarily Art. 6 (1) point b GDPR. This allows the processing of data that is necessary in the context of making a decision regarding the establishment of an employment relationship. This also includes the use of the online application portal, if available. If special types of personal data within the meaning of Art. 9 GDPR are processed (e.g. health data), the legal basis is Section 26 (3) BDSG or Art. 9 (2) (b) GDPR in conjunction with Art. 6 (1) (b) GDPR. If your application documents are forwarded to third parties, in particular to companies affiliated with us, and your data is stored beyond the current application process, the processing of your data is carried out on the basis of Article 6 (1) (1) (a) GDPR in conjunction with Section 26 (2) BDSG. There is no legal or contractual obligation to provide your data, but it is not possible to process your application without providing the information.

Storage period
In the event of a rejection, applicants' data will be deleted after 6 months. If you have agreed to the further storage of your personal data, we will transfer your data to our pool of applicants. The data in this pool will be deleted after 24 months.

Presence on social media platforms
We maintain so-called fan pages or accounts or channels on the networks listed below in order to provide you with information and offers within social networks and to offer you further ways to contact us and find out about our offers. In the following, we will inform you about which data we or the respective social network processes from you in connection with accessing and using our fan pages/accounts.

Data that we process about you
If you wish to contact us via Messenger or via Direct Message on the respective social network, we will generally process your user name, which you use to contact us, and may store other data that you provide, insofar as this is necessary to process/respond to your request.

The legal basis for this is Art. 6 (1) sentence 1 f) GDPR (processing is necessary for the purposes of the legitimate interests pursued by the controller).

(Static) usage data that we receive from social networks
We receive automatically provided statistics regarding our accounts via Insights functionalities. The statistics include, among other things, the total number of page views, likes, page activity and post interactions, reach, video views/views, and information on the proportion of men/women among our fans/followers.

The statistics only contain aggregated data that cannot be linked to individual persons. They are not identifiable to us in this way.

It is not possible for us to draw any conclusions about individual users from the statistical information provided. We only use this information to respond to the interests of our users and to continuously improve our online presence and ensure its quality.

Which of your data the social networks process
To view the contents of our fan pages or accounts, you do not need to be a member of the respective social network and, to this extent, no user account for the respective social network is required.

However, please note that when you access a social network, the social networks also collect and store data from website visitors without a user account (e.g. technical data in order to be able to display the website) and use cookies and similar technologies, over which we have no influence. You can find details on this in the data protection provisions of the respective social network (see the corresponding links above).

If you wish to interact with the content on our fan pages/accounts, e.g. comment on, share or like our posts and/or contact us via messenger functions, you must first register with the respective social network and provide personal data.

We have no influence on the data processing by the social networks in the context of your use. To the best of our knowledge, your data is stored and processed in particular in connection with the provision of the services of the respective social network, and also for the purpose of analysing user behaviour (using cookies, pixels/web beacons and similar technologies) on the basis of which advertising based on your interests is displayed both within and outside the respective social network. It cannot be ruled out that your data may also be stored by social networks outside the EU/EEA and passed on to third parties.

Due to the fact that the actual data processing is carried out by the social network provider, our access to your data is limited. Only the social network provider is authorised to have full access to your data. As a result, only the provider can directly take and implement appropriate measures to fulfil your user rights (requests for information, deletion, objection, etc.). The most effective way to assert such rights is therefore to do so directly with the respective provider.

Purpose and legal basis
We collect your data via our profile only to enable you to communicate and interact with us. This collection usually includes your name, message content, comment content and the profile information you have made ‘publicly’ available.

The processing of your personal data for our above-mentioned purposes is based on our legitimate business and communicative interest in offering an information and communication channel in accordance with Art. 6 (1) f) GDPR. If you, as a user, have given your consent to the respective social network provider for data processing, the legal basis for the processing extends to Art. 6 (1) a), Art. 7 GDPR.

LinkedIn page
LinkedIn is a social network operated by LinkedIn Inc. based in Sunnyvale, California, USA, which allows users to create private and professional profiles of natural persons and company profiles. Users can maintain their existing contacts and make new ones within the social network. Companies and other organisations can create profiles to upload photos and other company information in order to present themselves as employers and hire employees. Other LinkedIn users have access to this information and can write their own articles and share this content with others. The focus of the network is on professional exchange on specialist topics with people who have the same professional interests.

When using or visiting the network, LinkedIn automatically collects data from users or visitors during use or during the visit, for example, user name, job title and IP address. This is done with the help of various tracking technologies. LinkedIn provides users with information, offers and recommendations based, among other things, on the data collected in this way.

We collect your data via our company profile only to enable you to communicate and interact with us. This collection usually includes your name, message content, comment content and the profile information you have made ‘publicly’ available.

The processing of your personal data for our above-mentioned purposes is carried out on the basis of our legitimate business and communicative interest in offering an information and communication channel in accordance with Art. 6 (1) f GDPR. If you, as a user, have given your consent to the respective social network provider for data processing, the legal basis for the processing extends to Art. 6 (1) a, Art. 7 GDPR.

Due to the fact that the actual data processing is carried out by the social network provider, our access to your data is limited. Only the social network provider is authorised to access your data in full. As a result, only the provider can directly take and implement appropriate measures to fulfil your user rights (requests for information, deletion, objection, etc.). The most effective way to assert such rights is therefore to do so directly with the respective provider.

We and LinkedIn are jointly responsible for the personal content of our company profile. Data subjects can assert their rights with LinkedIn Inc. and with us.

We do not make any decisions regarding the data collected on the LinkedIn site using tracking technologies.

Further information about LinkedIn can be found at: https://about.linkedin.com.

Further information on data protection at LinkedIn can be found at: https://www.linkedin.com/legal/privacy-policy.

Further information on the storage period/deletion and guidelines for the use of cookies and similar technologies in the context of registration and use at LinkedIn can be found at: https://de.linkedin.com/legal/cookie-policy?trk=homepage-basic_footer-cookie-policy.

Technology

SSL/TLS encryption
This site uses SSL or TLS encryption to ensure the security of data processing and to protect the transmission of confidential content, such as orders, login data or contact requests that you send to us as the operator. You can recognise an encrypted connection by the fact that the address line of the browser shows ‘https://’ instead of ‘http://’ and by the lock symbol in your browser line.

If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

January 2025