Privacy Policy
Last updated: June 20, 2024
With this privacy policy, Rulemapping Group GmbH aims to inform you about the processing of your personal data in connection with your visit and use of this website, as well as your use of our services.
The use of the Rulemapping Group GmbH’s websites is generally possible without providing any personal data. However, if a person wishes to use specific services offered by our company via our website, the processing of personal data may become necessary. If the processing of personal data is required and there is no legal basis for such processing, Rulemapping Group GmbH will generally obtain consent from the individual concerned.
The processing of personal data, such as a person’s name, address, email address, or phone number, is always in compliance with the General Data Protection Regulation (GDPR) and in accordance with the country-specific data protection regulations applicable to Rulemapping Group GmbH. With this privacy policy, our company seeks to inform the public about the type, scope, and purpose of the personal data we collect, use, and process. Additionally, individuals are informed of their rights through this privacy policy.
Rulemapping Group GmbH adheres to a unified approach to protecting your data, always in accordance with applicable laws. However, specific requirements, as well as rights and obligations regarding personal data and/or data processing, may vary depending on location and the applicable law. The following descriptions of data processing, related rights and obligations, and restrictions reflect what applies under the GDPR. If Rulemapping Group GmbH operates in countries outside the European Union or in countries where GDPR does not apply (such as the United States), these descriptions, rights, obligations, and restrictions may not necessarily apply. This privacy policy does not create rights or obligations beyond what is stipulated by the applicable local data protection regulations.
1. Name and Address of the Controller
The controller for the processing of your personal data within the meaning of Art. 4(7) GDPR is:
Rulemapping Group GmbH
Friedrichstraße 123
10117 Berlin
Email: info@rulemapping.com
Web: www.rulemapping.com
Managing Directors: Ina Remmers, Till Behnke, Matthes Scheinhardt, Dr. Dirk Woywod
Rulemapping Group GmbH
Friedrichstraße 123
10117 Berlin
Email: info@rulemapping.com
Web: www.rulemapping.com
Managing Directors: Ina Remmers, Till Behnke, Matthes Scheinhardt, Dr. Dirk Woywod
2. Data Protection Information for Website Visitors
What data is processed when visiting the Rulemapping Group GmbH websites?
When accessing the Rulemapping Group GmbH websites, our servers automatically store various data about the accessing system. This includes the browser type and version, operating system, referring website, the subpages accessed, the date and time of access, the IP address, the internet service provider, and similar data.
Rulemapping Group GmbH uses this data to make the website accessible, identify and fix technical problems, and prevent and track potential misuse. Additionally, we use this data in anonymized form for statistical purposes and to improve our website. The legal basis for processing personal usage data is Article 6(1)(1)(f) GDPR.
3. Cookies
The Rulemapping Group GmbH websites use cookies. Cookies are small text files stored on a computer system via an internet browser.
The Rulemapping Group GmbH websites use cookies. Cookies are small text files stored on a computer system via an internet browser.
A cookie typically contains the name of the domain from which the cookie was sent, the cookie’s age, and an alphanumeric identifier. The information stored in the cookies is not used to identify the user and is not combined with other personal data stored about the user.
By using cookies, Rulemapping Group GmbH can provide users with more user-friendly services that would not be possible without cookie use.
Users can disable or limit the transmission of cookies by changing their browser settings. Cookies that have already been saved can be deleted at any time, including automatically. Disabling cookies on the Rulemapping Group GmbH website may result in some website functions no longer being fully usable.
4. Collection of General Data and Information
Each time a person or an automated system accesses the Rulemapping Group GmbH website, a range of general data and information is collected. This general data and information is stored in the server log files. Collected data may include (1) the types and versions of browsers used, (2) the operating system used by the accessing system, (3) the website from which an accessing system reaches our website (the so-called referrer), (4) the subpages accessed on our website, (5) the date and time of access to the website, (6) an IP address, (7) the internet service provider of the accessing system, and (8) other similar data and information used to protect against attacks on our IT systems.
When using this general data and information, Rulemapping Group GmbH does not draw any conclusions about the individual. Instead, this information is required to (1) deliver the content of our website correctly, (2) optimize the content of our website and the advertising for it, (3) ensure the long-term functionality of our IT systems and website technology, and (4) provide law enforcement authorities with the necessary information for criminal prosecution in case of a cyberattack. This anonymous data and information is evaluated statistically and with the goal of improving data protection and security within our company, ultimately ensuring an optimal level of protection for the personal data we process. The anonymous data from the server log files is stored separately from any personal data provided by a person.
5. Contact via the Website
The Rulemapping Group GmbH website contains information that allows for quick electronic contact with our company, as well as direct communication with us, which also includes a general email address. If a person contacts the controller via email or a contact form, the personal data transmitted by that person is automatically stored. Such personal data voluntarily provided by a person is stored for the purpose of processing or contacting that person. There is no transfer of this personal data to third parties.
6. Routine Deletion and Blocking of Personal Data
The controller processes and stores personal data only for the time necessary to achieve the purpose of storage or as required by the European legislator or other applicable lawmakers in laws or regulations to which the controller is subject.
If the purpose of storage no longer applies, or if a storage period prescribed by European law or another applicable legislator expires, the personal data is routinely blocked or deleted in accordance with legal requirements.
7. Rights of the Data Subject
a) Right to Confirmation
Every person affected by the processing of personal data has the right, granted by the European legislator, to obtain confirmation from the controller as to whether personal data concerning them is being processed. If a person wishes to exercise this right to confirmation, they may contact a staff member of the controller at any time.
Every person affected by the processing of personal data has the right, granted by the European legislator, to obtain confirmation from the controller as to whether personal data concerning them is being processed. If a person wishes to exercise this right to confirmation, they may contact a staff member of the controller at any time.
b) Right to Access
Every person affected by the processing of personal data has the right, granted by the European legislator, to obtain free information from the controller about the personal data stored about them and a copy of this information. Additionally, the European legislator has granted access to the following information:
Every person affected by the processing of personal data has the right, granted by the European legislator, to obtain free information from the controller about the personal data stored about them and a copy of this information. Additionally, the European legislator has granted access to the following information:
- The purposes of the processing
- The categories of personal data being processed
- The recipients or categories of recipients to whom the personal data has been or will be disclosed, particularly recipients in third countries or international organizations
- Where possible, the planned period for which the personal data will be stored or, if not possible, the criteria used to determine that period
- The existence of the right to request rectification or erasure of personal data or restriction of processing of personal data or to object to such processing
- The existence of the right to lodge a complaint with a supervisory authority
- Where the personal data is not collected from the data subject, any available information as to its source
- The existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) of the GDPR, and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
If personal data is transferred to a third country or an international organization, the data subject has the right to be informed about the appropriate safeguards relating to the transfer.
If a person wishes to exercise this right to access, they may contact a staff member of the controller at any time.
c) Right to Rectification
Every person affected by the processing of personal data has the right, granted by the European legislator, to obtain without undue delay the rectification of inaccurate personal data concerning them. Taking into account the purposes of the processing, the data subject also has the right to have incomplete personal data completed, including by means of providing a supplementary statement.
Every person affected by the processing of personal data has the right, granted by the European legislator, to obtain without undue delay the rectification of inaccurate personal data concerning them. Taking into account the purposes of the processing, the data subject also has the right to have incomplete personal data completed, including by means of providing a supplementary statement.
If a person wishes to exercise this right to rectification, they may contact a staff member of the controller at any time.
d) Right to Erasure (‘Right to Be Forgotten’)
Every person affected by the processing of personal data has the right, granted by the European legislator, to request the controller to delete personal data concerning them without undue delay, provided that one of the following grounds applies and the processing is not necessary:
Every person affected by the processing of personal data has the right, granted by the European legislator, to request the controller to delete personal data concerning them without undue delay, provided that one of the following grounds applies and the processing is not necessary:
- The personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed.
- The data subject withdraws consent on which the processing is based according to Article 6(1)(a) GDPR or Article 9(2)(a) GDPR, and there is no other legal ground for the processing.
- The data subject objects to the processing pursuant to Article 21(1) GDPR, and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2) GDPR.
- The personal data has been unlawfully processed.
- The personal data must be erased to comply with a legal obligation in Union or Member State law to which the controller is subject.
- The personal data has been collected in relation to the offer of information society services referred to in Article 8(1) GDPR.
If one of the above reasons applies, and a person wishes to request the erasure of personal data stored by Rulemapping Group GmbH, they may contact a staff member of the controller at any time. The staff member of Rulemapping Group GmbH will promptly ensure that the erasure request is complied with.
If the personal data has been made public by Rulemapping Group GmbH and our company, as the controller, is obliged to erase the personal data pursuant to Article 17(1) GDPR, Rulemapping Group GmbH, taking into account available technology and the cost of implementation, will take reasonable steps, including technical measures, to inform other controllers processing the personal data that the data subject has requested the erasure by such controllers of any links to, or copy or replication of, those personal data, provided the processing is not required. The staff member of Rulemapping Group GmbH will take the necessary measures in individual cases.
e) Right to Restriction of Processing
Every person affected by the processing of personal data has the right, granted by the European legislator, to request the controller to restrict processing if one of the following conditions is met:
Every person affected by the processing of personal data has the right, granted by the European legislator, to request the controller to restrict processing if one of the following conditions is met:
- The accuracy of the personal data is contested by the data subject for a period enabling the controller to verify the accuracy of the personal data.
- The processing is unlawful, and the data subject opposes the erasure of the personal data and requests the restriction of its use instead.
- The controller no longer needs the personal data for the purposes of the processing, but the data subject requires it for the establishment, exercise, or defense of legal claims.
- The data subject has objected to processing pursuant to Article 21(1) GDPR, pending the verification of whether the legitimate grounds of the controller override those of the data subject.
If one of the above conditions is met, and a person wishes to request the restriction of personal data stored by Rulemapping Group GmbH, they may contact a staff member of the controller at any time. The staff member of Rulemapping Group GmbH will arrange the restriction of processing.
f) Right to Data Portability
Every person affected by the processing of personal data has the right, granted by the European legislator, to receive the personal data concerning them, which they have provided to a controller, in a structured, commonly used, and machine-readable format. They also have the right to transmit this data to another controller without hindrance from the controller to whom the personal data was provided, as long as the processing is based on consent pursuant to Article 6(1)(a) GDPR or Article 9(2)(a) GDPR or on a contract pursuant to Article 6(1)(b) GDPR, and the processing is carried out by automated means, unless the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
Every person affected by the processing of personal data has the right, granted by the European legislator, to receive the personal data concerning them, which they have provided to a controller, in a structured, commonly used, and machine-readable format. They also have the right to transmit this data to another controller without hindrance from the controller to whom the personal data was provided, as long as the processing is based on consent pursuant to Article 6(1)(a) GDPR or Article 9(2)(a) GDPR or on a contract pursuant to Article 6(1)(b) GDPR, and the processing is carried out by automated means, unless the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
In exercising their right to data portability pursuant to Article 20(1) GDPR, the data subject has the right to have the personal data transmitted directly from one controller to another, where technically feasible and provided that this does not adversely affect the rights and freedoms of others.
To assert the right to data portability, a person may contact a staff member of Rulemapping Group GmbH at any time.
g) Right to Object
Every person affected by the processing of personal data has the right, granted by the European legislator, to object, on grounds relating to their particular situation, at any time to processing of personal data concerning them, which is based on Article 6(1)(e) or (f) GDPR. This also applies to profiling based on these provisions.
Every person affected by the processing of personal data has the right, granted by the European legislator, to object, on grounds relating to their particular situation, at any time to processing of personal data concerning them, which is based on Article 6(1)(e) or (f) GDPR. This also applies to profiling based on these provisions.
Rulemapping Group GmbH will no longer process the personal data in the event of an objection unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights, and freedoms of the data subject, or for the establishment, exercise, or defense of legal claims.
In addition, the data subject has the right, on grounds relating to their particular situation, to object to the processing of personal data concerning them by Rulemapping Group GmbH for scientific or historical research purposes, or for statistical purposes pursuant to Article 89(1) GDPR, unless the processing is necessary for the performance of a task carried out for reasons of public interest.
To exercise the right to object, a person may directly contact any staff member of Rulemapping Group GmbH or another staff member. The data subject is also free to exercise their right to object in connection with the use of information society services, notwithstanding Directive 2002/58/EC, by automated means using technical specifications.
h) Automated Individual Decision-Making, Including Profiling
Every person affected by the processing of personal data has the right, granted by the European legislator, not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning them or similarly significantly affects them, as long as the decision (1) is not necessary for entering into, or the performance of, a contract between the data subject and a data controller, or (2) is not authorized by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard the data subject's rights and freedoms and legitimate interests, or (3) is not based on the data subject's explicit consent.
Every person affected by the processing of personal data has the right, granted by the European legislator, not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning them or similarly significantly affects them, as long as the decision (1) is not necessary for entering into, or the performance of, a contract between the data subject and a data controller, or (2) is not authorized by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard the data subject's rights and freedoms and legitimate interests, or (3) is not based on the data subject's explicit consent.
If the decision (1) is necessary for entering into, or the performance of, a contract between the data subject and a data controller, or (2) it is based on the data subject's explicit consent, Rulemapping Group GmbH will implement suitable measures to safeguard the data subject's rights, freedoms, and legitimate interests, including at least the right to obtain human intervention on the part of the controller, to express their point of view, and to contest the decision.
If a person wishes to exercise rights concerning automated individual decision-making, they may contact a staff member of the controller at any time.
i) Right to Withdraw Consent
Every person affected by the processing of personal data has the right, granted by the European legislator, to withdraw consent to the processing of personal data at any time.
Every person affected by the processing of personal data has the right, granted by the European legislator, to withdraw consent to the processing of personal data at any time.
If a person wishes to exercise the right to withdraw consent, they may contact a staff member of the controller at any time.
8. Legal Basis and Purpose of Processing
Article 6(1)(a) of the GDPR serves as the legal basis for processing operations in our company where we obtain consent for a specific processing purpose. If the processing of personal data is necessary for the performance of our service offering, to which the data subject is a party, as is the case, for example, with processing operations necessary for fulfilling a contract, the processing is based on Article 6(1)(b) of the GDPR. The same applies to processing operations required for pre-contractual measures, such as inquiries about our products or services. If our company is subject to a legal obligation that necessitates the processing of personal data, such as for compliance with tax obligations, the processing is based on Article 6(1)(c) of the GDPR.
Rulemapping Group GmbH processes the following categories of personal data as far as they are necessary for the provision of our services:
- Contact information, in particular, first and last name, title if applicable, address, phone number, email address
- Information about professional activity
- Other personal data that are necessary for the establishment and legal assessment of the facts and for the appropriate legal advice and representation of the client in the context of mandate processing.
For what purposes are the data processed?
- Checking for potential conflicts before accepting a service contract
- Advising and representing clients
- Correspondence with clients, authorities, courts, and other parties involved
- Invoicing.
- Handling and asserting other claims arising from the client relationship.
The legal basis for these processing activities, insofar as client personal data is processed, is Article 6(1)(1)(b) of the GDPR; otherwise, it is Article 6(1)(1)(f) of the GDPR. The legal basis for the processing of special categories of personal data is Article 9(2)(f) of the GDPR.
9. Legitimate Interests in the Processing Pursued by the Controller or a Third Party
If the processing of personal data is based on Article 6(1)(f) of the GDPR, our legitimate interest is the performance of our business activities for the benefit of the well-being of all our employees and shareholders.
10. Duration of Personal Data Retention
The criterion for the duration of personal data storage is the respective legal retention period. After the period expires, the corresponding data is routinely deleted, provided it is no longer necessary for the performance of a contract or the initiation of a contract.