Privacy - De Zorti - Your personal IP address

Privacy Policy

Thank you for your interest in my internet presence.

1. An overview of data protection
General information
The protection of your personal data is important to us. We therefore operate our website www.masterpat.de in compliance with the applicable legal regulations governing the protection of personal data, in particular the European General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG). The subject of data protection is personal data.The following information will provide you with an easy to navigate overview of what will happen with your personal data when you visit this website. The term „personal data“ comprises all data that can be used to personally identify you. For detailed information about the subject matter of data protection, please consult our Data Protection Declaration, which we have included beneath this copy.

Data recording on this website
Who is the responsible party for the recording of data on this website (i.e. the „controller“)?
The data on this website is processed by the operator of the website, whose contact information is available under section „Information Required by Law“ on this website.

How do we record your data?
We collect your data as a result of your sharing of your data with us. This may, for instance be information you enter into our contact form.
Our IT systems automatically record other data when you visit our website. This data comprises primarily technical information (e.g. web browser, operating system or time the site was accessed). This information is recorded automatically when you access this website.

What are the purposes we use your data for?
A portion of the information is generated to guarantee the error free provision of the website. Other data may be used to analyse your user patterns.

What rights do you have as far as your information is concerned?
You have the right to receive information about the source, recipients and purposes of your archived personal data at any time without having to pay a fee for such disclosures. You also have the right to demand that your data are rectified or eradicated. Please do not hesitate to contact us at any time under the address disclosed in section „Information Required by Law“ on this website if you have questions about this or any other data protection related issues. You also have the right to log a complaint with the competent supervising agency.
Moreover, under certain circumstances, you have the right to demand the restriction of the processing of your personal data. For details, please consult the Data Protection Declaration under section „Right to Restriction of Data Processing.“

How long is your data stored?
The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of storage of data in log files, this is the case after seven days at the latest. Storage beyond this period is possible. In this case, the IP addresses of the users are deleted or alienated so that an assignment of the calling client is no longer possible.

2. Hosting
External Hosting
This website is hosted by an external service provider (host). Personal data collected on this website are stored on the servers of the host. These may include, but are not limited to, IP addresses, contact requests, metadata and communications, contract information, contact information, names, web page access, and other data generated through a web site.
The host is used for the purpose of fulfilling the contract with our potential and existing customers (Art. 6 para. 1 lit. b DSGVO) and in the interest of secure, fast and efficient provision of our online services by a professional provider (Art. 6 para. 1 lit. f DSGVO).
Our host will only process your data to the extent necessary to fulfil its performance obligations and to follow our instructions with respect to such data.

Execution of a contract data processing agreement
In order to guarantee processing in compliance with data protection regulations, we have concluded an order processing contract with our host.

Data processing in third countries
In case we process data in a third country (i.e., outside the European Union (EU), the European Economic Area (EEA)) or the processing takes place in the context of using third-party services or disclosing or transferring data to other persons, entities or companies, this will only be done in accordance with legal requirements.
Subject to express consent or contractually or legally required transfer, we only process or allow the processing of data in third countries with a recognized level of data protection, contractual obligation through so-called standard protection clauses of the EU Commission, in the presence of certifications or binding internal data protection regulations (Art. 44 to 49 DSGVO, information page of the EU Commission: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection_de).

3. General information and mandatory information
Data protection
The operators of this website and its pages take the protection of your personal data very seriously. Hence, we handle your personal data as confidential information and in compliance with the statutory data protection regulations and this Data Protection Declaration.
Whenever you use this website, a variety of personal information will be collected. Personal data comprises data that can be used to personally identify you. This Data Protection Declaration explains which data we collect as well as the purposes we use this data for. It also explains how, and for which purpose the information is collected.
We herewith advise you that the transmission of data via the Internet (i.e. through e-mail communications) may be prone to security gaps. It is not possible to completely protect data against third party access.

Information about the responsible party (referred to as the „controller“ in the GDPR)
The data processing controller on this website is:
Rechtsanwalt Michael De Zorti
Heidestr. 9, 85716 Unterschleißheim/Germany
E-Mail: mail@ra-dezorti.de

The controller is the natural person or legal entity that single-handedly or jointly with others makes decisions as to the purposes of and resources for the processing of personal data (e.g. names, e-mail addresses, etc.).

Revocation of your consent to the processing of data
A wide range of data processing transactions are possible only subject to your express consent. You can also revoke at any time any consent you have already given us. To do so, all you are required to do is sent us an informal notification via e-mail. This shall be without prejudice to the lawfulness of any data collection that occurred prior to your revocation.

Right to object to the collection of data in special cases; right to object to direct advertising (Art. 21 GDPR)
IN THE EVENT THAT DATA ARE PROCESSED ON THE BASIS OF ART. 6 SECT. 1 LIT. E OR F GDPR, YOU HAVE THE RIGHT TO AT ANY TIME OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA BASED ON GROUNDS ARISING FROM YOUR UNIQUE SITUATION. THIS ALSO APPLIES TO ANY PROFILING BASED ON THESE PROVISIONS. TO DETERMINE THE LEGAL BASIS, ON WHICH ANY PROCESSING OF DATA IS BASED, PLEASE CONSULT THIS DATA PROTECTION DECLARATION. IF YOU LOG AN OBJECTION, WE WILL NO LONGER PROCESS YOUR AFFECTED PERSONAL DATA, UNLESS WE ARE IN A POSITION TO PRESENT COMPELLING PROTECTION WORTHY GROUNDS FOR THE PROCESSING OF YOUR DATA, THAT OUTWEIGH YOUR INTERESTS, RIGHTS AND FREEDOMS OR IF THE PURPOSE OF THE PROCESSING IS THE CLAIMING, EXERCISING OR DEFENCE OF LEGAL ENTITLEMENTS (OBJECTION PURSUANT TO ART. 21 SECT. 1 GDPR).
IF YOUR PERSONAL DATA IS BEING PROCESSED IN ORDER TO ENGAGE IN DIRECT ADVERTISING, YOU HAVE THE RIGHT TO AT ANY TIME OBJECT TO THE PROCESSING OF YOUR AFFECTED PERSONAL DATA FOR THE PURPOSES OF SUCH ADVERTISING. THIS ALSO APPLIES TO PROFILING TO THE EXTENT THAT IT IS AFFILIATED WITH SUCH DIRECT ADVERTISING. IF YOU OBJECT, YOUR PERSONAL DATA WILL SUBSEQUENTLY NO LONGER BE USED FOR DIRECT ADVERTISING PURPOSES (OBJECTION PURSUANT TO ART. 21 SECT. 2 GDPR).

Right to log a complaint with the competent supervisory agency
In the event of violations of the GDPR, data subjects are entitled to log a complaint with a supervisory agency, in particular in the member state where they usually maintain their domicile, place of work or at the place where the alleged violation occurred. The right to log a complaint is in effect regardless of any other administrative or court proceedings available as legal recourses.

The address of the supervisory authority responsible is:
Bavarian State Office for Data Protection Supervision,
Promenade 27 (Castle), 91522 Ansbach, Germany
Telephone: 0981/53-1300;
Fax: 0981/53-5300;
E-mail: poststelle@lda.bayern.de;
http://www.lda.bayern.de

Right to data portability
You have the right to demand that we hand over any data we automatically process on the basis of your consent or in order to fulfil a contract be handed over to you or a third party in a commonly used, machine readable format. If you should demand the direct transfer of the data to another controller, this will be done only if it is technically feasible.

SSL and/or TLS encryption
For security reasons and to protect the transmission of confidential content, such as purchase orders or inquiries you submit to us as the website operator, this website uses either an SSL or a TLS encryption programme. You can recognise an encrypted connection by checking whether the address line of the browser switches from „http://“ to „https://“ and also by the appearance of the lock icon in the browser line.
If the SSL or TLS encryption is activated, data you transmit to us cannot be read by third parties.

Information about, rectification and eradication of data
Within the scope of the applicable statutory provisions, you have the right to at any time demand information about your archived personal data, their source and recipients as well as the purpose of the processing of your data. You may also have a right to have your data rectified or eradicated. If you have questions about this subject matter or any other questions about personal data, please do not hesitate to contact us at any time at the address provided in section „Information Required by Law.“

Right to demand processing restrictions
You have the right to demand the imposition of restrictions as far as the processing of your personal data is concerned. To do so, you may contact us at any time at the address provided in section „Information Required by Law.“ The right to demand restriction of processing applies in the following cases:
• In the event that you should dispute the correctness of your data archived by us, we will usually need some time to verify this claim. During the time that this investigation is ongoing, you have the right to demand that we restrict the processing of your personal data.
• If the processing of your personal data was/is conducted in an unlawful manner, you have the option to demand the restriction of the processing of your data in lieu of demanding the eradication of this data.
• If we do not need your personal data any longer and you need it to exercise, defend or claim legal entitlements, you have the right to demand the restriction of the processing of your personal data instead of its eradication.
• If you have raised an objection pursuant to Art. 21 Sect. 1 GDPR, your rights and our rights will have to be weighed against each other. As long as it has not been determined whose interests prevail, you have the right to demand a restriction of the processing of your personal data.

If you have restricted the processing of your personal data, these data – 9with the exception of their archiving – may be processed only subject to your consent or to claim, exercise or defend legal entitlements or to protect the rights of other natural persons or legal entities or for important public interest reasons cited by the European Union or a member state of the EU.

Rejection of unsolicited e-mails
We herewith object to the use of contact information published in conjunction with the mandatory information to be provided in section „Information Required by Law“ to send us promotional and information material that we have not expressly requested. The operators of this website and its pages reserve the express right to take legal action in the event of the unsolicited sending of promotional information, for instance via SPAM messages.

4. Recording of data on this website
Cookies
In some instances, our website and its pages use so-called cookies. Cookies do not cause any damage to your computer and do not contain viruses. The purpose of cookies is to make our website more user friendly, effective and more secure. Cookies are small text files that are placed on your computer and stored by your browser.
Specifically, we use the following cookies:
- "PHPSESSID" (the PHP session required by the server).
Most of the cookies we use are so-called „session cookies.“ They are automatically deleted after your leave our site. Other cookies will remain archived on your device until you delete them. These cookies enable us to recognise your browser the next time you visit our website.
You can adjust the settings of your browser to make sure that you are notified every time cookies are placed and to enable you to accept cookies only in specific cases or to exclude the acceptance of cookies for specific situations or in general and to activate the automatic deletion of cookies when you close your browser. If you deactivate cookies, the functions of this website may be limited.
Cookies that are required for the performance of the electronic communications transaction or to provide certain functions you want to use (e.g. the shopping cart function), are stored on the basis of Art. 6 Sect. 1 lit. f GDPR. The website operator has a legitimate interest in storing cookies to ensure the technically error free and optimised provision of the operator’s services. If a corresponding agreement has been requested (e.g. an agreement to the storage of cookies), the processing takes place exclusively on the basis of Art. 6 para. 1 lit. a GDPR; the agreement can be revoked at any time.
If other cookies (e.g. cookies for the analysis of your browsing patterns) should be stored, they are addressed separately in this Data Protection Declaration.
If you want to change the settings via our cookie consent tool, click here: Open Cookie-Consent-Tool

Server log files
The provider of this website and its pages automatically collects and stores information in so-called server log files, which your browser communicates to us automatically. The information comprises:
• The type and version of browser used
• The used operating system
• Referrer URL
• The hostname of the accessing computer
• The time of the server inquiry
• The IP address

This data is not merged with other data sources.
This data is recorded on the basis of Art. 6 Sect. 1 lit. f GDPR. The operator of the website has a legitimate interest in the technically error free depiction and the optimization of the operator’s website. In order to achieve this, server log files must be recorded.

Contact
When contacting us (e.g. via contact form, email, telephone or via social media), the information of the inquiring persons is processed to the extent necessary to respond to the contact requests and any requested measures.
The response to the contact inquiries in the context of contractual or pre-contractual relationships is carried out to fulfill our contractual obligations or to respond to (pre)contractual inquiries and otherwise on the basis of legitimate interests in responding to the inquiries.
• Types of data processed: inventory data (e.g. names, addresses), contact data (e.g. e-mail, telephone numbers), content data (e.g. entries in online forms).
• Data subjects: Communication partners.
• Purposes of processing: contact requests and communication.
• Legal basis: Contract performance and pre-contractual inquiries (Art. 6 para. 1 p. 1 lit. b. DSGVO), Legitimate interests (Art. 6 para. 1 p. 1 lit. f. DSGVO).

Communication via Messenger
We use messengers for communication purposes and therefore ask that you observe the following instructions regarding the functionality of the messengers, encryption, the use of communication metadata and your options to object.
You can also contact us by alternative means, e.g. via telephone or e-mail. Please use the contact options provided to you or the contact options provided within our online offer.
In the case of end-to-end encryption of content (i.e., the content of your message and attachments), we point out that the communication content (i.e., the content of the message and attached images) is encrypted from end to end. This means that the content of the messages cannot be viewed, not even by the messenger providers themselves. You should always use a current version of the messenger with encryption enabled to ensure that the message content is encrypted.
However, we additionally point out to our communication partners that the messenger providers cannot view the content, but they can find out that and when communication partners communicate with us as well as process technical information about the device used by the communication partners and, depending on the settings of their device, also location information (so-called metadata).

Notes on legal basis: If we ask communication partners for permission before communicating with them via Messenger, the legal basis of our processing of their data is their consent. Otherwise, if we do not ask for consent and they contact us on their own initiative, for example, we use Messenger in relation to our contractual partners as well as in the context of contract initiation as a contractual measure and, in the case of other interested parties and communication partners, on the basis of our legitimate interests in fast and efficient communication and meeting the needs of our communication partners in communication via Messenger. Furthermore, we would like to point out that we do not transmit the contact data communicated to us to the messengers for the first time without your consent.

Revocation, objection and deletion: You can revoke any consent you have given at any time and object to communication with us via Messenger at any time. In the case of communication via Messenger, we delete the messages in accordance with our general deletion guidelines (i.e., e.g., as described above, after the end of contractual relationships, in the context of archiving requirements, etc.) and otherwise as soon as we can assume to have answered any information provided by the communication partners, if no reference back to a previous conversation is to be expected and the deletion does not conflict with any legal retention obligations.

Reservation of reference to other communication channels: Finally, we would like to point out that, for reasons of your security, we reserve the right not to answer inquiries via Messenger. This is the case if, for example, contractual internals require special confidentiality or an answer via Messenger does not meet formal requirements. In such cases, we will refer you to more adequate communication channels.
• Types of data processed: contact data (e.g. e-mail, telephone numbers), usage data (e.g. websites visited, interest in content, access times), meta/communication data (e.g. device information, IP addresses), content data (e.g. entries in online forms).
• Data subjects: Communication partners.
• Purposes of processing: contact requests and communication, direct marketing (e.g. by e-mail or post).
• Legal basis: consent (Art. 6 para. 1 p. 1 lit. a. DSGVO), legitimate interests (Art. 6 para. 1 p. 1 lit. f. DSGVO).

Services used and service providers:
• Microsoft Teams: Microsoft Teams - Messenger; Service provider: Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399 USA; website: https://products.office.com; privacy policy: https://privacy.microsoft.com/de-de/privacystatement, security information: https://www.microsoft.com/de-de/trustcenter.
• WhatsApp: WhatsApp Messenger with end-to-end encryption; service provider: WhatsApp Inc. WhatsApp Legal 1601 Willow Road Menlo Park, California 94025, USA; website: https://www.whatsapp.com/; privacy policy: https://www.whatsapp.com/legal.

Video conferencing, online meetings, screen sharing.
We use third-party platforms and applications (hereinafter referred to as "Conference Platforms") for purposes of conducting video and audio conferences, and other types of video and audio meetings (hereinafter collectively referred to as "Conference"). When selecting the Conference Platforms and their services, we comply with the legal requirements.

Data Processed by Conference Platforms: In the course of participating in a conference, the conference platforms process the personal data of the participants mentioned below. The scope of the processing depends, on the one hand, on which data is requested in the context of a specific conference (e.g., provision of access data or clear names) and which optional information is provided by the participants. In addition to processing for the purpose of conducting the conference, participants' data may also be processed by the conference platforms for security purposes or service optimization. The processed data includes personal data (first name, last name), contact information (e-mail address, telephone number), access data (access codes or passwords), profile pictures, information on professional position/function, the IP address of the Internet access, information on the participants' terminal devices, their operating system, the browser and its technical and language settings, information on the content of communications, i.e. entries in chats and audio and video data, as well as the use of other available functions (e.g. surveys). Content of communications is encrypted to the extent technically provided by the conference providers. If participants are registered as users with the conference platforms, then further data may be processed according to the agreement with the respective conference provider.

Logging and recordings: If text entries, participation results (e.g., from surveys), and video or audio recordings are logged, this will be transparently communicated to participants in advance and they will be asked for prior consent - if necessary.

Data protection measures of the participants: Please note the details of the processing of your data by the conference platforms in their data protection notices and select the security and data protection settings that are optimal for you within the framework of the settings of the conference platforms. Furthermore, please ensure data and privacy protection in the background of your recording for the duration of a videoconference (e.g., by notifying roommates, locking doors, and using the background obscuring function, if technically possible). Links to the conference rooms as well as access data, may not be passed on to unauthorized third parties.

Notes on legal bases: if, in addition to the conference platforms, we also process users' data and ask users for their consent to use the conference platforms or certain functions (e.g. consent to a recording of conferences), the legal basis of the processing is this consent. Furthermore, our processing may be necessary for the fulfillment of our contractual obligations (e.g. in lists of participants, in the case of reprocessing of call results, etc.). Otherwise, user data is processed on the basis of our legitimate interests in efficient and secure communication with our communication partners.
• Types of data processed: inventory data (e.g. names, addresses), contact data (e.g. e-mail, telephone numbers), content data (e.g. entries in online forms), usage data (e.g. websites visited, interest in content, access times), meta/communication data (e.g. device information, IP addresses).
• Data subjects: Communication partners, users (e.g. website visitors, users of online services).
• Purposes of processing: provision of contractual services and customer service, contact requests and communication, office and organizational procedures.
• Legal bases: consent (Art. 6 para. 1 p. 1 lit. a. DSGVO), contract performance and pre-contractual inquiries (Art. 6 para. 1 p. 1 lit. b. DSGVO), legitimate interests (Art. 6 para. 1 p. 1 lit. f. DSGVO).

Services used and service providers:
• voffice: conferencing software; service provider: RA-MICRO Software AG Washingtonplatz 3, Cube Berlin, 10557 Berlin Germany, info@ra-micro.de; website: ra-dezorti_840180.ra-micro.voffice.pro; privacy policy: https://www.voffice.pro/datenschutzerklaerung-voffice-software
• Jitsi: conference software; service provider: Freie Netze München e.V., Parkstr. 28, 82131 Gauting, Germany; website: meet.ffmuc.net; privacy policy: https://ffmuc.net/ Imprint Privacy Policy
• Microsoft Teams: messenger and conferencing software; service provider: Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA; Web site: https://products.office.com; Privacy statement: https://privacy.microsoft.com/de-de/privacystatement, Security information: https://www.microsoft.com/de-de/trustcenter.

Cloud services
We use software services accessible via the Internet and running on the servers of their providers (so-called "cloud services", also referred to as "software as a service") for the following purposes: document storage and management, calendar management, e-mailing, spreadsheets and presentations, exchange of documents, content and information with specific recipients or publication of web pages, forms or other content and information, as well as chats and participation in audio and video conferences.
In this context, personal data may be processed and stored on the servers of the providers to the extent that these are part of communication processes with us or are otherwise processed by us as set out in the context of this privacy policy. This data may include, in particular, master data and contact data of users, data on transactions, contracts, other processes and their contents. The cloud service providers also process usage data and metadata used by them for security purposes and service optimization.
If we use the cloud services to provide forms or other documents and content to other users or publicly accessible websites, the providers may store cookies on the users' devices for the purpose of web analytics or to remember users' settings (e.g., in the case of media control).

Notes on legal bases: If we ask for consent to use the cloud services, the legal basis of the processing is consent. Furthermore, their use may be a component of our (pre)contractual services, provided that the use of the cloud services has been agreed within this framework. Otherwise, user data is processed based on our legitimate interests (i.e., interest in efficient and secure management and collaboration processes)
• Types of data processed: inventory data (e.g., names, addresses), contact data (e.g., e-mail, phone numbers), content data (e.g., entries in online forms), usage data (e.g., websites visited, interest in content, access times), meta/communication data (e.g., device information, IP addresses), contract data (e.g., subject matter of contract, term, customer category).
• Data subjects: Customers, employees (e.g. employees, applicants, former employees), prospective customers, communication partners.
• Purposes of processing: office and organizational procedures.
• Legal bases: consent (Art. 6 para. 1 p. 1 lit. a. DSGVO), contract performance and pre-contractual requests (Art. 6 para. 1 p. 1 lit. b. DSGVO), legitimate interests (Art. 6 para. 1 p. 1 lit. f. DSGVO).

Services used and service providers:
• MavoRA; cloud storage service; service provider: SOLE Software GmbH, Sommerbergstraße 97, 66346 Püttlingen, Germany, e-mail: kontakt@mavora.de; website: https://www.mavora.de/;
• Apple iCloud: cloud storage services; service provider: Apple Inc, Infinite Loop, Cupertino, CA 95014, USA; website: https://www.apple.com/de/; privacy policy: https://www.apple.com/legal/privacy/de-ww/.
• Microsoft Cloud Services: cloud storage services; service provider: Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399 USA; website: https://microsoft.com/de-de; privacy policy: https://privacy.microsoft.com/de-de/privacystatement, security information: https://www.microsoft.com/de-de/trustcenter.

5. Presence in social networks (social media)
We maintain online presences within social networks and process user data in this context in order to communicate with users active there or to offer information about us.
We would like to point out that user data may be processed outside the European Union. This may result in risks for the users because, for example, it could make it more difficult to enforce the rights of the users.
Furthermore, user data is usually processed within social networks for market research and advertising purposes. For example, usage profiles can be created based on the usage behavior and resulting interests of the users. The usage profiles can in turn be used, for example, to place advertisements within and outside the networks that presumably correspond to the interests of the users. For these purposes, cookies are usually stored on the users' computers, in which the usage behavior and interests of the users are stored. Furthermore, data independent of the devices used by the users may also be stored in the usage profiles (especially if the users are members of the respective platforms and are logged in to them).
For a detailed presentation of the respective forms of processing and the options to object (opt-out), we refer to the privacy statements and information provided by the operators of the respective networks.
In the case of requests for information and the assertion of data subject rights, we also point out that these can be asserted most effectively with the providers. Only the providers have access to the users' data and can take appropriate measures and provide information directly. If you still need assistance, you can contact us.
• Types of data processed: contact data (e.g. e-mail, telephone numbers), content data (e.g. entries in online forms), usage data (e.g. websites visited, interest in content, access times), meta/communication data (e.g. device information, IP addresses).
• Data subjects: Users (e.g., website visitors, users of online services).
• Purposes of processing: contact requests and communication, feedback (e.g. collecting feedback via online form), marketing.
• Legal basis: Legitimate interests (Art. 6 para. 1 p. 1 lit. f. DSGVO).

Services used and service providers:
• LinkedIn: social network; service provider: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland; Website: https://www.linkedin.com; Privacy policy: https://www.linkedin.com/legal/privacy-policy; Opt-out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
• Xing: Social network; service provider: XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany; Website: https://www.xing.de; Privacy policy: https://privacy.xing.com/de/datenschutzerklaerung.

Status: January 2022