1. Privacy at a Glance
Attorney Magdalena Seiler (hereinafter referred to as „Staffiant“) as operator of the website www.dealdraft.de takes the protection of personal data very seriously. We treat personal data confidentially and in accordance with the statutory data protection regulations and on the basis of this privacy policy. The legal basis can be found in particular in the General Data Protection Regulation (GDPR) and in the Federal Data Protection Act (BDSG).
When you use this website, various personal data are processed depending on the type and extent of use. Personal data is information that relates to an identified or identifiable natural person (hereinafter „data subject“); an identifiable natural person is one who can be identified directly or indirectly (e.g. by means of association with an online identifier). This includes information such as the name, address, telephone number and date of birth.
This privacy policy explicitly refers to the website-specific data processing procedures when visiting our website at www.dealdraft.de. Even beyond the website-specific data processing processes, Staffiant attaches great importance to the protection of personal data. Therefore, please also take into account – as far as applicable to you – our further „Data protection information in accordance with the EU General Data Protection Regulation“ (information sheet for customers, suppliers and business partners/contacts of Staffiant), which you can retrieve in their respective valid version at any time here.
2. Controller
The controller is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data (e.g. names, e-mail addresses, etc). The controller within the meaning of the GDPR and the applicable national data protection laws (in particular BDSG) and other data protection provisions is:
Staffiant – Attorney-at-Law Magdalena Seiler
Im Langgewann 49, 69469 Weinheim
📞 +49 (0) 151 52360477
✉️ info@staffiant.com
3. The Company Data Protection Officer
Magdalena Seiler
Im Langgewann 49, 69469 Weinheim
✉️dataprotection@dealdraft.de
4. Purposes and Legal Bases of the Processing of Data
For the purpose of the technical provision of the website, it is necessary that we process certain information automatically transmitted by your browser so that our website can be displayed in your browser and you can use the website. This information is automatically collected each time our website is called up and automatically stored in so-called server log files. These are:
Browser type and version
Operating system used
Website from which the access is made (referrer URL)
Host name of the accessing computer
Date and time of access
IP address of the requesting computer
The storage of the aforementioned access data is necessary for technical reasons to provide a functional website and to ensure system security. This also applies to the storage of your IP address, which necessarily takes place and, under further conditions, can at least theoretically enable an assignment to your person. In addition to the above-mentioned purposes, we use server log files exclusively for the needs-based design and optimization of our Internet offering purely statistically and without any inference to your person. This data is not merged with other data sources, nor is the data evaluated for marketing purposes.
The access data collected in the context of the use of our website will only be stored for the period of time for which this data is required to achieve the aforementioned purposes. Your IP address is stored for IT security purposes on our web server for a maximum of 7 days.
If you visit our website in order to obtain information about our range of products and services or to use them, the basis for the temporary storage and processing of the access data is Art. 6 (1) sentence 1 lit. b GDPR (legal basis), which permits the processing of data for the performance of a contract or for the implementation of pre-contractual measures. In addition, Art. 6 para. 1 p. 1 lit. f GDPR serves as the legal basis for the temporary storage of technical access data. Our legitimate interest here is to be able to provide you with a technically functioning and user-friendly website and to ensure the security of our systems.
If you send us inquiries via the contact form, your message/communication (comment) including the contact data you provided there will be stored and processed accordingly for the purpose of processing and answering the inquiry as well as for the case of follow-up questions. We do not pass on this data to third parties unless this is necessary in the context of processing and answering your contact request or you have given us your corresponding consent.
If you contact us within the framework of an existing contractual relationship or contact us in advance for information about our range of services or our other services, the data and information you provide will be processed for the purpose of processing and responding to your contact request in accordance with Art. 6 (1) sentence 1 lit. b GDPR (legal basis). Incidentally, for the protection of our legitimate interests pursuant to Art. 6 para. 1 p. 1 lit. f GDPR for the proper response to customer/contact inquiries.
The data you enter in the contact form will remain with us until the purpose for storing/processing the data no longer applies (e.g. after processing your request has been completed). Mandatory legal provisions – in particular retention periods – remain unaffected.
We sometimes use so-called cookies on our website. Cookies do not cause any damage to your computer and do not contain viruses. Cookies serve to make our offer more user-friendly, effective and secure and to enable the provision of certain functions. Cookies are small text files that are stored on your computer and saved by your browser. A cookie contains a characteristic string of characters that enables your browser to be uniquely identified when the website is called up again.
Most of the cookies we use are so-called „session cookies“. They are automatically deleted after the end of your visit or browser session (so-called transient cookies). Other cookies remain stored on your terminal device for a specified period of time or until you delete them (so-called persistent cookies). These cookies enable us to recognize your browser on your next visit. Upon written request, we are happy to provide further information on the functional cookies used. Please then contact us at the above contact details.
You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. You can regularly obtain the procedure for deactivating cookies via the „Help“ function of your Internet browser. When disabling cookies, the functionality and/or full availability of this website may be limited. For further cookie-specific setting and deactivation options, please also see below the individual explanations of the cookies and associated functions/technologies specifically used when visiting our website.
Some of the cookies we use on our website come from third parties that help us analyze the impact of our website content and visitors' interests, measure the power and performance of our website, or serve customized advertising and other content to our website or other websites. As part of our website, we use both first party cookies (only visible from the domain you are visiting) and third party cookies (visible across domains and regularly set by third parties).
The cookie-based data processing is carried out on the basis of your consent pursuant to Art. 6 (1) sentence 1 lit. a GDPR (legal basis) or on the basis of Art. 6 (1) sentence 1 lit. f GDPR (legal basis) to protect our legitimate interests. Our legitimate interests here lie in particular in being able to provide you with a technically optimized website that is user-friendly and tailored to your needs, as well as to ensure the security of our systems. You can revoke the consent you have given us at any time, e.g. by deactivating the cookie-based tools/plugins listed in detail in the following overview. By making the appropriate settings, you can also object to processing based on legitimate interests.
In detail, the following cookie-based tools/plugins are used within the scope of this website:
This website uses the functions of Google Analytics, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, on the basis of your consent given to us ( Art. 6 (1) p. 1 lit. a GDPR). You can give us your consent voluntarily when you call up our website by pressing the corresponding button in the „cookie banner“ („Accept“) or reject the use of Google Analytics („Reject“) in the „cookie banner“ when you call up the website. We will store your selection in a separate cookie ( Art. 6 (1), sentence 1, lit. f GDPR) on the basis of the legitimate interest in respecting your decision and no longer displaying the cookie banner. On a regular basis, data is also transmitted to Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) as part of the processing described below. Google Ireland Limited and Google LLC are hereinafter jointly referred to as „Google“. Google Analytics uses cookies (first-party cookies), which enable an analysis of your use of the website. However, this does not mean that we gain direct knowledge of your identity as a result. Google uses the information generated by the cookies on our behalf for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage. This enables us to improve the quality of our website and its content. We learn on the basis of statistical analyses how the website is used and can thus constantly optimize our offer.
The information generated by the Google Analytics cookies about your use of this website (for example, time, location and frequency of your website visit, including IP address) will be transmitted to and stored by Google on servers in the United States. Google is certified under the Privacy Shield agreement (https://www.privacyshield.gov/eu-us-framework). We have set the storage period at Google for corresponding data at user and event level to 14 months (shortest possible setting option).
a) IP Anonymization
We have activated the IP anonymization function on this website. This means that your IP address is shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area before being transmitted to the USA and thereby anonymized. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. According to Google's own information, the IP address transmitted by your browser within the scope of Google Analytics is not merged with other Google data relating to your person.
b) Browser Plugin
You can prevent the storage of Google Analytics cookies by selecting the appropriate settings on your browser software (see above). You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) to Google and the processing of this data by Google by downloading and installing the browser plugin available at the following link:
https://tools.google.com/dlpage/gaoptout?hl=de.
c) Objection to Data Collection
Alternatively, you can enable/disable the collection of your data by Google Analytics, especially on mobile devices, by clicking on the following link: Disable Google Analytics
When deactivated, a cookie is set that prevents the collection of your data during future visits to this website. Specifically, the following tracking cookies are used by Google Analytics:
__utmz, __utma, __utmb, __utmc, __utmt.
More information on the handling of user data at Google Analytics and the security and data protection principles as well as setting and objection options can be found in Google's privacy policy, available via the following link:
https://support.google.com/analytics/answer/6004245?hl=de.
d) YouTube
Our website uses plugins of the video platform YouTube to embed videos and play them directly on our website. The operator of the video platform is YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, USA („YouTube“). YouTube is a company affiliated with Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; „Google“).
The integration of YouTube videos takes place in the so-called „extended data protection mode“, which, according to the provider, only triggers the storage of user information when the video(s) is/are played. However, the transfer of data to YouTube partners is not necessarily excluded by the extended data protection mode. This is how YouTube establishes a connection to the Google DoubleClick network – regardless of whether you watch a video.
When you activate embedded videos on our website, a connection to YouTube's servers is established and a data transmission is started. We have no influence on the scope and content of the data that is transmitted to YouTube and possibly other YouTube partners by activating the plugin. Among other things, the YouTube server is informed which of our pages you have visited. According to YouTube, this information is used, among other things, to collect video statistics, improve user-friendliness and prevent abusive behavior. YouTube uses cookies to collect information about user behavior. The cookies remain on your terminal device until you delete them. You can prevent YouTube from storing cookies by making the appropriate settings in your browser software (see above).
If you are logged into your YouTube account, you enable YouTube to assign your surfing behavior directly to your personal profile. You can prevent this by logging out of your YouTube account before activating the play button.
e) Google Maps
This website uses the map service Google Maps. The provider is Google Ireland Limited Gordon House, Barrow Street, Dublin 4, Ireland. Data is also regularly transmitted to Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) as part of the processing described below. Google Ireland Limited and Google LLC are hereinafter jointly referred to as „Google“. To use the functions of Google Maps, it is necessary to store your IP address. This information is usually transmitted to a Google server in the USA and stored there. The provider of this site has no influence on this data transmission.
The use of Google Maps is in the interest of an appealing presentation of our online offers and an easy location of the places indicated by us on the website. This represents a legitimate interest within the meaning of Art. 6 (1) p. 1 lit. f GDPR. More information on the handling of user data can be found in Google's privacy policy:
https://www.google.de/intl/de/policies/privacy/.
Compliance with legal requirements: We also process your personal data to comply with other legal obligations that may apply to us in connection with our business activities. These include, in particular, retention periods under commercial, trade or tax law. We process your personal data in accordance with Art. 6 (1) sentence 1 lit. c GDPR (legal basis) for the fulfillment of a legal obligation to which we are subject.
Law enforcement: We also process your personal data in order to be able to assert our rights and enforce our legal claims. Likewise, we process your personal data in order to be able to defend ourselves against legal claims. Finally, we process your personal data to the extent necessary to prevent or prosecute criminal offences. In this context, we process your personal data to protect our legitimate interests pursuant to Art. 6 (1) sentence 1 lit. f GDPR (legal basis), insofar as we assert legal claims or defend ourselves in legal disputes or we prevent or investigate criminal offences (legitimate interest).
Consent: If you have given us consent to process personal data for certain purposes (e.g. sending information material and offers), the lawfulness of this processing is based on your consent. Consent given can be revoked at any time. This also applies to the revocation of declarations of consent given to us before the applicability of the GDPR, i. e. before 25.5.2018. Please note that the revocation is only effective for the future and processing until then is not affected.
5. Recipients of Data
Within the Law Firm Staffiant those departments will receive access to your data that need it to fulfill our contractual and legal obligations. Service providers and vicarious agents employed by us (e.g. technical service providers, shipping companies, waste disposal companies) may also receive data for these purposes. We limit the transfer of your personal data to what is necessary, taking into account the requirements of data protection law. In some cases, the recipients receive your personal data as order processors and are then strictly bound by our instructions when handling your personal data. In some cases, the recipients act independently in their own data protection responsibility and are also obliged to comply with the requirements of the GDPR and other data protection regulations.
Finally, in individual cases, we transmit personal data to our consultants in legal or tax matters, whereby these recipients are obligated to special confidentiality and secrecy due to their professional status.
6. Data Transfer to Third Countries
In the context of the use of the above-mentioned tools, e.g. Google, we may transfer your IP address to third countries (see above). With regard to the USA; data transfer is based on the EU-US Data Privacy Framework. In this respect the European Commission certifies data protection that is comparable to the EEA standard by means of an adequacy decision. Otherwise, we do not transfer your personal data to countries outside the EU or the EEA or to international organizations, unless explicitly stated otherwise in this Privacy Policy.
7. Duration of Data Storage
We initially process and store your personal data for the duration for which the respective purpose of use requires corresponding storage (see above for the individual processing purposes). If applicable, this also includes the periods of the initiation of a contract (pre-contractual legal relationship) and the processing of a contract. On this basis, personal data is regularly deleted as part of the fulfillment of our contractual and/or legal obligations, unless its further processing for a limited period is necessary for the following purposes:
Fulfillment of statutory retention obligations, e.g. those arising from the German Commercial Code (sections 238, 257 (4) HGB) and the German Fiscal Code (section 147 (3) and (4) AO). The periods specified there for storage and documentation are up to ten years.
Preservation of evidence taking into account the statute of limitations. According to Sections 194 et seq. of the German Civil Code (BGB), these limitation periods can be up to 30 years, with the regular limitation period being three years.
8. Data Security
Personal data is protected by us by means of suitable technical and organizational measures in order to ensure an appropriate level of protection and to safeguard the personal rights of the persons concerned. The measures taken serve, among other things, to prevent unauthorized access to the technical equipment used by us and to protect personal data from unauthorized disclosure by third parties. In particular, this website uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as your contact requests that you send to us as the site operator. You can recognize an encrypted connection by the fact that the address line of the browser changes from „http://“ to „https://“ and by the lock symbol in your browser line. If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties. Nevertheless, we would like to point out that data transmission on the Internet (e.g. when communicating by e-mail) can have security gaps. A complete protection of data against access by third parties is therefore not possible.
9. Your Rights as a Data Subject
You are entitled to the following rights as a data subject under the statutory conditions:
Right to information: You are entitled to request confirmation from us at any time within the scope of Art. 15 GDPR as to whether we are processing personal data relating to you; if this is the case, you are also entitled within the scope of Art. 15 GDPR to receive information about this personal data as well as certain other information (including processing purposes, categories of personal data, categories of recipients, planned storage period, the origin of the data, the use of automated decision-making and, in the case of third country transfers, the appropriate safeguards) and a copy of your data. The restrictions of § 34 BDSG apply. Right to rectification: You are entitled to demand that we rectify the personal data stored about you if it is inaccurate or incorrect, in accordance with Art. 16 GDPR.
Right to erasure: You are entitled, under the conditions of Art. 17 GDPR, to demand that we delete personal data relating to you without delay. The right to erasure does not apply if the processing of the personal data is necessary, for example, to comply with a legal obligation (e.g. legal retention obligations) or to assert, exercise or defend legal claims. In addition, the restrictions of § 35 BDSG apply.
Right to restrict processing: You are entitled to request that we restrict the processing of your personal data under the conditions of Art. 18 GDPR.
Right to data portability: You are entitled, under the conditions of Art. 20 GDPR, to demand that we hand over to you the personal data concerning you that you have provided to us in a structured, common and machine-readable format.
Right of withdrawal: You may withdraw your consent to the processing of personal data at any time. This also applies to the revocation of declarations of consent given to us before the applicability of the GDPR, i. e. before 25.5.2018. Please note that the revocation only takes effect for the future. Processing that took place before the revocation is not affected. To declare the revocation, an informal communication e.g. by email to us is sufficient.
Right of objection: You have the right to object to the processing of your personal data under the conditions of Art. 21 GDPR, so that we must stop processing your personal data. The right to object exists only within the limits provided for in Art. 21 GDPR. In addition, our interests may conflict with the termination of processing, so that we are entitled to process your personal data despite your objection. We will consider an objection to any direct marketing measures immediately and without weighing the existing interests again.
Information about your right to object according to Art. 21 GDPR: You have the right to object at any time to the processing of your data that is carried out on the basis of Art. 6 (1) sentence 1 lit. f GDPR (data processing on the basis of a balance of interests) or Art. 6 (1) sentence 1 lit. e GDPR (data processing in the public interest), if there are grounds for doing so that arise from your particular situation.
If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the purpose of asserting, exercising or defending legal claims.
The objection can be made without formalities and should preferably be addressed to:
Magdalena Seiler
Im Langgewann 49, 69469 Weinheim
✉️info@staffiant.com
Right to complain to a supervisory authority: Under the conditions of Art. 77 GDPR, you have the right to lodge a complaint with a competent supervisory authority. In particular, you can address a complaint to the supervisory authority responsible for us.
Der Landesbeauftragte für den Datenschutz und die Informationsfreiheit Baden-Württemberg
Prof. Dr. Tobias Keber
Postfach: 10 29 32, 70025 Stuttgart
oder:
Lautenschlagerstraße 20, 70173 Stuttgart
Telefon: 0711 615541-0
✉️poststelle@lfdi.bwl.de
Homepage:
https://www.baden-wuerttemberg.datenschutz.de
or any other competent supervisory authority. A list of data protection supervisory authorities and their contact details can be found at the following link:
https://www.bfdi.bund.de/DE/Service/Anschriften/Laender/Laender-node.html
Other concerns: For further data protection questions and concerns, please contact our data protection officer. Corresponding inquiries as well as the exercise of your aforementioned rights should, if possible, be sent in writing to our address given above or by e-mail to datenschutz@dealdraft.de.
10. Obligation to Provide Data
In principle, you are not obliged to provide us with your personal data. However, if you do not do so, we will not be able to provide you with unrestricted access to our website or answer your inquiries to us. Personal data that we do not necessarily need for the above-mentioned processing purposes are marked accordingly as voluntary information.
11. Automated Decision Making/Profiling
We do not use automated decision making or profiling (an automated analysis of your personal circumstances).
12. Actuality and Change of this Privacy Policy
1. This privacy policy is currently valid and has the status 01.08.2025.
2. Due to the further development of our website and offers on it or due to changed legal or official requirements, it may become necessary to change this privacy policy.
