Data protection information Welcome to the website of boring.legal. The protection of personal data is important to us. We process personal data in accordance with the applicable data protection requirements, in particular the General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG). In the following, we would like to provide you with all the information you need to check and exercise your rights. In this data protection information you will find all information on the processing of your personal data in connection with the use of our website www.boring.legal and the use of the services we offer. You can print or save this data protection information by using the usual functionality of your browser.
#1 Controller and contact person The contact person and controller for the processing of your personal data when you visit this website within the meaning of the GDPR is
boring.legal GmbH Tucholskystraße 42 10117 Berlin
E-mail: support@boring.legal
Our website and the services we offer use various functionalities and applications (collectively ‘tools’) that are offered either by us or by third parties. These include tools that use technologies to store or access information in the end device.
The tools we use are listed below by category, whereby we inform you in particular about the providers of the tools, the storage period and the transfer of data to third parties. We also explain in which cases we obtain your voluntary consent to use the tools and how you can revoke this consent.
Each time you use our website, we collect the data that your browser automatically transmits to enable you to visit the website. We process the following data for this purpose
HTTP data - this is protocol data that is generated for technical reasons when you access the website or our services via the Hypertext Transfer Protocol (Secure) (HTTP(S)). This includes your IP address, the type and version of your Internet browser, the operating system you are using, the page you accessed, the page you visited previously (referrer URL) and the date and time of your access.
The processing of this HTTP data is necessary to enable you to visit the website and use our services, to ensure the long-term functionality and security of our systems and for the general administrative maintenance of our website.
The HTTP data is also stored in internal log files for the purposes described above, temporarily and limited to the necessary content, in order to compile statistical data on the use of our website, to further develop our website with regard to the usage habits of our visitors and users (e.g. if the proportion of mobile devices with which the pages are accessed increases) and to generally maintain our website administratively.
The legal basis is Art. 6 para. 1 lit. b GDPR, insofar as the page view occurs in the course of the initiation or execution of a contract, and otherwise Art. 6 para. 1 lit. f GDPR due to our legitimate interest in enabling website access and the permanent functionality and security of our systems.
In this context, we transmit your data to the following categories of recipients: Hosting provider.
You can find information on the duration of storage of the various categories of personal data in section 7.
You have various options for contacting us, e.g. by e-mail or via our contact form. In this context, we process data exclusively for the purpose of communicating with you. We process the following data for these purposes
The legal basis is Art. 6 para. 1 lit. b GDPR, insofar as your details are required to answer your enquiry or to initiate or execute a contract, and otherwise Art. 6 para. 1 lit. f GDPR due to our legitimate interest in you contacting us and us being able to answer your enquiry. If you are not an existing customer, we will only send you promotional emails on the basis of your consent. The legal basis in these cases is Art. 6 para. 1 lit. a GDPR in conjunction with Section 7 para. 2 no. 1 or 2 UWG.
In this context, we transmit your data to the following categories of recipients: hosting provider; email service provider.
The data collected by us when using the contact form will be deleted after your enquiry has been fully processed, unless we still need your enquiry to fulfil contractual or legal obligations (see section 7 ‘Storage period’).
With our newsletter, we would like to inform you primarily about current developments in the areas of accounting, taxes and law as well as events, news, offers and other important information. To subscribe to the newsletter, we collect your e-mail address and, in the case of events, your name and, if applicable, the company name.
Through individual functionalities (such as the use of behaviour-based data) of our newsletter, we can track which contents of our newsletter are of particular interest to you in a personalised manner. We use the results of these analyses exclusively for the purpose of improving our website and tailoring it to your needs. The newsletters may contain a so-called ‘web-beacon’, i.e. a pixel-sized file that is retrieved from our server or from the server of an analysis service provider when the newsletter is opened. This information is used for the technical improvement of our website based on the technical data or the target groups and reading behaviour. The statistical surveys also include determining whether the newsletters are opened, when they are opened, how long the reader stays on the website and which links are clicked. For technical reasons, this information can be assigned to individual newsletter recipients. However, it is not our intention to analyse individual users. The evaluations help us to recognise the reading habits of our users in general and to adapt our content to them or to send different content according to the interests of our users.
We use a ‘double opt-in’ procedure to confirm your subscription to the newsletter. For this purpose, we send an e-mail message requesting confirmation to the e-mail address provided during registration. A newsletter subscription only becomes effective once you have confirmed the e-mail address by clicking on the confirmation link contained in the e-mail.
If you provide optional information when registering, we will use this to personalise the newsletter and to select information that may be relevant to you.
In addition, the data is stored and processed for evidence purposes for the possible assertion, exercise or defence of legal claims. This also includes the assertion, exercise or defence of legal claims, including cooperation with external lawyers.
If you have given your consent, we will also analyse your usage behaviour in connection with our newsletter. For this purpose, we create user profiles using pseudonyms for the purpose of personalising the newsletter.
We process the following data for these purposes
Contact data - Data that you have provided to us when subscribing or when creating a user account to contact us for the purpose of implementing the user contract. This includes the following data in particular: E-mail address, name, address, telephone number.
Newsletter form HTTP data - data that is collected for technical reasons when the form for subscribing to and unsubscribing from the newsletter is called up on our website or via our services using the Hypertext Transfer Protocol (Secure) (HTTP(S)). This includes your IP address, the type and version of your Internet browser, the operating system you are using, the page you accessed, the page you visited previously (referrer URL) and the date and time of your access.
Newsletter subscription data - refers to data that we collect when you register for the newsletter. This includes the following mandatory data: Email address. Optionally, this also includes: title, first name, surname.
Newsletter pixel-code data - Data that is generated for technical reasons when our newsletters are accessed by so-called tracking pixels contained in the newsletter via the Hypertext Transfer Protocol (Secure) (HTTP(S)). Tracking pixels are small graphics in HTML e-mails that enable a log file recording and a log file analysis of the calls of the e-mails. This includes your IP address, the type and version of your Internet browser, the operating system you are using, the page you have accessed, the page you visited previously (referrer URL) and the date and time of your access.
Newsletter opt-in data - data that is collected when you subscribe to and unsubscribe from the newsletter. This includes the date and time of subscription to the newsletter, the date and time of sending the registration notification in the double opt-in procedure, the date and time of confirmation of the registration in the double opt-in procedure and the IP address of the end device used for confirmation as well as the date and time of any cancellation of the newsletter.
Newsletter profile data - data in user profiles that we create by analysing user behaviour in the newsletter using pseudonyms. This includes data on the use of the newsletter, in particular views, frequency of views and time spent in viewed newsletters.
The legal basis for the processing is your consent in accordance with Art. 6 para. 1 lit. a GDPR. You can unsubscribe from the newsletter at any time. A corresponding unsubscribe link can be found in every newsletter. A message to the contact details given above or in the newsletter (e.g. by e-mail or letter) is of course also sufficient for this purpose.
We may use so-called pixels (tiny, invisible image files) in our newsletters to measure the opening rate, as well as links where we can measure the click on the link before forwarding to the target page. The data is collected individually by an analysis service provider at the level of the recipients of the newsletter. However, the data is evaluated exclusively in aggregated form for statistical analysis and to optimise and further develop our content and customer communication. Usage is not analysed at the level of individual newsletter recipients. In addition, we also record whether newsletters could be delivered and for which email addresses delivery was not possible. No linking with other data takes place. You can prevent the measurement of the opening rate by deactivating the loading of images in your e-mail client.
As soon as you unsubscribe from the newsletter, your registration data will be deleted. Deletion also takes place promptly if you have not confirmed your subscription to the newsletter.
The legal basis for sending the newsletter, the aggregated usage analysis and the determination of deliverability is your consent in accordance with Art. 6 para. 1 lit. a GDPR.
As part of this processing in connection with newsletters, we transfer your data to the following categories of recipients Newsletter dispatch service provider, newsletter analysis service provider.
You can find information on the duration of storage of the various categories of personal data in section 7.
If you conclude a contract with us for the use of ‘boring.legal’, we will also use your contact details to send you further relevant information about our products and services by email (‘existing customer advertising’). This may include, in particular, news, promotions and offers as well as feedback and other surveys.
The legal basis for this data processing is Art. 6 para. 1 lit. f GDPR in conjunction with Section 7 para. 3 UWG, according to which data processing is permitted to safeguard legitimate interests, insofar as this concerns the storage and further use of data for advertising purposes. You can object to the use of your data for advertising purposes at any time by clicking on the corresponding link in the emails or by sending a message to the contact details given above (e.g. by email or letter) without incurring any costs other than the transmission costs according to the basic rates.
As part of this processing in connection with newsletters, we transmit your data to the following categories of recipients Newsletter dispatch service providers, newsletter analysis service providers.
You can find information on the duration of storage of the various categories of personal data in section 7.
We temporarily store data in log files on our web server and analyse them to ensure the security of the IT infrastructure used to provide the services, in particular to detect, eliminate and document malfunctions (e.g. DDoS attacks).
We process the following data for this purpose: HTTP data - this is protocol data that is generated for technical reasons when the website is accessed via the Hypertext Transfer Protocol (Secure) (HTTP(S)). This includes your IP address, the type and version of your Internet browser, the operating system you are using, the page you accessed, the page you visited previously (referrer URL) and the date and time of your access.
The legal basis for processing is our legitimate interest in accordance with Art. 6 para. 1 lit. f GDPR. Our legitimate interest is to ensure the security of the IT infrastructure used for the provision of the services, in particular for the detection, elimination and conclusive documentation of faults (e.g. DDoS attacks).
In this context, we transmit your data to the following categories of recipients: hosting providers; IT security service providers.
You can find information on the duration of storage of the various categories of personal data in section 7.
We temporarily store data in log files on our web server and analyse them in order to quickly identify errors that have led to a malfunction or crash and thereby improve our services. The data is stored and analysed in anonymised form. This means that we store the data in a form that does not allow the data subject to be identified. We also process data on the settings of the page on which the error occurred.
In this context, we transmit your data to the following categories of recipients: hosting providers; error detection and error handling services.
You can find information on the duration of storage of the various categories of personal data in section 7.
We operate a service through which you can utilise services in the areas of accounting, taxes, contracts and legal documents. In addition, we offer you the opportunity to contact external qualified tax advisors and lawyers and to conclude individual agreements with them directly. We process personal data for this purpose. The provision of data is necessary in order to be able to use our services and conclude agreements with external tax advisors and lawyers.
We process the following data for these purposes
The processing serves to prepare and fulfil our contractual obligations towards users in accordance with Art. 6 para. 1 lit. b GDPR).
In this context, we transmit your data to the following categories of recipients: hosting providers; technology service providers; external tax consultants; external lawyers.
For information on the duration of storage of the various categories of personal data, please refer to Section 7.
If you access our website or use our services and give us your consent, we collect information about your use of our website and our services by means of the web analysis tools used by web analysis and optimisation services and store them in a device-related profile. This enables us to improve our services. In order to be able to assign this information to your end device, we assign a unique ID to your end device, which is linked to the device-related profile. This data is stored in cookies on your end device and can be read when you visit our website or use our services. When you visit our website and use our services, we can recognise your end device based on the ID assigned to it. The aim of the analysis is to analyse where users come from, which areas of our website or our services they visit and how often and for how long they view which content and categories. To document your consent, we store a unique ID assigned to you for the duration of your consent.
We process the following data for these purposes
The web analysis tool we use generates and stores the web analysis profile. This includes information about your use of our website and our services, in particular page views, frequency of visits and length of stay on the pages visited, as well as the ID assigned to your end device.
The legal basis for the processing is the consent you have given us in accordance with Art. 6 para. 1 lit. a GDPR. You can revoke your consent at any time.
In this context, we transmit your data to the following categories of recipients: Web analysis and optimisation services.
You can find information on the duration of storage of the various categories of personal data in section 7.
We use tracking technologies, in particular cookies, to make visiting our website and using our services more attractive for you and to enable the use of certain functions. These are small text files that are stored on your computer. Some of the cookies we use are deleted again at the end of the browser session, i.e. after you close your browser (so-called session cookies). Other cookies remain on your end device and enable us or our partner companies to recognise your browser on your next visit (persistent cookies). Persistent cookies are automatically deleted after a preset time, which may vary depending on the cookie.
Most browsers are set by default to accept cookies, the execution of scripts and the display of graphics. However, you can usually adjust your browser settings so that all or certain cookies are rejected or scripts and graphics are blocked. If you completely block the storage of cookies, the display of graphics and the execution of scripts, our services may not work or may not work properly.
When you visit or use our website or our services, data may be collected and processed both by our own cookies and by cookies from third-party providers. This processing is carried out for the purposes of functionality, user experience, performance measurement and optimisation of our website as well as for marketing purposes.
For this purpose, we process the data that you provide to manage cookie consents for our website or our services and data that is assigned to your end device when using the function for managing cookie consents. This includes your consent and, if applicable, your individual selection for the use of cookies on your end device. In addition, depending on the individual case, further specific user information such as browser and location data and IP address values may be processed in connection with the use of cookies. Details can be found in our cookie banner and the associated cookie policy.
We provide you with a function to manage your cookie settings for the website and the use of our services. When you return to the website or our services, we determine whether you have already given your consent, for example, and activate cookies and related analysis tools according to your preferences. For this purpose, data from strictly necessary cookies is also temporarily processed on our web server. You can find more detailed information on the content and purposes of the cookies and similar technologies used in our cookie banner and the associated cookie policy, which you can access at any time via our website or our services
The legal basis for the use of tracking measures and in particular cookies is displayed in our cookie banner. Fundamentally and subject to deviations in individual cases, the legal basis for all technically necessary cookies is our legitimate interest in operating a functional website and services and making them available to you as requested by you in accordance with Art. 6 para. 1 lit. f GDPR and § 25 para. 2 no. 2 TDDDG. Any further use of cookies that is not absolutely technically necessary constitutes data processing that we only carry out with your express and active consent in accordance with Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG. This applies in particular to the use of functional cookies and marketing cookies.
We maintain online presences in social networks in order to communicate with customers and interested parties and to provide information about our products and services.
User data is generally processed by the relevant social networks for market research and advertising purposes. This allows user profiles to be created based on the interests of the users. Cookies and other identifiers are stored on users’ computers for this purpose. Based on these user profiles, adverts are then placed within the social networks, for example, but also on third-party websites.
As part of the operation of our online presence, we may have access to information such as statistics on the use of our online presence provided by the social networks. These statistics are aggregated and may include, in particular, demographic information (e.g. age, gender, region, country) and data on interaction with our online presence (e.g. likes, subscriptions, shares, viewing of images and videos) and the posts and content distributed via it. This may also provide information about users’ interests and which content and topics are particularly relevant to them. This information can also be used by us to adapt the design and our activities and content on the online presence and to optimise it for our audience. Please refer to the list below for details and links to the social network data that we can access as the operator of the online presence. The collection and use of these statistics is generally subject to joint responsibility. Where this applies, the corresponding contract is listed below.
The legal basis for data processing is Art. 6 para. 1 lit. f GDPR, based on our legitimate interest in effective information and communication with users, or Art. 6 para. 1 lit. b GDPR, in order to stay in contact with our customers and inform them, as well as to carry out pre-contractual measures with future customers and interested parties.
If you have an account with the social network, it is possible that we can see your publicly available information and media when we access your profile. In addition, the social network may allow us to contact you. This can be done, for example, via direct messages or posts. The content of the communication via the social network and the processing of the content data are the responsibility of the social network as a messenger and platform service. As soon as we transfer personal data from you to our own systems or process it further, we are independently responsible for this and this is done to carry out pre-contractual measures and to fulfil a contract in accordance with Art. 6 para. 1 lit. b GDPR.
The legal basis for the data processing carried out by the social networks on their own responsibility can be found in the data protection information of the respective social network. The links below will also provide you with further information on the respective data processing and the options to object.
We would like to point out that data protection requests can be made most efficiently with the respective provider of the social network, as only these providers have access to the data and can take appropriate measures directly.
Below is a list with information on the social networks on which we operate online presences LinkedIn (LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland) Operation of the LinkedIn company page under joint responsibility on the basis of an agreement on the joint processing of personal data (so-called Page Insights Joint Controller Addendum) https://legal.linkedin.com/pages-joint-controller-addendum Information on the Page Insights data processed and how to contact us in the event of data protection enquiries: https://legal.linkedin.com/pages-joint-controller-addendum Privacy policy: https://www.linkedin.com/legal/privacy-policy Opt-Out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out
The data collected by us will only be passed on if there is a legal basis for this under data protection law in the specific case, in particular if you have given your express consent pursuant to Art. 6 para. 1 lit. a GDPR, the disclosure pursuant to Art. 6 para. 1 lit. f GDPR is necessary for the assertion, exercise or defence of legal claims and there is no reason to assume that you have an overriding interest worthy of protection in not disclosing your data, we are legally obliged to disclose your data in accordance with Art. 6 para. 1 lit. c GDPR, in particular if this is necessary due to official enquiries, court orders and legal proceedings for legal prosecution or enforcement, or this is legally permissible and necessary in accordance with Art. 6 para. 1 lit. b GDPR for the processing of contractual relationships with you or for the implementation of pre-contractual measures that are carried out at your request.
Part of the data processing may be carried out by our service providers. In addition to the service providers mentioned in this privacy policy, this may include, in particular, data centres that store our website and databases, software providers, IT service providers that maintain our systems, agencies, market research companies, group companies and consulting firms. If we pass on data to our service providers, they may only use the data to fulfil their tasks. The service providers have been carefully selected and commissioned by us. They are contractually bound by our instructions, have suitable technical and organisational measures in place to protect the rights of the data subjects and are regularly monitored by us.
As explained in this privacy policy, we may use services whose providers are partly located in so-called third countries (outside the European Union or the European Economic Area) or process personal data there, i.e. countries whose level of data protection does not correspond to that of the European Union. If this is the case and the European Commission has not issued an adequacy decision for these countries in accordance with Art. 45 GDPR, we have taken appropriate precautions to ensure an adequate level of data protection for any data transfers. These include the standard contractual clauses of the European Union or binding internal data protection regulations.
Where this is not possible, we base the data transfer on exceptions under Art. 49 GDPR, in particular your express consent or the necessity of the transfer for the fulfilment of the contract or for the implementation of pre-contractual measures.
If a transfer to a third country is planned and there is no adequacy decision or suitable guarantees, it is possible and there is a risk that authorities in the respective third country (e.g. secret services) may gain access to the transferred data in order to collect and analyse it, and that the enforceability of your rights as a data subject cannot be guaranteed. When obtaining your consent via the consent banner, you will also be informed of this.
In principle, we only store personal data for as long as necessary to fulfil the purposes for which we collected the data. We then delete the data immediately, unless we still need the data until the statutory limitation period expires for evidence purposes for civil law claims, due to statutory retention obligations or there is another legal basis under data protection law for the continued processing of your data in a specific individual case.
We store HTTP data and server log files for a maximum period of 3 months, unless a security-relevant event occurs (e.g. a DDoS attack). In the event of a security-relevant event, server log files are stored until the security-relevant event has been eliminated and fully clarified.
For evidence purposes, we must retain contract data for three years from the end of the year in which the business relationship with you ends. Any claims expire at the earliest at this time in accordance with the statutory limitation period.
Even after this time, we must still store some of your data for accounting reasons. We are obliged to do so due to statutory documentation obligations that may arise from the German Commercial Code, the German Fiscal Code, the German Banking Act, the German Money Laundering Act and the German Securities Trading Act. The periods specified there for the retention of documents are two to ten years.
You are entitled to the data subject rights formulated in Art. 15 - 21, Art. 77 GDPR at any time if the respective legal requirements are met:
To assert your rights described here, you can contact us at any time using the contact details provided above. This also applies if you wish to receive copies of guarantees to demonstrate an adequate level of data protection. If the respective legal requirements are met, we will comply with your data protection request.
Your requests to assert data protection rights and our responses to them will be stored for documentation purposes for a period of up to three years and, in individual cases, for the assertion, exercise or defence of legal claims beyond this period. The legal basis is Art. 6 para. 1 lit. f GDPR, based on our interest in the defence against any civil law claims pursuant to Art. 82 GDPR, the avoidance of fines pursuant to Art. 83 GDPR and the fulfilment of our accountability obligation pursuant to Art. 5 para. 2 GDPR.
Finally, you have the right to lodge a complaint with the data protection supervisory authority responsible for us. You can assert this right with a supervisory authority in the member state of your place of residence, your place of work or the place of the alleged infringement. In Berlin, our registered office, the competent supervisory authority is Berlin Commissioner for Data Protection and Freedom of Information, Alt-Moabit 59-61, 10555 Berlin.
You have the right to withdraw your consent at any time. As a result, we will no longer continue the data processing that was based on this consent in the future. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal. If we process your data on the basis of legitimate interests, you have the right to object to the processing of your data at any time on grounds relating to your particular situation. If it concerns an objection to data processing for direct marketing purposes, you have a general right to object, which we will also implement without you having to give reasons.
If you would like to exercise your right of cancellation or objection, an informal message to the above-mentioned contact details is sufficient.
We occasionally update this privacy policy, for example if we adapt our website or if the legal or official requirements change.
Status: November 2024