discover legal GmbH values the trust of its customers and business partners. The company is therefore committed to respecting data protection and provides its customers and business partners with information concerning which data it collects and stores as well as their rights.
The business goal definition of discover legal GmbH complies with the data protection principles of GDPR pursuant to Art. 4 and 5 (1).
discover legal GmbH
Managing Directors: Elizabeth Lehnich and Catherine Besendahl
General information and terms
‘Personal data’ means any information relating to an identified or identifiable natural person (hereinafter ‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g. cookie) or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
‘Processing’ means any operation performed with or without the aid of automated means or any such set of operations that is performed on personal data. The term is interpreted broadly, and it includes virtually every instance where data are processed.
Purposes of collection and storage
- Processing applications, resumes, job descriptions
- Implementing and terminating the contractual relationship
- Measuring and managing performance
- Personnel administration, personnel planning, personnel management, personnel development and training
- Compliance with legal requirements, e.g. tax law
- Internal administrative and organisational purposes
- Ensuring the processing procedures and data are protected against unauthorised access, corruption and unauthorised use
- Exercising and fulfilling the rights and duties of representation of the contractual partners’ interests arising from a law or an agreement.
- Customer administration, planning, management and customer development
- Internal administrative and organisational purposes
Information about Cookies
‘Cookies’ are small files that are stored on users’ computers. Cookies can be used to store various kinds of information. A cookie is primarily used to store information about a user (or the device on which the cookie is stored) during or after the user’s visit to an online offering. ‘Session cookies’ or ‘transient cookies’ represent a type of temporary cookie that is erased after a user leaves the online offering or closes their browser.
This website uses only two session cookies. Both cookies expire automatically when the session ends. More detailed information on the cookies can be requested from the Controller.
If you do not want cookies to be stored on your computer, you are given the option to deactivate cookies in your browser settings or to erase existing cookies. Saved cookies can be erased in the system settings of the browser. If you deactivate cookies, you may not be able to use all the features of this online offering.
Furthermore, you can prevent cookies from being stored by disabling them in the browser settings. Please note that you may not be able to use all of the features of this online offering if you so disable cookies.
Other web tracking and analysis tools
This website does not use Google Analytics or any other web tracking/analysis tool.
Email and contact form
When contacting us (e.g. via contact form, email and telephone), the user’s data will be used to process the contact request and its handling in accordance with Art. 6 (1) point (b) (within the framework of contractual/pre-contractual relations) or Art. 6 (1) point (f) (other inquiries) GDPR. The statutory erasure deadlines apply.
Data transmission and processors
In the scope of our processing, we only disclose or transmit data or otherwise grant access to data to other persons or companies (processors or third parties) if we are authorised to do so by law (e.g. if data must be transmitted to a third party, such as a payment processer, to fulfil the contract as per Art. 6 (1) point (b) GDPR), if you have given your consent, if a legal obligation provides for this or if such transmission is based on a legitimate interest (e.g. when contracting with agents, web hosting providers etc.).
Whenever we commission third parties to process data, we always conclude a data processing agreement pursuant to Art. 28 GDPR.
Transmission to third countries
If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or if data is processed in a third country as part of a relationship with a third party or while using third party services, or if we disclose or transmit data to third parties, then this will only be done in order to fulfil our (pre)contractual obligations, on the basis of your consent, on the basis of a legal obligation or on the basis of our legitimate interests. Subject to legal or contractual approval, we process or allow data to be processed in a third country only if the special conditions specified under Art. 44 et seqq. GDPR are satisfied. In other words, data processing is conducted on the basis of specific guarantees, such as the official recognition that the level of data protection is such third country is equal to the level in the EU or thereby complying with officially recognized special contractual obligations (so-called ‘standard contractual clauses’).
Types of data processed
- Master data (name, academic title, address, customer number)
- Contract data (type of contract, start date/end date of contract, content)
- Business contact and communication data
- Candidate data
- Historical data
Your data protection rights
Your data protection rights are regulated in Chapter III (Art. 12 et seq.) of the European General Data Protection Regulation (GDPR). According to these provisions, you have a right to have access to information about the personal data stored about you, about the purpose of the processing, about possible transmissions to other bodies and about the duration of storage.
You may also receive extracts or copies when exercising your right of access. If data is incorrect or no longer necessary for the purposes for which it was collected, you may request that it be rectified, erased or the processing be limited.
If processing is based on a legitimate interest, you may object to the processing of your data should your particular personal situation give you reasons to object to the processing of your personal data. In such a case, we will only process your data if there are special compelling interests.
If you have any questions about your rights and how to exercise your rights, please contact us.
In individual cases we may also obtain your consent to the processing or transmission of your data. Your consent is freely given in such cases and can be revoked by you at any time in the future, unless otherwise agreed. You will not suffer any disadvantages if you do not give your consent or if you should revoke your consent at a later date.
Right to lodge a complaint with the supervisory authority
Hamburgischer Beauftragter für Datenschutz und Informationsfreiheit
Erasure of data
Relevant legal bases