Data protection declaration GIS
By way of these data protection declaration, we as the data controller inform you about the type, scope and purpose of the processing of your personal data within our website and the associated services.
This data protection declaration is based on terms used by European legislators for directives and regulations when adopting the General Data Protection Regulation (GDPR). In order to ensure that this explanation is comprehensible, we explain the terms used at the outset. Insofar as you find references to legal regulations without exact indication of the name of the respective legislation, the GDPR is meant.
1. Personal data
“Personal data” means any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
2. Data controller
“Data controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State laws.
“Processing” means any operation or series of operations carried out with or without the aid of automated procedures relating to personal data, such as the collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
4. Third party
“Third party” means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data.
“Consent” means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
“Profiling” means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.
II. Contact details of the data controller and the data protection officer
Data controller for the processing:
Streitbörger Bielefeld GbR – Insolvenzverwaltung | Sanierung
Contact data of the Data Protection Officer:
III. Type and scope of personal data processing
We process your personal data only to the extent necessary to provide this website and our services. The data will only be processed if permitted by law. If you give your consent, further processing is also possible.
1. Visiting our website
When you visit our website, the browser you use automatically sends information to the server of our website. The following information is temporarily stored in log files:
- date and time of access to the website,
- your Internet Protocol (IP) address,
- Internet service provider of the accessing system,
- type of browser used and the operating system,
- websites from which you accessed our website,
- websites accessed from your system through our website.
The legal basis for the storage of data and log files is Article 6(1), Sentence 1, Litera f GDPR.
The data are processed to ensure the functionality of our website. The data also serve the technical optimisation of the website as well as the security and stability of our information technology systems.
We do not use these data for marketing purposes or to draw conclusions about your person.
The personal data will be deleted as soon as they are no longer necessary to achieve the purpose for which they were collected.
When the data are stored in log files, the data are deleted after 7 days at the latest.
If any other data are stored, your IP address will be deleted or alienated.
The processing of these data in log files is indispensable for the provision of the website. This means that you have no right of objection here.
When you visit our website, we process further personal data by using certain analysis services. You will find more detailed explanations on this under item IV. of this declaration.
If you contact us (e.g. by e-mail, contact form, telephone or social media), your personal data will be processed in order to process and handle the contact request. The legal basis for this processing of the transmitted data is Article 6(1), Sentence 1, Litera b GDPR. We delete these data as soon as it is no longer necessary to achieve the purpose of their collection, i.e. regularly when the respective conversation with you has ended. The conversation is over when the matter in question has been definitively resolved. Otherwise, the statutory retention periods shall apply. These data will not be passed on to third parties.
3. Processing of creditor data in the context of insolvency proceedings – GIS creditor information system
We have integrated the GIS creditor information system component on our website. GIS is a web system that provides creditors in insolvency proceedings with round-the-clock information on insolvency proceedings and also offers the possibility to support creditors when preparing to file claims and to transmit the recorded data electronically to the responsible insolvency administrator.
(a) Controller / job processor
We, Streitbörger Bielefeld GbR, and specifically the insolvency administrator appointed for the respective proceedings, are responsible for processing in the GIS (for contact details and the data protection officer, see Section II of this Data Protection Declaration).
The operating company of GIS is STP Informationstechnologie AG, Lorenzstraße 29, 76135 Karlsruhe, Germany. It provides GIS for us as a so-called “job processor” in accordance with Article 28 GDPR.
The technical and organizational security measures at STP Portal GmbH were checked by us before their assignment and are still regularly controlled. Your entered data will be transferred via an encrypted connection to a server of STP Portal GmbH located in Germany and will be stored there on our behalf. Subsequently, these data will be retrieved, processed and used by us, i.e. the appointed insolvency administrator and his or her employees, exclusively within the framework of the purpose described above. Your data shall be transmitted using an SSL certificate. Both we and STP Portal GmbH attach great importance to the security of the data processing systems and this site. That is why we use modern data storage and security technologies to provide optimum protection for your data. It goes without saying that our security measures are continuously improved in line with technological developments.
b) For what purposes and on what legal basis are personal creditor data processed?
When using GIS, we, i.e. the appointed insolvency administrator and his or her staff, collect, process and use your personal creditor data (e.g. name, address, contact data such as telephone number and e-mail address as well as bank details) to the extent permitted by law and necessary for the settlement of the relevant insolvency proceedings.
GIS is used in order to be able to offer you as a creditor a comprehensive information service for the insolvency proceedings and your claims at all times, to give you the opportunity to register claims comfortably online, to store the necessary (personal) data (e.g. contact data or bank details) with us, to administer them yourself and to inform the insolvency administrator quickly and easily about any changes, corrections or previously unknown claims data. This also allows us to make our internal work processes more efficient. GIS makes it easier for us or the respective insolvency administrator to fulfil our legal obligations in accordance with the Insolvency Code to ensure the orderly settlement of the insolvency proceedings, including the satisfaction of the insolvency creditors (§ 38 thereof) using the insolvent party’s assets. In addition, data processing within the framework of GIS helps to simplify correspondence with you, to create and maintain the insolvency table and to speed up the payment of any insolvency quota.
In accordance with Article 6(1)f GDPR, data processing by means of the creditor information system (GIS) is necessary to safeguard the legitimate interests of the insolvency administrator and also your interests as a creditor. These interests result from the aforementioned purposes.
If you register in the creditor information system, the processing of the data stored there is also based on your consent to participate in the creditor information system (Article 6(1)a GDPR). This also applies to the data that you enter when filing a claim.
The filing of the claim itself facilitates the orderly settlement of the insolvency proceedings, which also includes the satisfaction of the insolvency creditors (§ 38 of the Insolvency Code) using the insolvent party’s assets. The insolvency administrator is legally obliged to do so under the Insolvency Code. The legal basis for the processing of your data in the context of the filing of claims and satisfaction of the insolvency creditors is therefore also Article 6(1)c GDPR, possibly in connection with the original legal foundation on the basis of which the debtor has already processed your data. If, for example, there is or was a contract between you and the debtor, the performance of which you request by filing a claim, the processing is additionally carried out on the basis of Article 6(1)b GDPR.
(c) Where do the data come from?
Within the framework of insolvency proceedings and especially within the framework of GIS, data are basically collected from you, i.e. you provide the data we require by entering the data in the mask provided for this purpose.
If you received a postal letter from us with information about GIS and an access code, this was possible for us because the power of administration and disposal over the insolvent party’s assets, including the data forming part of the insolvent party’s assets, was transferred to the appointed insolvency administrator when the insolvency proceedings were initiated so that he or she can properly fulfil his or her legal obligations as insolvency administrator. The cover letter, for which we processed only your name or your company name or other business name and address, was solely in your interest, as we merely informed you about the possibility to register your outstanding claims in the table. We collect all other data from you. For the legal bases, see Section 3b).
d) Are you obliged to provide your data?
There is no legal or contractual obligation for you to provide data within the framework of the insolvency proceedings. Without the transfer of your data, however, it may not be possible to include your claim(s) in the insolvency table and thus to participate in the insolvency proceedings. If your data are incomplete, this can lead to the claim being included in the insolvency table but not recognised.
The use of the creditor information system is also completely voluntary. If you do not want to use GIS for your claim(s), you still have the option to submit your claim(s) in writing by post.
e) Who receives my data? Are your data transferred to a third country?
Access to your data is generally only granted to the appointed insolvency administrator and his or her employees, insofar as they are entrusted by the administrator with data processing.
Otherwise, your personal data will only be transferred to third parties to the extent necessary for the proper settlement of the insolvency proceedings. After your data have been retrieved from GIS to file claims, your data will be transferred to the competent insolvency court (see § 175 (1) of the Insolvency Code).
Furthermore, your data may be transmitted to the following categories of recipients: tax offices, tax consultants, lawyers and, if necessary, other service providers with whom we have concluded a job processing agreement in accordance with Article 28 GDPR.
Your data will not be transferred to recipients in countries outside the European Economic Area (“third countries”).
f) How long will your data be stored?
The data entered into GIS are generally only stored for the duration of the insolvency proceedings. After completion of the insolvency proceedings or the residual debt discharge proceedings, your data entered in GIS shall be deleted from the database. However, the data retrieved by the insolvency administrator will be processed by him for a limited period of time if necessary to comply with statutory retention periods or for documentation and verification purposes.
g) To what extent do automated individual decisions or profiling measures take place?
We do not use procedures to carry out automated individual case decisions or profiling measures within the framework of the GIS. The appointed insolvency administrators make all relevant decisions during the proper settlement of the insolvency proceedings.
Please refer to Section V of this Data Protection Declaration regarding your privacy rights.
Further information about GIS and STP Portal GmbH
IV. Analysis services: cookies and tracking
We use so-called “cookies” on our website. These are small text files that are automatically saved in or by the Internet browser on your terminal device (e.g. computer, tablet, smart phone, etc.) when you visit our website. These cookies contain characteristic character strings that enable a unique identification of the Internet browser when the website is called up again.
You can prevent the placement of cookies by our website at any time by means of an appropriate setting of the Internet browser used and thus permanently object to the placement of cookies. Furthermore, cookies that have already been set can be deleted at any time via an Internet browser or other software programs. This is possible in all common Internet browsers. If you deactivate the placement of cookies in the Internet browser used, not all functions of our website may be fully usable.
You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, accept cookies for certain cases or generally exclude them and activate the automatic deletion of cookies when closing the browser. If cookies are deactivated, the functionality of GIS may be restricted.
3. Google Analytics
We use Google Analytics, a web analysis service of Google Inc. (1600 Amphitheatre Parkway Mountain View, CA 94043, USA; hereinafter, “Google”).
Google Analytics uses “cookies”, which are text files placed on your computer, to help the website analyse how users use the site. The information generated by the cookie about your use of this website is usually transferred to a Google server in the United States and stored there.
However, if IP anonymisation is activated on this website, Google will abbreviate your IP address within Member States of the European Union or in other states party to the Agreement on the European Economic Area beforehand. Only in exceptional cases will the full IP address be transmitted to a Google server in the US and abbreviated there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide the website operator with other services relating to website and Internet use. The IP address transmitted by your browser in the context of Google Analytics is not merged with other Google data.
On behalf of the operator of this website, Google will use this information to evaluate your use, compile reports on website activities and to provide the website operator with further services associated with the use of the website.
The legal basis for the use of Google Analytics is Article 6(1)f GDPR.
Further information on data protection in connection with Google Analytics can be found in Google Analytics Help under the following link: https://support.google.com/analytics/answer/6004245?hl=de
4. Integration of other third-party services
Within our website, we use offers from third parties to optimize our website in order to integrate their content and services, e.g. videos or fonts, into our website (hereinafter, “services”). This integration requires that the providers of these services process your IP address. Because this cannot be technically prevented, the processing of the IP address is therefore necessary for the use and implementation of the services. We always endeavour to use only those services whose respective providers only process IP addresses for the immediate provision of services. Third-party providers may also use so-called “pixel tags” (invisible graphics, also known as “web beacons”) for statistical or marketing purposes. Web beacons can be used to examine and evaluate various types of information, e.g. the visit to our website. In pseudonymised form, information may also be stored in cookies on your terminal device, through which technical information about your browser and operating system, linked websites, visit time and other information about the use of our website may be processed. The legal basis for this processing of the transmitted data is Article 6(1)f GDPR. The services that may be used are:
a) Google Maps
b) Google Fonts
V Your rights as a data subject
When your personal data are processed, you are a data subject within the meaning of the GDPR. This gives you the following rights vis-à-vis us, i.e. vis-à-vis the data controller:
1. Right to information
As a data subject, you have the right to ask the data controller to confirm whether personal data concerning you are being processed; if this is the case, you have a right to information about this personal data (Article 15 GDPR). You can request information about the following:
a. the purposes for which the personal data are processed;
b. the categories of personal data processed;
c. the recipients or categories of recipients to whom the personal data relating to you have been or are still being disclosed;
d. if possible, the planned duration for which the personal data will be stored or, if this is not possible, the criteria for determining this duration;
e. the existence of a right to have your personal data rectified or erased or a right to have processing restricted by the controller or a right to object to such processing;
f. the existence of a right to lodge an objection with a supervisory authority;
g. if the personal data are not collected from the data subject, all available information on the origin of the data;
the existence of automated decision-making, including profiling in accordance with Article 22, Paragraphs 1 and 4 GDPR and, at least in these cases, meaningful information on the logic involved and the scope and intended effects of such processing for the data subject.
You further have the right to request information as to whether the personal data concerning you are being transferred to a third country or to an international organisation. In this context, you may request to be informed about the appropriate safeguards pursuant to Article 46 GDPR in connection with the transmission.
2. Right to rectification
As the data subject, you have the right to request the data controller to correct any inaccurate personal data concerning you without delay. Taking into account the purposes of the processing, you have the right to request the completion of incomplete personal data, also by means of a supplementary declaration (Article 16 GDPR).
3. Right to erasure
As the data subject, you have the right to request the data controller to erase personal data relating to you immediately, provided that one of the following reasons applies:
a. The personal data are no longer necessary for the purposes for which they were collected or otherwise processed.
b. The data subject revokes his or her consent, on which the processing was based pursuant to Article 6(1)a or 9(2)a GDPR, and there is no other legal basis for the processing.
c. The data subject files an objection against the processing pursuant to Article 21(1) GDPR and there are no overriding legitimate reasons for the processing or the data subject files an objection against the processing pursuant to Article 21(2) GDPR.
d. The personal data have been processed unlawfully.
e. The deletion of personal data is necessary to fulfil a legal obligation under Union law or the law of the Member States to which the data controller.
f. The personal data was collected in relation to services offered by the information society pursuant to Article 8(1) GDPR.
If the data controller has made the personal data concerning you public and is obliged to erase fore the aforementioned reasons, the controller shall take appropriate measures, including technical measures, taking into account the available technology and the implementation costs, to inform data processors who process the personal data that a data subject has requested the erasure of all links to these personal data or of copies or replications of these personal data.
This right to cancellation does not exist if the processing is necessary:
a. to exercise freedom of expression and information;
b. for the performance of a legal obligation required for processing under the law of the Union or of the Member States to which the controller is subject or for the performance of a task in the public interest or in the exercise of official authority conferred to the controller;
c. for reasons of public interest in the field of public health pursuant to Article 9(2), Literi h and i and Article 9(3) GDPR;
d. for archival purposes in the public interest, scientific or historical purposes, or for research purposes or for statistical purposes pursuant to Article 89(1) GDPR, insofar as the law referred to under Paragraph 1 is likely to make it impossible or seriously impair the attainment of the objectives of such processing; or
e. to assert, exercise or defend against legal claims.
4. Right to restrict processing
You have the right to require the controller to restrict the processing if one of the following conditions is met:
a. the accuracy of the personal data are disputed by the data subject for a period which enables the data controller to verify the accuracy of the personal data;
b. the processing is unlawful and the data subject refuses the deletion of the personal data and instead requests that the use of the personal data be restricted;
c. the data controller no longer needs the personal data for the purposes of the processing, but the data subject needs them to assert, exercise or defend legal claims; or
the data subject has filed an objection to the processing pursuant to Article 21(1) GDPR and it has not yet been determined whether the legitimate grounds of the controller outweigh grounds of the data subject.
If the processing is restricted, these personal data may only be processed, except for the storage, with your consent or to assert, exercise or defend against legal claims or to protect the rights of another natural or legal person or on grounds of an important public interest of the Union or a Member State.
If you have affected a restriction of the processing, you will be informed by the controller before the restriction is lifted.
5. Right of objection
As a data subject, you have the right, for reasons arising from your particular situation, at any time to lodge an objection to the processing of relevant personal data relating to you, which occurs based on Article 6(1), Literi e or f GDPR; this also applies to profiling based on these provisions. This also applies to profiling based on these provisions.
The controller will then no longer process the personal data in the case of an objection, unless the controller can provide grounds worthy of protection for the processing which outweigh the interests, rights and freedoms of the data subject, or the processing serves to assert, exercise or defend against legal claims.
If the data processor processes personal data for direct marketing purposes, you have the right to object at any time to the processing of personal data for the purpose of such advertising. This shall also apply to profiling insofar as it is connected with such direct advertising. If you lodge an objection with the controller regarding the processing for the purpose of direct advertising, the controller will no longer process the personal data for these purposes.
If you wish to exercise your right of objection, simply send a message to our data protection officer(s) (for contact details, see Item II).
You also have the option of exercising your right of objection in connection with the use of Information Society services by means of automated procedures using technical specifications, notwithstanding Directive 2002/58/EC.
6. Right to revoke consent under data protection law
You have the right to revoke your declaration of consent in data protection law at any time with effect for the future. The revocation shall not affect the legality of the processing carried out on the basis of the consent until revocation.
7. Right to notification
If you have exercised your right of rectification, erasure or restriction of the processing with respect to the controller, the controller is obliged to inform all recipients to whom the personal data concerning you have been disclosed of the rectification or erasure of the data or restriction of processing, unless this proves impossible or involves disproportionate effort.
You have the right viv-à-vis the controller to be informed of such recipients.
8. Right to portability
You have the right to receive the personal data concerning you that you have provided to the controller in a structured, common and machine-readable format. In addition, you have the right to pass these data on to another controller without hindrance by the controller to whom the personal data were provided, provided that:
a. the processing is based on consent pursuant to Article 6(1)a or 9(2)a GDPR or on a contract pursuant to Article 6(1)b GDPR; and
b. the processing is carried out using automated methods.
In exercising this right, you also have the right to have the personal data transferred directly from one controller to another controller insofar as this is technically feasible.
You are not entitled to a right to portability if the processing of personal data is necessary for the performance of a task in the public interest or in the exercise of public authority conferred to the controller.
9. Automated decisions in individual cases including profiling
You have the right not to be subject yourself to a decision based exclusively on automated processing, including profiling, that has legal effect against you or significantly impairs you in a similar manner.
This does not apply if the decision is:
- necessary for the conclusion or performance of a contract between the data subject and the controller;
- admissible by law of the Union or of the Member States to which the controller is subject and that law contains appropriate measures to safeguard the rights, freedoms and legitimate interests of the data subject; or
with your express consent.
In the cases mentioned in (a.) and (b.) above, the controller takes appropriate measures to protect the rights and freedoms as well as the legitimate interests of the data subject, including at minimum the right to obtain the intervention of a person on the part of the controller, to state its own position and to challenge the decision.
10. Right to lodge a complaint
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your place of domicile or work or the place of the alleged violation, if the data subject considers that the processing of personal data concerning him or her is contrary to the Regulation.
The supervisory authority with which the complaint was lodged will inform you as the complainant about the status and the results of the complaint, including the possibility of a legal remedy under Article 78 GDPR.
VI. Data security
We use technical and organisational measures to ensure that your personal data are protected as completely as possible. Nevertheless, Internet-based data transmissions can have security gaps, so that no one can guarantee absolute protection. For this reason, you are also free to transmit personal data to us by alternative means, for example by post, fax or telephone.