Data protection

With this data protection declaration, we would like to inform you about how your personal data is processed and used and what rights you have in relation to your data.

We have taken the measures that are reasonable for us to ensure the best possible protection of personal data processed via this website, but internet-based data transmissions can generally have security gaps, so that absolute protection cannot be guaranteed.

1. Definitions

The data protection declaration is based on the terms used by the European legislator for the adoption of the General Data Protection Regulation (GDPR). These can be read in Art. 4 GDPR - for example on the website of the Federal Commissioner for Data Protection and Freedom of Information https://www.bfdi.bund.de

In addition, the following terms are used:

a) Order data processor
Order data processor is a natural or legal person, public authority, institution or other body that processes personal data on behalf of the person responsible.

b) cookies
Cookies are text files that the browser stores on the user's computer when a website is accessed. They store data on visiting websites, which in detail depends on the type and purpose of the cookie.

2. Name and address of the person responsible for processing

The person responsible within the meaning of the General Data Protection Regulation is:

Dr. Michael Steiner

Kurfürstendamm 92
10709 Berlin


0049 - (0)30 - 887208890


0049 - (0)30 - 887208891





An internal data protection officer has been appointed. You can reach him at: m.kayser@steiner-berlin.de

3. Collection of general data and information

The website of the person responsible for processing collects a series of general data and information each time the website is accessed by an affected person or an automated system. This general data and information is stored in the log files of the server. Can be recorded:

(1) The type of browser used
(2) Time and date of the page view
(3) The operating system used,
(4) The website from which our website was referred to (referrer)
(5) The sub-websites that are accessed on our website,
(6) The Internet Protocol address (IP address)

When using these general data and information, no conclusions are drawn about the data subject. Rather, this information is required to (1) deliver the content of our website correctly, (2) optimize the content of our website and the advertising for it, (3) ensure the long-term functionality of our information technology systems and the technology of our website and ( 4) to provide law enforcement authorities with the information necessary for law enforcement in the event of a cyber attack. This anonymously collected data and information is collected by the controller and its web host, domainfactory GmbH, represented by its managing director Dr. Claus Boyens, Tobias Mohr, Oskar-Messter-Strasse 33, 85737 Ismaning, is therefore evaluated statistically on the one hand and also with the aim of increasing data protection and data security in our company. The anonymous data of the server log files are stored separately from all personal data provided by an affected person, so that no connections or related data sets can be formed from them. An order data processing contract was concluded with the designated web host.

4. Cookies

Most browsers have an option to limit the storage of cookies or to set the browser to notify you when a cookie is set. You can also delete cookies from your PC's hard drive at any time. For reasons of data economy, our website only uses necessary technical cookies.

5. Contact option via the website

On the website of the person responsible for processing, the provision of an e-mail address enables quick electronic contact. If an affected person contacts the person responsible for processing by e-mail, the personal data transmitted by the affected person will be automatically saved. Such personal data transmitted on a voluntary basis by a data subject to the data controller are stored for the purpose of processing or contacting the data subject. This personal data will not be passed on to third parties.

6. Routine Deletion and Blocking of Personal Data

The person responsible for processing processes and stores the personal data of the person concerned only for the period of time necessary to achieve the purpose of storage or if this is required by the European directive and regulation giver or another legislator in laws or regulations which the person responsible for processing subject, was provided.

If the purpose of storage no longer applies or if a storage period prescribed by the European directive and regulation authority or another responsible legislator expires, the personal data will be blocked or deleted as a matter of routine and in accordance with the statutory provisions.

7. Rights of the data subject

Those affected have the right

  • for confirmation as to whether data relating to them is being processed, for information about the data processed, for further information about data processing and for copies of the data (cf. also Art. 15 GDPR);
  • to correct or complete incorrect or incomplete data (see also Art. 16 GDPR);
  • to the immediate deletion of the data concerning them (see also Art. 17 GDPR), or, alternatively, if further processing is required in accordance with Art. 17 (3) GDPR, to restriction of processing in accordance with Art. 18 GDPR;
  • to receive the data relating to them and provided by them and to transmit this data to other providers/responsible parties (cf. also Art. 20 GDPR);
  • to complain to the supervisory authority (for Germany: The Federal Commissioner for Data Protection and Freedom of Information, Husarenstraße 30, 53117 Bonn), if you believe that the data concerning you are being processed by the provider in violation of data protection regulations (cf. also Art. 77 GDPR).
  • In addition, you can request that we inform you of all recipients to whom data has been disclosed by us, any correction or deletion of data or the restriction of processing that takes place on the basis of Articles 16, 17 para. 1, 18 DSGVO, communicate. However, this obligation does not exist if this notification is impossible or involves a disproportionate effort.

According to Art. 21 GDPR, you also have the right to object to the future processing of the data concerning you, provided that the data is processed by us in accordance with Art. 6 (1) lit. f) GDPR. In particular, an objection to data processing for the purpose of direct advertising is permissible.

If you would like to assert your right to revoke your consent, you can contact the person responsible for processing or the data protection officer at any time, as well as with regard to other claims.

8. Legal basis of processing

Art. 6 I lit. a DS-GVO serves our company as the legal basis for processing operations for which we obtain consent for a specific processing purpose. If the processing of personal data is necessary to fulfill a contract to which the data subject is party, as is the case, for example, with processing operations that are necessary for the delivery of goods or the provision of another service or consideration, the processing is based on Art. 6 I lit. b GDPR. The same applies to such processing operations that are necessary to carry out pre-contractual measures, for example in cases of inquiries about our services. If our company is subject to a legal obligation which requires the processing of personal data, such as the fulfillment of tax obligations, the processing is based on Art. 6 I lit. c GDPR. In rare cases, the processing of personal data could become necessary to protect the vital interests of the data subject or another natural person. This would be the case, for example, if a visitor were injured in our company and his name, age, health insurance data or other vital information would have to be passed on to a doctor, hospital or other third party. Then the processing would be based on Art. 6 I lit. d GDPR. Ultimately, processing operations could be based on Art. 6 I lit. f GDPR. Processing operations that are not covered by any of the aforementioned legal bases are based on this legal basis if the processing is necessary to protect a legitimate interest of our company or a third party, provided that the interests, fundamental rights and fundamental freedoms of the person concerned do not prevail. Such processing operations are permitted to us in particular because they have been specifically mentioned by the European legislator. He represented in this respect, the opinion that a legitimate interest could be assumed if the person concerned is a customer of the person responsible (recital 47 sentence 2 DS-GVO).

9. Legitimate interests in processing pursued by the controller or a third party

If the processing of personal data is based on Article 6 I lit. f GDPR, our legitimate interest is the conduct of our business.

10. Duration for which the personal data will be stored

The criterion for the duration of the storage of personal data is the respective statutory retention period. After the deadline has expired, the corresponding data will be routinely deleted, provided that they are no longer required to fulfill the contract or to initiate a contract.

11. No transfer of data to third parties

The person responsible for the processing does not pass on the personal data of its users to third parties, unless you have previously given your express consent or there is a legal obligation to pass on the data. Furthermore, personal data may be passed on to third parties if a legal basis allows this and the data must be passed on to fulfill our contractual obligations.

12. Existence of automated decision-making

As a responsible company, we do not use automatic decision-making or profiling.