Legal Entity Identifier Register - Data privacy statement

Data privacy statement

for the Legal Entity Identifier Register (LEIReg).

1. General

The

Bundesanzeiger Verlag GmbH
Amsterdamer Str. 192
50735 Cologne

Tel.: +49 (0) 2 21 / 9 76 68-0
Fax: +49 (0) 2 21 / 9 76 68-278
E-Mail: service(at)bundesanzeiger.de

operates this website for purposes of offering information and services.

We will process your personal data exclusively in accordance with the provisions of Data Privacy Legislation as amended. Please refer to a glossary under "Definitions" for data privacy terminology. The following provisions will inform you about the type, extent and purpose of collection, processing and use of personal data. This Data Privacy Statement applies exclusively to our Web pages. Should links on our Web pages take you to other Web pages, please refer to those pages for information on how your data will be handled there.

Your personal data will, wherever possible, be encrypted by digital security systems to protect them from damage, erasure or unauthorised access, using technical and organisational measures.

2. Collection and utilisation of personal data

We collect, process and store the personal data you are making available (for example: your name, address and phone number or e-mail address, also data needed for accounting) to the extent they are needed for processing of requests and orders (e.g. LEI applications, Challenge notifications or orders for newsletters) or for technical website administration or mandatory reasons. Article 6 (1) a), b), c), e) and f) GDPR provides the legal basis for processing such data.

To facilitate this task, your data may be exchanged with third parties involved in processing orders and invoices. In addition, we will not disclose your personal data to third parties unless we are obligated to do so due to mandatory regulations, this is necessary for collecting fees and charges, or you yourself stipulate this.

Your registered and accounting data (e.g. bank account details) are always encrypted before transfer to our systems. This protects communication between yourself and our web server and prevents abuse of data. We deploy SSL (Secure Socket Layer) for encryption, a recognised and widely used system on the Internet, as also used for instance by banks or online shops for business over the Internet and regarded as secure as amended.

3. Use of personal data

Your personal data will, to the extent required for justification, structuring of content or changes to a contractual or official user relationship (master data), be processed exclusively for such purposes. We reserve the right of recourse to authorised remedial action and legal grounds.

We may ask you for certain personal information should you contact us via e-mail, fax or by phone. We will ask only for data required for proper processing of your contact enquiry, including at least your surname and first name, your e-mail address and phone number. The legal basis pursuant to Article 6 (1) c), e) and f) GDPR will be a legitimate interest in processing. You may also in the course of your contact enquiry offer additional voluntary data. We will store the data and use them in responding to your contact enquiry. Voluntary provisioning of such data will signify your consent to their use as defined above. We will log your consent to the collection and use of data. The legal basis for data processing pursuant to Article 6 (1) a) GDPR includes consent by affected parties.

Your name and address must, for instance, be disclosed to accounting service providers for invoicing for chargeable services. Unless with your consent or mandatory, your personal data will not be disclosed to third parties not in a contractual or usage relationship.

We are permitted in specific cases and on request of authorised bodies to release master data for purposes of law enforcement, aversion of danger by police authorities of the states, execution of statutory tasks by Federal and State authorities for the protection of the constitution, Federal Information services, military counter-intelligence, or for assertion of intellectual property rights.

We will carefully examine any such requests using the means available to us and will not disclose your data unless our statutory obligation is abundantly clear. The legal basis of data processing pursuant to Article 6 (1) c) and e) GDPR would in such cases be compliance with our statutory obligations and pertinent special legislation.

4. Collection and processing of non-personal data

a. Browser data

Information that your Internet browser transmits to us will, for technical reasons and for reasons of maintaining and improving functionality, be automatically collected and stored here and we will transmit such data to third parties to the extent required. Our legitimate interest pursuant to Article 6 (1) f) GDPR in processing such data would be operational reliability of the website.

These data comprise:

  • Browser type and version
  • Operating system
  • Website from where you arrived (referrer URL)
  • Website you are visiting
  • Date and time of access
  • Your Internet protocol data (IP address)
  • Transmitted data volumes
  • Access status (files transferred, file not found etc.)

These anonymous data will be stored separately from personal data you may have given, thus preventing tracking of specific persons. Your visits may be analysed for statistical purposes, for optimisation of our Internet presence and our offers. Such data will be erased in our system and those of our service providers after the analysis.

b. Anonymised usage profiles

Unless otherwise indicated here, you will not be required to furnish personal data when using our website. Information will be stored in a log file when a user accesses the abovementioned websites or retrieves a file. We use such information to ensure technical functionality of your visit to our website. We will also use such information for statistical purposes towards improvement of our website design and layout. These data will not be used with reference to a person. Pursuant to Article 6 (1) f) GDPR, our legitimate interest for processing lies in the reliability and functionality of the website.

The following dataset will be stored on each retrieval specifically:

  • Name of the retrieved file
  • Date and time of retrieval
  • Transmitted data volume
  • Message whether retrieval was successful
  • Description of the type of Web browser used
  • Requesting domain
  • Country of domain origin

c. Creating a user profile (registration)

You may register on our website and create a user profile. Following your registration on our website we will collect and use the data your Internet browser transmits automatically together with the data below. Depending on processing requirement, this data is identified as mandatory or optional:

  • Date and time of registration
  • Your first name and surname / company name
  • Date of birth
  • Your e-mail address
  • Your phone number

The legal basis of data processing pursuant to Article 6 (1) a) and e) GDPR is the consent of the affected parties.

5. Use of Cookies and analysis tools

a. Cookies

We use Cookies on our website. Cookies are small text files our Web server sends to your computer to store certain information (e.g. attributes for identification).

If you use our website anonymously, Cookies will be used for statistical analysis of usage, including recording of new and recurring visits. We also use Cookies to assess the extent to which free content is used. To determine this figure our website will send a Unit ID to your browser. This is an anonymous code used exclusively to establish the free content that has been used already.

When you visit our website under your user profile, Cookies will be used to identify your browser for the duration of your visit, including the various Web pages you visited.

Our website can also be used without storing Cookies. You can block the storage of Cookies in your browser settings or tell your browser to inform you when a Web page intends to store Cookies. You will then decide to accept or reject Cookie storage. For our website to remain fully functional it is necessary for technical reasons, however, that storage of temporary Cookies will not be blocked. Even when Cookies are deactivated, our website will send the described Unit ID to your browser to determine the usage of free content. The legitimate interest pursuant to Article 6 (1) f) GDPR is the legal basis here.

Refer to the Help pages in your Internet browser for further information on blocking of Cookies. For example, look under windows.microsoft.com for Windows Internet Explorer and under support.mozilla.com for Firefox.

b. Matomo

Matomo, an Open Source Web Analysis tool (https://matomo.org), will on this website collect and store data for optimisation purposes. These data may be used to create user profiles under pseudonyms. Cookies may be used here. Cookies are small text files stored locally in the website visitor’s Internet browser buffer. Cookies will allow recognition of the returning Internet browser. The data collected by Matomo will not be used to personally identify visitors to this website unless with the consent of the affected party and will also not be linked to personal data via the owner of the pseudonym.

You may decide here whether a unique Web analysis Cookie may be stored in your browser, allowing the website operator to capture and analyse various statistical data. Should you decide against this, click the following link to store the Matomo deactivation Cookie in your browser.

c. Google Analytics

The Bundesanzeiger Verlag uses Google Analytics, a Web analysis service by Google Inc. (hereinafter referred to as "Google Analytics"). Google Analytics uses cookies (small text files) stored on your computer by a server on the Internet to allow the analysis of your use of our website. The information about your use of this website, recorded by cookies, will normally be transmitted to a Google server in the US for storage. The transmitted IP address will not be linked to other Google data. Our Order Data Processing Contract with Google obligates the latter to use your data compliant with data protection regulations. Since we have activated IP anonymisation as standard on this website, Google will, in EU member states or other member countries under the Treaty of the European Economic Area, abbreviate your IP address before transmission.

To guarantee anonymized IP addresses (IP masking), Google Analytics has the extension “anonymizeIp” on this website. Google will on behalf of the operator of this website use this information to assess your use of the website, to compile reports on website activities for the website operator and possibly to provide further services associated with website and Internet usage, specifically also including functions for display advertising and remarketing reports on impressions in the Google Display network, integration of the DoubleClick Campaign Manager or Google Analytics reports on the performance by demographic characteristics and interests. Google may also pass on this information to third parties where mandatory or for processing of such data on behalf of Google. Such usage will be anonymised or pseudonymised. You may prevent the storage of cookies by setting your browser software to block this; we point out, however, that some website functions would in this case be restricted. Using our website implies your consent that Google may process your captured personal data in the prescribed manner and for the purposes above. Objections: You can at any time and with future effect block the cookie capturing data about your use of the website (incl. your IP address) and forwarding these to Google for processing by downloading and installing a browser plugin available at: http://tools.google.com/dlpage/gaoptout?hl=en. You may prevent Google Analytics capturing your data by clicking on the link below. An Opt-Out cookie will be placed to prevent capture of your data when you visit this website in future: Deactivate trackingTracking has been disabled ✔

We also use Google Analytics to evaluate AdWords data for statistical purposes. You may disable this via the Ad Preferences Manager should you object (http://www.google.com/settings/ads/onweb/?hl=de). For further information visit http://www.google.com/analytics/terms/de.html (general information on Google Analytics and data privacy) and https://www.google.de/intl/de/policies/. You may disable display advertising at Google Analytics and adapt advertisements in the Google Display network by calling up display settings: www.google.de/settings/ads. Visit: http://www.google.com for further information on Google Inc. and Google Analytics. The Google Data Privacy Statement is available at: http://www.google.com/intl/de/privacypolicy.html#information A legitimate interest in processing pursuant to Art. 6 (1) (f) GDPR would constitute legal grounds for data processing. This is based on maintenance of the functionality of the application and the processing of personal data for direct advertising purposes (Recital 47 GDPR).

6. Your rights / contact details / objection

Objection and revocation

You may object to the use of your data without prior consent at any time, with future effect.

We point out that you may also at any time revoke (even partially) any consent you may have given, with future effect. In this case, send an e-mail to

Data Privacy Officer, Bundesanzeiger Verlag GmbH, Amsterdamer Straße 192, 50735 Cologne, Tel.: +49 (0) 2 21 / 9 76 68-0, dsb(at)bundesanzeiger.de

You also have the following rights:

  • Article 13, 14 EU-GDPR – Right to information
  • Article 15 EU GDPR – Right of access: We shall gladly on request inform you about your stored personal data. The information will be in text form. Contact – see below.
  • Article 16 EU GDPR – Right to rectification
  • Article 17 EU GDPR – Right to erasure, with restrictions, especially Art. 17 (3) b)
  • Article 18 EU GDPR – Right to restriction of processing
  • Article 19 EU GDPR – Notification
  • Article 20 EU GDPR – Right to data portability
  • Article 21 EU GDPR – Objection
  • Article 22 EU GDPR – Automated individual decision-making, including profiling
  • Article 23 EU GDPR – Restrictions
  • Article 77 EU GDPR – Right to lodge a complaint

The registration authority processes personal and other data on this website to meet its statutory obligations, to perform its official responsibilities and to exercise its public authority. Legislature has furthermore promulgated various obligations and periods of retention e.g. § 147 Abgabenordnung. Erasure of data will be subject exclusively to these statutory provisions.

Note:

We endeavour to take technical and organisational steps allowing us to store your personal data in a way to render them inaccessible to third parties. Since we cannot guarantee full data security during communication by e-mail, we recommend mailing confidential information by post.

7. Scope

This Data Privacy Statement is applicable to the domain www.leireg.de.

8. Amendments and currentness of this Data Privacy Statement

Amendments to the Data Privacy Statement will be published on this website and will apply from the date of publication. The intended use of these data will not change unless by consent.

This Data Privacy Statement is dated 25 May 2018 and currently valid.

9. Definition / Glossary

“Anonymisation” means that personal data will be changed such that personal or material details cannot be assigned to a specific or determinable natural person unless with unreasonably high cost of time, effort and labour.

“Personal data” comprise all information referring to a specific or determinable natural person (“affected person”); a determinable person is a person who can be directly or indirectly identified, especially by linking to identifiers such as name, identification number and other special characteristics describing physical, physiological, genetic, mental, economic, cultural or social identity.

A “Responsible body” is any person or entity collecting, processing or using personal data for own purposes or commissions others to do so.

“Special types of personal data” is defined as data on racial and ethnic origin, political opinions, religious or philosophical convictions, trade union memberships, health or sex life.

“Consent by the affected person” constitutes any clear statement of the person’s wish, given without coercion, relating to a particular case and cognizant of the situation, by way of a statement or other clear action, whereby the affected person demonstrates that he/she agrees to processing of the specific personal data.

A “Recipient” is any person or entity receiving data. A “Third party” is any person or entity external to the responsible body. The affected persons or entities or persons and entities commissioned to collect, process or utilise personal data inland, in another member state of the European Union or in another member country under the Treaty of the European Economic Area are not deemed third parties.

“Collection” is defined as the acquisition of data about the affected person or entity.

A “third party“ is a natural or legal person, public authority, institution or body other than the affected person, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data;

“Pseudonymization” is defined as the substitution of the name and other identifying features with a code designed to exclude or considerably complicate identification of the entity concerned.

„Company” is every natural person and legal entity performing a commercial activity, irrespective of its legal form, including private companies or associations carrying out regular commercial activities.

“Group of companies” is a group comprising a controlling company and its dependent companies.

“Processing” is defined as storing, changing, transmitting, blocking and deleting personal data. The following definitions also apply, irrespective of the processes used:

  1. Storage – the acquisition, recording or storing of personal data on data carriers for purposes of further processing or use,
  2. Changing – the editing of stored personal data,
  3. Transmission – the disclosure to third parties of stored personal data or personal data obtained through data processing, in a manner to allow
    a) passing on the data to a third party or
    b) third parties to view or retrieve the data
  4. Blocking – marking stored personal data to restrict their further processing or utilisation,

“Deletion” – rendering stored personal data not recognisable.

10. Amicable online dispute resolution

The European Commission provides a platform for amicable online dispute resolution (OS platform) at http://ec.europa.eu/consumers/odr/. We point out that we do not participate in dispute resolution before a consumer dispute resolution authority.