1. Purpose of Data Processing
The files you upload are processed for the purpose of fulfilling our advisory services. This includes, in particular, communication, collaboration, and internal organization within the scope of projects, contracts, or other business processes.
2. Legal Basis for Processing
Your data is processed based on:
- Art. 6(1)(b) GDPR, if processing is necessary for the performance of a contract or for pre-contractual measures,
- Art. 6(1)(f) GDPR, if there is a legitimate interest of Verbraucherzentrale Brandenburg e.V. in efficient and secure cooperation,
- Art. 6(1)(a) GDPR, if you voluntarily provide data and explicitly consent to its processing.
3. Data Recipients
- Internal: Only authorized employees of our organization have access to the uploaded files, as far as necessary for their tasks.
- External: Our service provider Microsoft Ireland Operations Limited provides a cloud-based working environment via Microsoft 365. Microsoft acts as a data processor in accordance with Art. 28 GDPR. Microsoft’s data protection and security standards apply (e.g., ISO/IEC 27001, GDPR-compliant data processing).
4. Data Retention Period
Files are stored as long as necessary to serve the intended purpose. If legal retention obligations exist (e.g., under commercial or tax law), we will store the data accordingly. Afterwards, the data will be deleted or anonymized.
You may delete your uploaded data at any time without providing a reason. Your personal folder on the data platform of Verbraucherzentrale Brandenburg will be automatically deleted no later than 90 days after the consultation date.
5. Data Transfer to Third Countries
In the context of using Microsoft 365, data may be transferred to third countries, particularly the USA. Microsoft ensures data protection through the conclusion of EU Standard Contractual Clauses (SCCs) and additional measures in accordance with Art. 46 GDPR. Furthermore, data is primarily processed in data centers within the EU. Microsoft Corporation is certified under the EU-U.S. Privacy Framework.
6. Your Rights
You have the right:
- to access your personal data stored by us (Art. 15 GDPR),
- to rectify incorrect data (Art. 16 GDPR),
- to erase your data, unless legal retention obligations applys (Art. 17 GDPR),
- to restrict processing (Art. 18 GDPR),
- to data portability (Art. 20 GDPR),
- to object to data processing (Art. 21 GDPR),
- and to withdraw your previously granted consent at any time, with future effect (Art. 7(3) GDPR).
7. Contact for Data Protection Inquiries
For questions or wish to exercise your rights, please contact our data protection officer:
Lars-Holger Krause
Barton & Bluhm KG
Eschenallee 32, 14050 Berlin
Phone: +49 30 513011533
Email: lars-holger.krause@bartonbluhm.de
8. Technical and Organizational Measures
Your data is protected by appropriate security measures, including:
- encryption during transmission (TLS/SSL),
- access controls and role management,
- regular security updates and monitoring,
- protection against unauthorized access using firewalls and authentication procedures.
