Data protection
Overview
- I. Privacy policy
- II. Information on data protection for members an other beneficiaries of the pension scheme of laywers in the state of Hesse
- III. Reporting office
- IV. Member portal
I. Privacy policy
The protection of your personal data is very important for the pension scheme of lawyers in the state of Hesse. This applies both to our daily work and to our Internet offering. In order to make you feel safe when you visit our website, we would like to inform you at this point about how we implement the data protection regulations in our Internet offers.
Personal data
Personal data are details of personal or factual circumstances of an identified or identifiable natural person. This includes information such as your name, address, date of birth or telephone number. Information that cannot be directly associated with your identity is not personal data (e.g. number of users of a page).
Collection and processing of personal data
When you visit our website, the following data is stored by our internet provider in a log file:
- Page accessed
- Date and time
- Identification data of the browser and operating system type used
This data, which is collected for the functionality of our website, is not personal; you remain anonymous as an individual user. In addition, personal information will not be collected, unless this information is voluntarily provided by you via the contact form. Consent given in this context can be revoked at any time.
Use and disclosure of personal data
The use of any personal data provided by you takes place exclusively for the fulfilment of our legal tasks. A transfer to other third parties will not take place. Your personal data will not be transmitted to states or to international organisations outside the European Union.
Cookies/Plugins
We do not use cookies on our website.
This page uses the Google Maps map service via an API. The provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. To use the functions of Google Maps, it is necessary to store your IP address. This information is usually transmitted to a Google server in the USA and stored there. The provider of this site has no influence on this data transfer. The use of Google Maps takes place in the interest of an appealing presentation of our online offers and for an easy findability of the locations indicated by us on the website. This constitutes a legitimate interest within the meaning of Article 6(1) lit. f GDPR. For more information on how to handle user data, see Google’s privacy policy: https://www.google.de/intl/de/policies/privacy/.
Plugins of the social network Facebook, 1601 South California Avenue, Palo Alto, CA 94304, USA are integrated on our pages. You can recognise the Facebook plugins by the Facebook logo or the “Like button” (“Like”) on our page. An overview of the Facebook plugins can be found here: http://developers.facebook.com/docs/plugins/. When you visit our pages, the plugin establishes a direct connection between your browser and the Facebook server. Facebook receives the information that you have visited our site with your IP address. If you click on the Facebook “Like” button while you are logged in to your Facebook user account, you can link the content of our pages to your Facebook profile. This allows Facebook to assign your visit to our pages to your user account. We would like to point out that, as the provider of the pages, we do not receive any knowledge of the content of the data transmitted or its use by Facebook. Further information on this can be found in the Facebook privacy statement at http://de-de.facebook.com/policy.php. If you do not want Facebook to be able to assign your visit to our pages to your Facebook user account, please log off from your Facebook user account.
On our pages are plugins of the social network Google Plus, which is operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). You can recognise the Google Plus plugins by the “g+” logo on our site. We have no influence on the scope of data that Google collects with the button. According to Google, no personal data is collected without a click on the button. Only with registered members, such data, including the IP address, is collected and processed. The purpose and scope of the data collection and the further processing and use of the data by Google as well as your rights and settings for the protection of your privacy can be found by the users of Google’s privacy notices to the “g+” button: http://www.google.com/intl/de/+/policy/+1button.html and the frequently asked questions: http://www.google.com/intl/de/+1/button/. If you are a Google Plus member or have registered with Google and do not want Google to collect data about you when you access our website and link it to your member data stored by Google, you must log out of Google Plus or Google before visiting our website.
Functions of the Twitter service are integrated on our pages. These features are offered by Twitter, Inc. 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. By using Twitter and the “Re-Tweet” function, the websites you visit will be linked to your Twitter user account and made known to other users. Data is also transmitted to Twitter. We would like to point out that, as the provider of the pages, we do not receive any knowledge of the content of the data transmitted or its use by Twitter. Further information on this can be found in the Twitter privacy statement at http://twitter.com/privacy. You can change your Twitter privacy settings in the account settings at http://twitter.com/account/settings.
External links
This website contains links to third-party websites on whose contents the utility works has no influence. We assume no liability for these third-party pages. Compliance with the data protection regulations is exclusively the responsibility of the operators of the respective websites.
Further information
Information on your rights as a data subject can be found here. For further questions on data protection, please contact our Data Protection Officer (Contact: pension scheme of laywers in the state of Hesse/Data protection officer/Bockenheimer Landstraße 23/60325 Frankfurt am Main).
II. Information on data protection for members and other beneficiaries of the pension scheme of laywers in the state of Hesse
(Notes according to Article 13 General Data Protection Regulation (GDPR) and § 31 Hessian Data Protection and Freedom of Information Act (HDSIG))
With the following information, we would like to give you an overview of the processing of your personal data by the legal services of the lawyers in the Land of Hesse (hereinafter: In accordance with the EU General Data Protection Regulation (GDPR) applicable from 25 May 2018, in conjunction with the Hessian Data Protection and Freedom of Information Act (HDSIG), as well as about your rights in this regard.
1. Who is responsible for data processing and who can I contact?
a. Responsible body:
Pension scheme of lawyers in the state of Hesse
Public corporation
Bockenheimer Landstraße 23
60325 Frankfurt am Main
Phone: +49 69 / 71 37 67 - 0
b. Data protection officer:
Pension scheme of lawyers in the state of Hesse
Public corporation
Data protection officer
Bockenheimer Landstraße 23
60325 Frankfurt am Main
Phone: +49 69 / 71 37 67 - 0
2. For what purpose do we process your data and on what legal basis this is done?
a. To fulfill a legal obligation (Article 6 Paragraph 1 lit. c GDPR)
The purpose of our data processing results from the law on the Hessian lawyer supply (Hess.RAVG) of December 16, 1987, last amended by Article 7 of the eleventh law to extend the period of validity and amendment of legal provisions of October 5, 2017 (GVBl. No. 20 of October 11, 2017, page 294). According to this, the pension fund has the task of providing its members and other beneficiaries with care in accordance with the Hess. RAVG and the statutes of the pension scheme.
The benefits of the pension scheme include:
- Ritirement pension
- Invalidity pension
- Survivor’s pension
- Reimbursement of contributions
- Transfer of contributions to other sources
- Capital relief for surviving spouses or life partners
- Capital relief for members
- Grants for rehabilitation
The legal authorisation for the processing of personal data by the supply plant arises in addition to the Hess. RAVG from HDSIG.
b. On the basis of your consent (Article 6 para. 1 lit. a GDPR)
In order to ensure the best possible protection of personal data, the utility does not communicate with its members and other beneficiaries via the Internet in the context of the fulfilment of its legal tasks. However, you have the possibility to contact us via the contact form on our website. In this case, the data processing of the supply plant is based on your separately granted consent to the data protection declaration.
3. Who gets my data?
Within the utility company, only those bodies will have access to your data, which they need to fulfil our legal obligations.Categories of recipients of personal data outside the utility are:
- Processors used by us (Article 28 GDPR), in particular in the areas of IT and telecommunications services, printing services as well as archiving and disposal;
- Other public bodies and institutions (e.g. bar associations, pensions in other federal states, Deutsche Rentenversicherung Bund, health insurance, administrative, social and family courts, enforcement authorities).
In any case, a transfer takes place only within the legally permissible framework.
4. Are data transmitted to a third country or an international organisation?
No. We do not transfer your data to states or to international organisations outside the European Union.
5. Data transmission to the German pension insurance
The electronic data exchange between the institutions of the pension insurance and the professional pension institutions takes place via the acceptance point of the professional pension institutions (DASBV) and the data center of the German pension insurance. The legal basis for the data processing for the pension fund results from Section 6 (1) lit. c and lit. e GDPR: According to Section 6 (2) sentence 7 SGB VI, the pension fund is legally obliged to carry out electronic data exchange, and is also the exchange of data is necessary to fulfill the statutory obligation to the pension fund that is in the public interest. The transmission takes place using the data record "Application for exemption from compulsory insurance in statutory pension insurance" in accordance with the so-called "Common principles for the electronic application procedure for exemption from compulsory pension insurance in accordance with § 6 Para. 2 Sentence 7 SGB VI of the German Pension Insurance and the working group professional pension schemes in the version of January 1st, 2023", which were approved by the Federal Ministry of Labor and Social Affairs on March 14th, 2022. The data record contains mandatory and voluntary information about the applicant, address, contact details, communication, employer, employment, exemption and compulsory membership in the professional chamber.
6. How long will my data be stored?
In principle, we only process your personal data for as long as is necessary for the fulfilment of our legal obligations and the associated purposes.
In addition, the pension scheme is subject to statutory storage obligations. These are based on the Ordinance on the Preservation of Legal Documents of 5 March 2012 and on the accounting rules governing the pension scheme as well as tax law and provide for retention periods of up to ten years.
Another criterion for the duration of the storage of personal data by the utilities are the relevant administrative procedural limitation periods, which are up to thirty years.
7. What data protection rights do I have?
Each data subject has the right to information pursuant to Article 15 of the GDPR in connection with § 33 HDSIG, to correction pursuant to Article 16 of the GDPR, to erasure pursuant to Article 17 of the GDPR in connection with § 34 HDSIG, to restriction of processing pursuant to Article 18 of the GDPR and – if the data processing is based on consent (see above in section 2 lit. b) – to data portability pursuant to Article 20 GDPR. In addition, there is a right to lodge a complaint with a competent data protection supervisory authority (Article 77 GDPR).
With regard to any consent given to the processing of personal data sent to us via our contact form (see above in section 2 lit. b), we would like to point out that this consent can be revoked at any time. The withdrawal of consent does not affect the legality of the data processed until the revocation.
8. Is there a duty for me to provide data?
Yes. The supply plant can be after the Hess. RAVGs require members and other beneficiaries to provide information necessary for the determination of membership and the nature and extent of the obligation to contribute or benefits. Without providing this data, there is a risk of economic disadvantages for you.
9. To what extent is there automated decision-making?
In principle, we do not use fully automated decision-making in accordance with Article 22 of the GDPR in the context of our tasks. However, individual administrative decisions can be drawn up and adopted automatically. This applies only to reminders and threats of enforcement in order to compensate for arrears. There is no assessment of personal aspects (so-called profiling according to Article 4(4) of the GDPR).
II. Reporting office
The pension fund has set up a whistleblower reporting center. If you submit a report to the reporting office, they will record the information you provide. This includes your personal information, if you disclose it, and typically the names and other personal information of the people you name in your report. Further information on how the reporting office handles your personal data can be found in the reporting office’s data protection declaration.
1. Categories of personal data we process
We receive a report from the reporting office which may contain the following personal data:
- Names and other personal data of the person providing the information only if the person providing the information does not wish to remain anonymous and agrees to the information being passed on to us;
- Names and other personal data resulting from the report of the persons named in the report
In the course of further clarification of the reported matter and further processing, further personal data may be collected and processed by us.
2. Purposes of data processing, legal basis
The processing of the data transmitted to us by the reporting office serves to process and manage reports of compliance violations, violations of legal regulations and violations in connection with our business operations.
The legal basis for the processing of your personal data as a reporting person is your consent, provided you disclose your identity and agree to the reporting office passing on your name to us (Article 6 Paragraph 1 Sentence 1 Letter a GDPR).
As far as matters are concerned that are subject to the Whistleblower Protection Act (HinSchG), Section 10 HinschG is the legal basis for the processing of the personal data of you as the person providing the information and of the person(s) affected by the information.
Outside the scope of the HinschG, the legal basis for processing your personal data and those affected by the report is our legitimate interest in detecting and preventing legal violations and misconduct (Article 6 Para. 1 Sentence 1 Letter f GDPR). If the data subject is an employee of ours, the legal basis for processing in the course of processing or further investigation of the reported matter is Section 23 HDSIG (processing for employment purposes) or Section 21 Paragraph 1 No. 4 HDSIG (processing to detect criminal offenses) and, if applicable, our legitimate interest described above (Article 6 Paragraph 1 Sentence 1 Letter f GDPR).
3. Disclosure to third parties
The confidential treatment of all reports and data by the reporting office is ensured at all times and in every processing step. This applies in particular to the personal data of the person providing the information and the person(s) affected by the information. Only individual, pre-determined, authorized persons who are obliged to act in a trustworthy manner have access to incoming reports and information about the processing of the report or follow-up measures.
As part of the educational measures and when asserting, exercising or defending legal claims, we may also rely on the support of law firms or auditing firms.
In addition, when clarifying and processing the reported facts, we may involve (technical) service providers who work for us as processors within the meaning of Article 28 GDPR and on the basis of corresponding agreements.
Despite maintaining confidentiality, personal data of the informing persons and those affected may come to the attention of authorities, courts or third parties in exceptional situations. This is the case if it is obligatory for us to pass on this information, such as in the context of an official investigation (e.g. as part of an investigation) or if this is necessary for the assertion, exercise or defense of legal claims. In addition, under certain conditions, we must also disclose the reported information to the persons affected by the report.
4. Duration of data storage
The personal data will be stored for as long as is necessary to clarify the report and the subsequent measures, if necessary, or for as long as there is a legitimate interest on our part, or as long as this is required by law. The data will then be deleted in accordance with legal requirements.
IV. Member portal
Terms of Use/Privacy Policy
Purpose of the member portal
Our digital member portal enables efficient member management and fast, paperless communication with you. You can use the portal
- apply for additional voluntary contributions,
- receive certificates of contributions and benefits,
- submit proof of income,
- Request information about the pension notification process,
- Communicate changes to your master data,
- receive pension information,
- Apply for exemption from compulsory insurance in the statutory pension insurance.
Use of the member portal
Use of the portal is voluntary and free of charge for you and can be revoked at any time. In order to use the portal, the activation of a so-called primary account is mandatory. To log in securely in the portal, you need your pension fund membership number as well as your identity card, your electronic residence permit or your EU eID card, which you can use to authenticate yourself via AusweisApp2.
Sicherheit und Schutz Ihrer personenbezogenen Daten
Wir betrachten es als unsere vorrangige Aufgabe, die Vertraulichkeit der von Ihnen bereitgestellten personenbezogenen Daten zu wahren und diese vor unbefugten Zugriffen zu schützen. Deshalb wenden wir äußerste Sorgfalt und modernste Sicherheitsstandards an, um einen maximalen Schutz Ihrer personenbezogenen Daten zu gewährleisten. Eine Weitergabe von personenbezogenen Daten an Dritte findet nicht statt.
Security and protection of your personal data
We consider it our primary task to maintain the confidentiality of the personal data you provide and to protect it from unauthorized access. That is why we apply the utmost care and the most modern security standards to ensure maximum protection of your personal data. Personal data will not be passed on to third parties.
Legal basis
The purpose of our data processing results from the law on the Hessian lawyer supply (Hess. RAVG) of December 16, 1987, last amended by Article 7 Eleventh Law on the Extension of the Period of Validity and Amendments to Legal Provisions of October 5, 2017 (GVBl. No. 20 dated October 11, 2017 page 294). The pension fund then has the task of providing its members and other beneficiaries with care in accordance with the Hess. RAVG and the statutes of the pension fund (Article 6 Para. 1 lit. c GDPR - to fulfill a legal obligation).
The legal basis for the data collection described below for using the member portal is Article 6 Paragraph 1 Letter a (processing based on consent) of the General Data Protection Regulation (GDPR).
Data collected regarding the use of the member portal
User-Agent
When you log in to our member portal, the following personal data is collected in the course of storing the user agent, which your browser transmits to us:
- Browser
- Browser version
- User interface used by the member app
- Session ID of the browser session
- operating system
- Operating system version
- Client screen resolution
- Resolution of the displaying browser
- Device Type (Mobile/Tablet/Desktop)
This information is stored anonymously and cannot be assigned to the member. The data is collected to analyze portal usage and only serves the purpose of responding to the needs of members.
Audit Log
We use the audit log to record user activities. The following data is logged:
- Date and time of registration
- user
- Message about successful registration
- Message about unsuccessful login
- IP address
- Document download
- Submitting a form
- Changes to master data
- Email sent
- SessionID of the browser session
- When using the logout function: date and time of logout
This type of security logging is used to track a user's activities and resolve any error messages.
Error Log
Error logs are used to record incorrect page views. The following data is logged:
- Stack trace
- Exception title
- user
- IP address
The stored data is used to correct the error. There is currently no error log being recorded.
Use of cookies
Cookies are used to provide our website. Cookies are text files that are stored on your device (PC, laptop, tablet, smartphone, etc.). Cookies are used for analytical purposes or to make the use of our offering more pleasant and convenient for you. A user's registration in the member portal is stored in a so-called session cookie. This serves to make the services of our website technically available to you. The cookie contains the following data in encrypted form:
- Browser
- User interface used by the member app
- SessionID of the browser session
After you log out, this session cookie is deleted. You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases. You can exclude the acceptance of cookies for certain cases or in general, as well as activate the automatic deletion of cookies when closing the browser. You can delete stored cookies using your web browser at any time. If cookies are deactivated, the functionality of this website may be restricted.
Rights of those affected
You have the right
- to request information about your personal data processed by us,
- to immediately request the correction of incorrect data or the completion of stored data,
- to request the deletion of the stored personal data,
- to request the restriction of the processing of your personal data if you dispute the accuracy of the data, the processing is unlawful but you refuse its deletion and we no longer need the data but you need it to assert, exercise or defend legal claims .
- to revoke your consent to us at any time,
- to complain to a supervisory authority of the pension scheme.
Legal action
You have the option of filing a lawsuit with the Frankfurt Administrative Court if you believe that your rights under the GDPR have been violated as a result of processing of your personal data that does not comply with the GDPR.
Currentness and changes to this usage and data protection declaration
This usage and data protection declaration is currently valid and is dated June 27, 2024. Due to the further development of our website or due to changed legal or official requirements, it may be necessary to make changes. The most current status can be accessed on the website at any time.
Responsible body
Pension scheme of lawyers in the state of Hesse
Public corporation
Bockenheimer Landstrasse 23
60325 Frankfurt am Main
telephone: + 49 69 713767 – 0
(Sub-)processors
- StratOz GmbH
- IGE B.V.
- Intercept B.V.
- Microsoft
Official data protection officer
Pension scheme of lawyers in the state of Hesse
Public corporation
The data protection officer
Bockenheimer Landstrasse 23
60325 Frankfurt am Main
telephone: + 49 69 713767 – 0