• Mehr als 3 Millionen Wörter Inhalt
  • |
  • info@itmedialaw.com
  • |
  • Tel: 03322 5078053
Rechtsanwalt Marian Härtel - ITMediaLaw

No products in the cart.

  • en English
  • de Deutsch
  • Informationen
    • Ideal partner
    • About lawyer Marian Härtel
    • Quick and flexible access
    • Principles as a lawyer
    • Why a lawyer and business consultant?
    • Focus areas of attorney Marian Härtel
      • Focus on start-ups
      • Investment advice
      • Corporate law
      • Cryptocurrencies, Blockchain and Games
      • AI and SaaS
      • Streamers and influencers
      • Games and esports law
      • IT/IP Law
      • Law firm for GMBH,UG, GbR
      • Law firm for IT/IP and media law
    • The everyday life of an IT lawyer
    • How can I help clients?
    • Testimonials
    • Team: Saskia Härtel – WHO AM I?
    • Agile and lean law firm
    • Price overview
    • Various information
      • Terms
      • Privacy policy
      • Imprint
  • Services
    • Support and advice of agencies
    • Contract review and preparation
    • Games law consulting
    • Consulting for influencers and streamers
    • Advice in e-commerce
    • DLT and Blockchain consulting
    • Legal advice in corporate law: from incorporation to structuring
    • Legal compliance and expert opinions
    • Outsourcing – for companies or law firms
    • Booking as speaker
  • News
    • Gloss / Opinion
    • Law on the Internet
    • Online retail
    • Law and computer games
    • Law and Esport
    • Blockchain and web law
    • Data protection Law
    • Copyright
    • Labour law
    • Competition law
    • Corporate
    • EU law
    • Law on the protection of minors
    • Tax
    • Other
    • Internally
  • Podcast
    • ITMediaLaw Podcast
  • Knowledge base
    • Laws
    • Legal terms
    • Contract types
    • Clause types
    • Forms of financing
    • Legal means
    • Authorities
    • Company forms
    • Tax
    • Concepts
  • Videos
    • Information videos – about Marian Härtel
    • Videos – about me (Couch)
    • Blogpost – individual videos
    • Videos on services
    • Shorts
    • Podcast format
    • Third-party videos
    • Other videos
  • Contact
Kurzberatung
  • Informationen
    • Ideal partner
    • About lawyer Marian Härtel
    • Quick and flexible access
    • Principles as a lawyer
    • Why a lawyer and business consultant?
    • Focus areas of attorney Marian Härtel
      • Focus on start-ups
      • Investment advice
      • Corporate law
      • Cryptocurrencies, Blockchain and Games
      • AI and SaaS
      • Streamers and influencers
      • Games and esports law
      • IT/IP Law
      • Law firm for GMBH,UG, GbR
      • Law firm for IT/IP and media law
    • The everyday life of an IT lawyer
    • How can I help clients?
    • Testimonials
    • Team: Saskia Härtel – WHO AM I?
    • Agile and lean law firm
    • Price overview
    • Various information
      • Terms
      • Privacy policy
      • Imprint
  • Services
    • Support and advice of agencies
    • Contract review and preparation
    • Games law consulting
    • Consulting for influencers and streamers
    • Advice in e-commerce
    • DLT and Blockchain consulting
    • Legal advice in corporate law: from incorporation to structuring
    • Legal compliance and expert opinions
    • Outsourcing – for companies or law firms
    • Booking as speaker
  • News
    • Gloss / Opinion
    • Law on the Internet
    • Online retail
    • Law and computer games
    • Law and Esport
    • Blockchain and web law
    • Data protection Law
    • Copyright
    • Labour law
    • Competition law
    • Corporate
    • EU law
    • Law on the protection of minors
    • Tax
    • Other
    • Internally
  • Podcast
    • ITMediaLaw Podcast
  • Knowledge base
    • Laws
    • Legal terms
    • Contract types
    • Clause types
    • Forms of financing
    • Legal means
    • Authorities
    • Company forms
    • Tax
    • Concepts
  • Videos
    • Information videos – about Marian Härtel
    • Videos – about me (Couch)
    • Blogpost – individual videos
    • Videos on services
    • Shorts
    • Podcast format
    • Third-party videos
    • Other videos
  • Contact
Rechtsanwalt Marian Härtel - ITMediaLaw

Data protection information according to DSGVO/GDPR

7. November 2022
in Data protection Law
Reading Time: 4 mins read
0 0
A A
0
privacy policy 3415417 640

One of my clients recently received a large data protection request regarding his personal data. Since I do advise my clients to evaluate whether privacy disclosures are really genuine or just used to “cause trouble”, but I am personally already convinced that genuine privacy is also important, I would like to share some of that in this post as well.

 

Dear Sir or Madam:

I am writing to you in your capacity as data protection officer for your company. I am a customer of yours, and in light of recent events, I am making this request for access to personal data pursuant to Article 15 of the General Data Protection Regulation.

[…]

I am attaching a copy of the documentation required to verify my identity. If you need more information, please contact me at my address above.

I would first like to inform you that I expect a response to my request within one month in accordance with Article 12, otherwise I will forward my request to the appropriate data protection authority with a letter of complaint.#

The following information was then requested:

1. please confirm whether or not my personal data will be processed. If so, please let me know the categories of personal data you have about me in your files and databases.

a. Specifically, please tell me what you know about me in your information systems, whether or not they are in databases, including email, documents on your networks, or voice or other media you may store.

b. Please additionally inform me in which countries my personal data is stored or accessible. If you use cloud services to store or process my data, please indicate the countries where the servers are located where my data is or has been stored (in the last 12 months).

c. Please provide me with a copy of or access to my personal data that you have or are processing.

2. please provide me with a detailed account of the specific uses you have made, are making, or will make of my personal information.

3. please provide a list of all third parties to whom you have (or may have) disclosed my personal information.

a. If you cannot identify with certainty the specific third parties to whom you have disclosed my personal information, please provide a list of the third parties to whom you may have disclosed my personal information.

b. Please also identify which jurisdictions you have identified in 1(b) above, those third parties to whom you have disclosed or may have disclosed my personal information, from which those third parties have stored or may access my personal information. Please also provide information about the legal basis for the transfer of my personal information to these jurisdictions. If you have done or are doing so based on appropriate safeguards, please provide a copy.

c. In addition, I would like to know what safeguards have been put in place with respect to these third parties that you have established in connection with the transfer of my personal information.

4. please tell me how long you will retain my personal information, and if retention is based on category of personal information, please indicate how long each category will be retained.

So far, so good. It could be tricky for clients with the following problems, because regularly it will hardly be possible, or only with great effort, to provide the following information.

5. if you collect additional personal data about me from a source other than me, please provide me with any information about its origin in accordance with Article 14 of the GDPR.

6

. if you make automated decisions about me, including profiling, whether or not on the basis of Article 22 of the GDPR, please inform me of the basis for the logic involved in making such automated decisions and the significance and consequences of such processing.

And the other points hopefully hardly apply to anyone. It would probably be better if everything possible was done technically to avoid having to answer questions 7+ in the first place.

7. I would like to know whether or not my personal information has been shared by your company in the past by mistake or due to a security or privacy breach.

a. If yes, please provide me with the following details about each violation:

i. a general description of what happened;

ii. the date and time of the breach (or best estimate);

iii. the date and time the violation was discovered;

iv. the source of the breach (either your own company or a third party to whom you have transferred my personal data);

v. Details of my personal data that have been disclosed;

vi. your company’s assessment of the risk of harm to myself as a result of the breach;

vii. a description of the measures taken or to be taken to prevent further unauthorized access to my personal data;

viii. Contact information so that I may obtain further information and assistance in connection with such breach; and

ix. Information and advice about what I can do to protect myself against any harm, including identity theft and fraud.

 

[…]

Understandable, but also a good sign for a troll are then these questions:

a. Please tell me if you have backed up my personal information on tape, disk, or other media, where it is stored, and how it is secured, including the measures you have taken to protect my personal information from loss or theft and whether this includes encryption.

b. Please also tell me if you have technology that allows you to know with reasonable certainty whether or not my personal information has been disclosed, including but not limited to the following:

i. Burglar alarms;

ii. Firewall technologies;

iii. Access and identity management technologies;

iv. Database audit and/or security tools; or,

v. Behavioral analysis tools, log analysis tools, or audit tools;

9. With regard to employees and contractors, we draw your attention to the following points:

a. What technologies or business practices do you have in place to ensure that individuals within your organization are monitored to ensure that they do not intentionally or unintentionally disclose personal information outside of your organization, via email, webmail or instant messaging, or otherwise?

b. In the last twelve months, have there been any circumstances in which employees or contractors have been terminated and/or prosecuted for improper access to my personal information, or if you cannot determine this with customers?

c. Please tell me what training and awareness measures you have in place to ensure that employees and contractors access and process my personal data in accordance with the General Data Protection Regulation.

 

Since this or similar letters are currently circulating on the Internet, you should think carefully about how to deal with such requests. It is currently difficult to say whether data protection authorities in Germany will intervene or issue warnings if such requests, which are probably justified in theory, are simply not answered.

Although there are possibilities and also arguments for refusing to answer at least a large part of the questions, this should certainly be coordinated with the company’s own data protection officer or legal advisor.

Marian Härtel
Author: Marian Härtel

Marian Härtel ist Rechtsanwalt und Fachanwalt für IT-Recht mit einer über 25-jährigen Erfahrung als Unternehmer und Berater in den Bereichen Games, E-Sport, Blockchain, SaaS und Künstliche Intelligenz. Seine Beratungsschwerpunkte umfassen neben dem IT-Recht insbesondere das Urheberrecht, Medienrecht sowie Wettbewerbsrecht. Er betreut schwerpunktmäßig Start-ups, Agenturen und Influencer, die er in strategischen Fragen, komplexen Vertragsangelegenheiten sowie bei Investitionsprojekten begleitet. Dabei zeichnet sich seine Beratung durch einen interdisziplinären Ansatz aus, der juristische Expertise und langjährige unternehmerische Erfahrung miteinander verbindet. Ziel seiner Tätigkeit ist stets, Mandanten praxisorientierte Lösungen anzubieten und rechtlich fundierte Unterstützung bei der Umsetzung innovativer Geschäftsmodelle zu gewährleisten.

Tags: AnalyseBankE‑mailEntscheidungenInformationinternetMailManagementPersonal dataPrivacyRegulationServerSicherheit

Weitere spannende Blogposts

Influencer jurisprudence: OLG Munich vs. the rest of Germany?

Frankfurt district court a.M. softens influencer jurisdiction
7. November 2022

Did Cathy Hummels advertise on her Instagram profile as an influencer? This question was addressed by the Munich Higher Regional...

Read moreDetails

Legal consequences of violations of poaching rules in e-sports

Legal consequences of violations of poaching rules in e-sports
31. January 2023

Introduction Esports is a growing phenomenon that is attracting more and more followers worldwide. However, as its popularity grows, various...

Read moreDetails

New draft eu ePrivacy Regulation available

neuer entwurf der eprivacy verordnung der eu verfuegbar
31. October 2019

The EU's ePrivacy Regulation was supposed to be adopted together with the GDPR last year, but endless debates continue to...

Read moreDetails

Digital and collaborative contract creation

Why are contracts important?
7. November 2022

In addition to the client portal (see this article), I am finalizing a collaborative contract creation portal for a near-term...

Read moreDetails

The OLG Frankfurt fathoms the “shitstorm

The OLG Frankfurt fathoms the “shitstorm
7. November 2022

There are always judgments that make even a longtime lawyer smile. For example, the Higher Regional Court of Frankfurt am...

Read moreDetails

Attention: Vouchers to existing customers can be advertising!

Attention: Vouchers to existing customers can be advertising!
12. December 2018

In the case of a gaming chair, the District Court of Frankfurt (Az.: 2-03 O 372/17) has decided that sending...

Read moreDetails

Liability risks for esports teams when working with pseudo-self-employed players

Liability risks for esports teams when working with pseudo-self-employed players
13. December 2022

Introduction: Why are esports teams vulnerable to liability risks from independent players? Esports teams are at high risk when working...

Read moreDetails

Darknet soon to be criminally relevant?

Abusive warnings are punishable by law
7. November 2022

As it currently looks, a § 126a will probably soon be added to the penal code. This shall read as...

Read moreDetails

BGH on Liability for Video Uploads of Third Parties

copyright
19. June 2019

The Federal Court of Justice has delivered an interesting verdict on the question of liability for video uploads of third...

Read moreDetails
Eigentum an Software – Wem gehört eigentlich der Code?
Copyright

Eigentum an Software – Wem gehört eigentlich der Code?

14. July 2025

Während ich an meinem eigenen WordPress-Plugin code, taucht immer wieder eine Frage auf: Gehört mir diese Software wirklich? Im Alltagsverständnis...

Read moreDetails
Startup ohne Entwickler?

Startup ohne Entwickler?

8. July 2025
Keine stillschweigende AGB-Änderung – Schweigen gilt nicht als Zustimnung

Keine stillschweigende AGB-Änderung – Schweigen gilt nicht als Zustimnung

7. July 2025
So langsam nimmt der Shop Form an

So langsam nimmt der Shop Form an

3. July 2025
Dark Patterns: UX-Tricks im Visier von Gesetzgeber und Gerichten

Dark Patterns: UX-Tricks im Visier von Gesetzgeber und Gerichten

2. July 2025

Podcastfolge

Digitale Souveränität: Europas Weg in eine selbstbestimmte digitale Zukunft

Digitale Souveränität: Europas Weg in eine selbstbestimmte digitale Zukunft

12. November 2024

In dieser spannenden Episode des itmedialaw.com Podcasts tauchen wir tief in das hochaktuelle Thema der digitalen Souveränität ein. Vor dem...

Read moreDetails
Das Metaverse – Rechtliche Herausforderungen in virtuellen Welten

Das Metaverse – Rechtliche Herausforderungen in virtuellen Welten

25. September 2024
Die Rolle des IT-Rechtsanwalts

Die Rolle des IT-Rechtsanwalts

5. September 2024
“Digitales Recht Entschlüsselt” mit Rechtsanwalt Marian Härtel

“Digitales Recht Entschlüsselt” mit Rechtsanwalt Marian Härtel

25. September 2024
7c0b449a651fe0b81e5eec2e23515012 2

Urheberrecht im Digitalen Zeitalter

22. December 2024

Video

Mein transparente Abrechnung

Mein transparente Abrechnung

10. February 2025

In diesem Video rede ich ein wenig über transparente Abrechnung und wie ich kommuniziere, was es kostet, wenn man mit...

Read moreDetails
Faszination zwischen und Recht und Technologie

Faszination zwischen und Recht und Technologie

10. February 2025
Meine zwei größten Herausforderungen sind?

Meine zwei größten Herausforderungen sind?

10. February 2025
Was mich wirklich freut

Was mich wirklich freut

10. February 2025
Was ich an meinem Job liebe!

Was ich an meinem Job liebe!

10. February 2025
  • Privacy policy
  • Imprint
  • Contact
  • About lawyer Marian Härtel
Marian Härtel, Rathenaustr. 58a, 14612 Falkensee, info@itmedialaw.com

Marian Härtel - Rechtsanwalt für IT-Recht, Medienrecht und Startups, mit einem Fokus auf innovative Geschäftsmodelle, Games, KI und Finanzierungsberatung.

Welcome Back!

Login to your account below

Forgotten Password? Sign Up

Create New Account!

Fill the forms below to register

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In
  • Informationen
    • Ideal partner
    • About lawyer Marian Härtel
    • Quick and flexible access
    • Principles as a lawyer
    • Why a lawyer and business consultant?
    • Focus areas of attorney Marian Härtel
      • Focus on start-ups
      • Investment advice
      • Corporate law
      • Cryptocurrencies, Blockchain and Games
      • AI and SaaS
      • Streamers and influencers
      • Games and esports law
      • IT/IP Law
      • Law firm for GMBH,UG, GbR
      • Law firm for IT/IP and media law
    • The everyday life of an IT lawyer
    • How can I help clients?
    • Testimonials
    • Team: Saskia Härtel – WHO AM I?
    • Agile and lean law firm
    • Price overview
    • Various information
      • Terms
      • Privacy policy
      • Imprint
  • Services
    • Support and advice of agencies
    • Contract review and preparation
    • Games law consulting
    • Consulting for influencers and streamers
    • Advice in e-commerce
    • DLT and Blockchain consulting
    • Legal advice in corporate law: from incorporation to structuring
    • Legal compliance and expert opinions
    • Outsourcing – for companies or law firms
    • Booking as speaker
  • News
    • Gloss / Opinion
    • Law on the Internet
    • Online retail
    • Law and computer games
    • Law and Esport
    • Blockchain and web law
    • Data protection Law
    • Copyright
    • Labour law
    • Competition law
    • Corporate
    • EU law
    • Law on the protection of minors
    • Tax
    • Other
    • Internally
  • Podcast
    • ITMediaLaw Podcast
  • Knowledge base
    • Laws
    • Legal terms
    • Contract types
    • Clause types
    • Forms of financing
    • Legal means
    • Authorities
    • Company forms
    • Tax
    • Concepts
  • Videos
    • Information videos – about Marian Härtel
    • Videos – about me (Couch)
    • Blogpost – individual videos
    • Videos on services
    • Shorts
    • Podcast format
    • Third-party videos
    • Other videos
  • Contact
  • en English
  • de Deutsch
Kostenlose Kurzberatung